Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop is infected Help please


  • Please log in to reply
12 replies to this topic

#1 JamesGamm

JamesGamm

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 07 August 2013 - 09:06 PM

So.... Recently i've been infected. I think I may have been infected with the Zeus Virus or some kind of RAT. I've installed about 4-5 different Antiviruses in which none of them help. They all said that my laptop files were infected. That they were gonna remove those files in order to clear the infected. Well when It did that, it completely did what it said it was gonna do. It started removing all my games and files that were in the all the folders. Including stuff that are required to keep this laptop running or to even start it up. So I stopped the antivirus and uninstalled it. Did that for each antivirus that said the same thing over and over. Can anyone help me out? My laptop has been slowing down and I believe the internet is being affected by it too. Use to be running 20-35ms now im running 78 - 100 ms. Anyway... Please if its not to much to ask for..



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 07 August 2013 - 09:12 PM

Hello, first uninstall all but ONE AV and reboot.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 07 August 2013 - 09:46 PM

Alright regarding that i'm on the last step right now, i've been reading through the topics and i'm not sure if it will be alright to post all the logs from each step here.  Maybe i'm not understanding, or were would you like me to post them?



#4 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 08 August 2013 - 08:16 AM

Its been stuck here for the last 10hours.. http://gyazo.com/b5c62dc52f0dfd3df07ae2d8f0c90d7f

On the Q:/ ? Drive. Help please.



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 08 August 2013 - 12:49 PM

You can post what I ask for here.

Is that the ESET scan it can take longer than others.
Especially if it has to go thru drives A-Q.. that's a lot of drives
You can shut it down and start over.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 09 August 2013 - 12:12 AM

Its still stuck there, and its gonna be two days that it stays at 49% http://gyazo.com/84c72c8d3fa8ff1901f1694c4118611e

 

Yeah, its just frozen at 49% , same exact files been scanned, nothing more. Won't move anymore, 20hours is already by so I don't know what to do?


Edited by JamesGamm, 09 August 2013 - 04:54 AM.


#7 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 09 August 2013 - 05:23 PM

Alright well I can't afford to keep it on another day for 3 days. So ill just stop it and post the logs here..

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by JamesGamm (administrator) on 07-08-2013 at 19:18:20
Running from "C:\Users\JamesGamm\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Disconnected)
Atheros AR9485WB-EG Wireless Network Adapter = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : JamesGamm-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : DC-85-DE-06-52-69
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : DC-85-DE-04-CB-C9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7896:4cca:f641:551a%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, August 07, 2013 11:43:30 AM
   Lease Expires . . . . . . . . . . : Thursday, August 08, 2013 11:43:34 AM
   Default Gateway . . . . . . . . . : 10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 366773726
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-7A-72-39-30-85-A9-07-CA-D9
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
   Physical Address. . . . . . . . . : 30-85-A9-07-CA-D9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6535C70B-8A37-47D0-95CD-9330C80AEFC6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3451:3ee7:bbdd:704e(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3451:3ee7:bbdd:704e%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  10.0.0.1

Name:    google.com
Addresses:  2607:f8b0:4009:804::1008
      173.194.46.41
      173.194.46.39
      173.194.46.40
      173.194.46.33
      173.194.46.37
      173.194.46.35
      173.194.46.34
      173.194.46.32
      173.194.46.46
      173.194.46.38
      173.194.46.36


Pinging google.com [173.194.46.32] with 32 bytes of data:
Reply from 173.194.46.32: bytes=32 time=26ms TTL=55
Reply from 173.194.46.32: bytes=32 time=24ms TTL=55

Ping statistics for 173.194.46.32:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 26ms, Average = 25ms
Server:  UnKnown
Address:  10.0.0.1

Name:    yahoo.com
Addresses:  98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=42ms TTL=51
Reply from 98.138.253.109: bytes=32 time=61ms TTL=51

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 42ms, Maximum = 61ms, Average = 51ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...dc 85 de 06 52 69 ......Bluetooth Device (Personal Area Network)
 12...dc 85 de 04 cb c9 ......Atheros AR9485WB-EG Wireless Network Adapter
 11...30 85 a9 07 ca d9 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.5     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.5    281
         10.0.0.5  255.255.255.255         On-link          10.0.0.5    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.5    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.5    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 16     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 16     58 2001::/32                On-link
 16    306 2001:0:5ef5:79fd:3451:3ee7:bbdd:704e/128
                                    On-link
 12    281 fe80::/64                On-link
 16    306 fe80::/64                On-link
 16    306 fe80::3451:3ee7:bbdd:704e/128
                                    On-link
 12    281 fe80::7896:4cca:f641:551a/128
                                    On-link
  1    306 ff00::/8                 On-link
 16    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/06/2013 10:37:22 AM) (Source: Application Hang) (User: )
Description: The program Fiesta.bin version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fd8

Start Time: 01ce92cb50102983

Termination Time: 0

Application Path: C:\Program Files (x86)\Outspark\Fiesta\Fiesta.bin

Report Id: d30c6b86-febe-11e2-bab4-dc85de065269

Error: (08/06/2013 00:45:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0x1c9c
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/05/2013 06:53:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0x108c
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/04/2013 00:28:09 AM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Exception code: 0xc0000005
Fault offset: 0x002784d6
Faulting process id: 0x1bb0
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/03/2013 02:15:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0x17d8
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/03/2013 00:33:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f
Exception code: 0xc0000005
Fault offset: 0x00038dc9
Faulting process id: 0xbf8
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/03/2013 00:23:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: Fiesta.bin, version: 0.0.0.0, time stamp: 0x51f75835
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xeb0
Faulting application start time: 0xFiesta.bin0
Faulting application path: Fiesta.bin1
Faulting module path: Fiesta.bin2
Report Id: Fiesta.bin3

Error: (08/02/2013 03:09:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x38a1883d
Faulting process id: 0x1414
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3

Error: (08/02/2013 03:08:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x38a1883d
Faulting process id: 0x1414
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3

Error: (08/02/2013 03:07:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: gta_sa.exe, version: 0.0.0.0, time stamp: 0x427101ca
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x38a1883d
Faulting process id: 0x195c
Faulting application start time: 0xgta_sa.exe0
Faulting application path: gta_sa.exe1
Faulting module path: gta_sa.exe2
Report Id: gta_sa.exe3


System errors:
=============
Error: (08/07/2013 01:42:57 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROSEGAMM-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6535C70B-8A37-47D0-95CD-9330C80AEFC6}.
The master browser is stopping or an election is being forced.

Error: (08/07/2013 11:46:12 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (08/07/2013 11:46:12 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/07/2013 11:44:30 AM) (Source: Service Control Manager) (User: )
Description: The HcwDevCentralService service failed to start due to the following error:
%%1053

Error: (08/07/2013 11:44:30 AM) (Source: DCOM) (User: )
Description: 1053HcwDevCentralService{91629C9E-A6A9-4F6A-8FD4-DD8EE54FEC19}

Error: (08/07/2013 11:44:27 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HcwDevCentralService service to connect.

Error: (08/07/2013 11:43:38 AM) (Source: Service Control Manager) (User: )
Description: The WebcamMax, WDM Video Capture service failed to start due to the following error:
%%1058

Error: (08/06/2013 04:58:11 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROSEGAMM-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6535C70B-8A37-47D0-95CD-9330C80AEFC6}.
The master browser is stopping or an election is being forced.

Error: (08/06/2013 03:56:26 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROSEGAMM-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6535C70B-8A37-47D0-95CD-9330C80AEFC6}.
The master browser is stopping or an election is being forced.

Error: (08/06/2013 02:53:49 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROSEGAMM-HP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6535C70B-8A37-47D0-95CD-9330C80AEFC6}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (08/06/2013 10:37:22 AM) (Source: Application Hang)(User: )
Description: Fiesta.bin0.0.0.0fd801ce92cb501029830C:\Program Files (x86)\Outspark\Fiesta\Fiesta.bind30c6b86-febe-11e2-bab4-dc85de065269

Error: (08/06/2013 00:45:07 AM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835ntdll.dll6.1.7601.177254ec49b8fc000000500038dc91c9c01ce926ad343bd45C:\Program Files (x86)\Outspark\Fiesta\Fiesta.binC:\Windows\SysWOW64\ntdll.dll1cb10782-fe6c-11e2-8e24-dc85de065269

Error: (08/05/2013 06:53:13 PM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835ntdll.dll6.1.7601.177254ec49b8fc000000500038dc9108c01ce922cb140165aC:\Program Files (x86)\Outspark\Fiesta\Fiesta.binC:\Windows\SysWOW64\ntdll.dllf3ed5e30-fe3a-11e2-8e24-dc85de065269

Error: (08/04/2013 00:28:09 AM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835Fiesta.bin0.0.0.051f75835c0000005002784d61bb001ce90cb684e0eb8C:\Program Files (x86)\Outspark\Fiesta\Fiesta.binC:\Program Files (x86)\Outspark\Fiesta\Fiesta.bin6929ed43-fcd7-11e2-ae80-dc85de065269

Error: (08/03/2013 02:15:56 PM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835ntdll.dll6.1.7601.177254ec49b8fc000000500038dc917d801ce908063341ef4C:\Program Files (x86)\Outspark\Fiesta\Fiesta.binC:\Windows\SysWOW64\ntdll.dlle24a8047-fc81-11e2-ae80-dc85de065269

Error: (08/03/2013 00:33:42 PM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835ntdll.dll6.1.7601.177254ec49b8fc000000500038dc9bf801ce907ef40f0fbaC:\Program Files (x86)\Outspark\Fiesta\Fiesta.binC:\Windows\SysWOW64\ntdll.dll9a2af1c6-fc73-11e2-ae80-dc85de065269

Error: (08/03/2013 00:23:07 PM) (Source: Application Error)(User: )
Description: Fiesta.bin0.0.0.051f75835unknown0.0.0.000000000c000000500000000eb001ce907c2a886e1eC:\Program Files (x86)\Outspark\Fiesta\Fiesta.binunknown1fb81ee9-fc72-11e2-ae80-dc85de065269

Error: (08/02/2013 03:09:37 PM) (Source: Application Error)(User: )
Description: gta_sa.exe0.0.0.0427101caunknown0.0.0.000000000c000000538a1883d141401ce8fccf9f98cd6C:\Users\JamesGamm\Desktop\Desktop\GTA - San Andreas\gta_sa.exeunknown37ada18c-fbc0-11e2-8ea1-dc85de065269

Error: (08/02/2013 03:08:04 PM) (Source: Application Error)(User: )
Description: gta_sa.exe0.0.0.0427101caunknown0.0.0.000000000c000000538a1883d141401ce8fccc30d9a58C:\Users\JamesGamm\Desktop\Desktop\GTA - San Andreas\gta_sa.exeunknown00c04f78-fbc0-11e2-8ea1-dc85de065269

Error: (08/02/2013 03:07:57 PM) (Source: Application Error)(User: )
Description: gta_sa.exe0.0.0.0427101caunknown0.0.0.000000000c000000538a1883d195c01ce8fccbed8ba83C:\Users\JamesGamm\Desktop\Desktop\GTA - San Andreas\gta_sa.exeunknownfc8b96b4-fbbf-11e2-8ea1-dc85de065269


CodeIntegrity Errors:
===================================
  Date: 2012-09-08 14:38:57.267
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:38:57.238
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:38:12.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:38:12.320
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:38:09.360
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:38:09.333
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:37:59.970
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-09-08 14:37:59.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\JamesGamm\Desktop\Kernel Detective v1.4.1\Kernel Detective.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (Version: 3.2.3.28705)
Adobe AIR (Version: 3.5.0.1060)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Aeria Ignite (Version: 1.13.3296)
Akamai NetSession Interface
Alcor Micro USB Card Reader (Version: 3.1.142.60386)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft ShowBiz (Version: 3.5.41.83)
ASUS AI Recovery (Version: 1.0.24)
ASUS Fan Filter Checker (Version: 1.0.0001)
ASUS LifeFrame3 (Version: 3.0.29)
ASUS Live Update (Version: 3.1.2)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0040)
ASUS USB Charger Plus (Version: 2.0.9)
ASUS Virtual Camera (Version: 1.0.25)
AsusScr_G75 Series_ENG (Version: 1.0.0001)
AsusVibe2.0 (Version: 2.0.9.157)
AsylumGunz
Atheros Bluetooth Suite (64) (Version: 7.4.0.115)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.0.8.8)
Atheros Driver Installation Program (Version: 9.2)
ATK Package (Version: 1.0.0016)
Audacity 2.0.3 (Version: 2.0.3)
AutoHotkey 1.1.10.01 (Version: 1.1.10.01)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.24)
Coupon Companion (Version: 1.18.149.149)
CyberLink LabelPrint (Version: 2.5.3624)
CyberLink Media Suite (Version: 8.0.2926)
CyberLink Power2Go (Version: 7.0.0.1126)
D3DX10 (Version: 15.4.2368.0902)
DirectX 9 Runtime (Version: 1.00.0000)
Drift City
Entity Framework Designer for Visual Studio 2012 - enu (Version: 11.1.20810.00)
ffdshow v1.1.3800 [2011-03-28] (Version: 1.1.3800.0)
Fiddler (Version: 2.4.4.5)
Fiesta (Version: 10.0.0400)
Fraps (remove only)
GameFast (Version: 1.0.1.1)
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
Gyazo 1.0
Hauppauge Device Central (Version: 1.0.30277)
InstantOn for NB (Version: 2.2.0)
Intel® Manageability Engine Firmware Recovery Agent (Version: 1.0.0.35342)
Intel® Management Engine Components (Version: 8.0.3.1427)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.3.214)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.0.1.12)
Java 7 Update 25 (Version: 7.0.250)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 16.4.3505.0912)
League of Legends (Version: 1.3)
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (Version: 4.5.50709)
Microsoft .NET Framework 4.5 SDK (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 2.0 (Version: 2.0.50727)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server 2012 Command Line Utilities  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Data-Tier App Framework  (Version: 11.0.2316.0)
Microsoft SQL Server 2012 Express LocalDB  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Native Client  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (Version: 11.0.2100.60)
Microsoft SQL Server 2012 T-SQL Language Service  (Version: 11.0.2100.60)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (Version: 4.0.8876.1)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (Version: 11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (Version: 11.1.20828.01)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft System CLR Types for SQL Server 2012 (Version: 11.0.2100.60)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Movie Maker (Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MTA:SA v1.3.2 (Version: v1.3.2)
Notepad++ (Version: 6.1.8)
NVIDIA 3D Vision Driver 314.07 (Version: 314.07)
NVIDIA Control Panel 314.07 (Version: 314.07)
NVIDIA Graphics Driver 314.07 (Version: 314.07)
NVIDIA HD Audio Driver 1.3.23.1 (Version: 1.3.23.1)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1407)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
Pando Media Booster (Version: 2.6.0.8)
Photo Gallery (Version: 16.4.3505.0912)
Platform (Version: 1.39)
Prerequisites for SSDT  (Version: 11.0.2100.60)
Process Hacker 2.31 (r5355) (Version: 2.31.0.5355)
PS3 Xploder Ultimate Edition
QuickTime (Version: 7.74.80.86)
Rotation Desktop for G Series (Version: 1.1.3.2)
Roxio AACS Certificate (Version: 1.0.0)
Roxio CinePlayer (Version: 5.8)
Roxio CinePlayer (Version: 5.8.58233.4)
S4 League_EU (Version: 1.00.0000)
saafE  ssaVVe (Version: )
SafeSaver 1.74
SearchNewTab (Version: )
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Skype™ 6.6 (Version: 6.6.106)
Software Version Updater (Version: 1.1.3.7)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 15.3.43.0)
System Requirements Lab Detection (Version: 1.0.5.0)
TeamSpeak 3 Client (Version: 3.0.10)
TeamViewer 8 (Version: 8.0.18051)
TERA (Version: 1.6)
TortoiseSVN 1.7.11.23600 (64 bit) (Version: 1.7.23600)
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
VIA Platform Device Manager (Version: 1.39)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFlash (Version: 2.41.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Wireless Console 3 (Version: 3.0.27)
Wolfteam

========================= Memory info: ===================================

Percentage of memory in use: 28%
Total physical RAM: 8151.92 MB
Available physical RAM: 5848.59 MB
Total Pagefile: 16302.02 MB
Available Pagefile: 13833.71 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.16 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:906.19 GB) (Free:727.17 GB) NTFS

========================= Users: ========================================

User accounts for \\JAMESGAMM-PC

Administrator            Guest                    JamesGamm                
UpdatusUser              


**** End of log ****
 



#8 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 09 August 2013 - 05:28 PM

19:19:42.0621 6296  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
19:19:42.0621 6296  UEFI system
19:19:42.0981 6296  ============================================================
19:19:42.0981 6296  Current date / time: 2013/08/07 19:19:42.0981
19:19:42.0981 6296  SystemInfo:
19:19:42.0981 6296  
19:19:42.0981 6296  OS Version: 6.1.7601 ServicePack: 1.0
19:19:42.0981 6296  Product type: Workstation
19:19:42.0981 6296  ComputerName: JAMESGAMM-PC
19:19:42.0981 6296  UserName: JamesGamm
19:19:42.0981 6296  Windows directory: C:\Windows
19:19:42.0981 6296  System windows directory: C:\Windows
19:19:42.0981 6296  Running under WOW64
19:19:42.0981 6296  Processor architecture: Intel x64
19:19:42.0981 6296  Number of processors: 8
19:19:42.0981 6296  Page size: 0x1000
19:19:42.0981 6296  Boot type: Normal boot
19:19:42.0981 6296  ============================================================
19:19:43.0551 6296  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:19:43.0551 6296  ============================================================
19:19:43.0551 6296  \Device\Harddisk0\DR0:
19:19:43.0551 6296  GPT partitions:
19:19:43.0561 6296  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {888F9EA7-33B6-4CDC-B1E7-B91656BA023E}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
19:19:43.0561 6296  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {84ABD58C-11A7-47FD-8D6E-0FE8200A0AE2}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
19:19:43.0561 6296  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {14BDF3A8-F1B9-44B3-95FA-8BA05E78E004}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0x71462000
19:19:43.0561 6296  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {857E758A-E795-4012-8918-4F9850835F22}, Name: Basic data partition, StartLBA 0x71506800, BlocksNum 0x3200000
19:19:43.0561 6296  MBR partitions:
19:19:43.0561 6296  ============================================================
19:19:43.0601 6296  C: <-> \Device\Harddisk0\DR0\Partition3
19:19:43.0601 6296  ============================================================
19:19:43.0601 6296  Initialize success
19:19:43.0601 6296  ============================================================
19:20:31.0807 6440  ============================================================
19:20:31.0807 6440  Scan started
19:20:31.0807 6440  Mode: Manual; TDLFS;
19:20:31.0807 6440  ============================================================
19:20:32.0317 6440  ================ Scan system memory ========================
19:20:32.0317 6440  System memory - ok
19:20:32.0317 6440  ================ Scan services =============================
19:20:32.0567 6440  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:20:32.0567 6440  1394ohci - ok
19:20:32.0627 6440  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:20:32.0637 6440  ACPI - ok
19:20:32.0667 6440  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:20:32.0667 6440  AcpiPmi - ok
19:20:32.0777 6440  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:20:32.0777 6440  AdobeARMservice - ok
19:20:32.0917 6440  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:20:32.0917 6440  AdobeFlashPlayerUpdateSvc - ok
19:20:32.0967 6440  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:20:32.0977 6440  adp94xx - ok
19:20:33.0067 6440  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:20:33.0077 6440  adpahci - ok
19:20:33.0137 6440  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:20:33.0137 6440  adpu320 - ok
19:20:33.0177 6440  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:20:33.0177 6440  AeLookupSvc - ok
19:20:33.0327 6440  [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc             C:\Windows\syswow64\drivers\Afc.sys
19:20:33.0327 6440  Afc - ok
19:20:33.0377 6440  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:20:33.0377 6440  AFD - ok
19:20:33.0447 6440  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
19:20:33.0577 6440  AgereSoftModem - ok
19:20:33.0637 6440  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:20:33.0637 6440  agp440 - ok
19:20:33.0707 6440  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
19:20:33.0707 6440  AiCharger - ok
19:20:33.0747 6440  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:20:33.0747 6440  ALG - ok
19:20:33.0787 6440  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:20:33.0787 6440  aliide - ok
19:20:33.0877 6440  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:20:33.0877 6440  amdide - ok
19:20:33.0877 6440  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:20:33.0887 6440  AmdK8 - ok
19:20:33.0887 6440  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:20:33.0887 6440  AmdPPM - ok
19:20:33.0947 6440  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:20:33.0947 6440  amdsata - ok
19:20:33.0957 6440  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:20:33.0967 6440  amdsbs - ok
19:20:33.0997 6440  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:20:33.0997 6440  amdxata - ok
19:20:34.0007 6440  AntiLog32 - ok
19:20:34.0087 6440  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
19:20:34.0087 6440  AppHostSvc - ok
19:20:34.0117 6440  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:20:34.0117 6440  AppID - ok
19:20:34.0197 6440  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:20:34.0197 6440  AppIDSvc - ok
19:20:34.0257 6440  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
19:20:34.0257 6440  Appinfo - ok
19:20:34.0357 6440  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:20:34.0357 6440  Apple Mobile Device - ok
19:20:34.0457 6440  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:20:34.0467 6440  arc - ok
19:20:34.0467 6440  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:20:34.0477 6440  arcsas - ok
19:20:34.0567 6440  [ A3626C6D3F2DC95497F3F61842D7FD89 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:20:34.0567 6440  ASLDRService - ok
19:20:34.0647 6440  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:20:34.0647 6440  ASMMAP64 - ok
19:20:34.0797 6440  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:20:34.0797 6440  aspnet_state - ok
19:20:34.0917 6440  [ 52436245AAEF3B65DF7859949AB6A14E ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
19:20:34.0917 6440  ASUS InstantOn - ok
19:20:35.0017 6440  [ B6EF28ECEE73B624D56DF30AD562AE8D ] AsusUacSvc      C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
19:20:35.0017 6440  AsusUacSvc - ok
19:20:35.0087 6440  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:35.0087 6440  AsyncMac - ok
19:20:35.0127 6440  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:20:35.0127 6440  atapi - ok
19:20:35.0157 6440  [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
19:20:35.0157 6440  AthBTPort - ok
19:20:35.0227 6440  [ EDF396DE960606106B06DE0478B1476B ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:20:35.0227 6440  AtherosSvc - ok
19:20:35.0357 6440  [ 7D0398396727195CC73D703001D3CFF4 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:20:35.0437 6440  athr - ok
19:20:35.0447 6440  [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:20:35.0447 6440  ATKGFNEXSrv - ok
19:20:35.0497 6440  [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:20:35.0497 6440  ATKWMIACPIIO - ok
19:20:35.0597 6440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:20:35.0617 6440  AudioEndpointBuilder - ok
19:20:35.0627 6440  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:20:35.0637 6440  AudioSrv - ok
19:20:35.0657 6440  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:20:35.0657 6440  AxInstSV - ok
19:20:35.0697 6440  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:20:35.0707 6440  b06bdrv - ok
19:20:35.0787 6440  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:20:35.0787 6440  b57nd60a - ok
19:20:35.0827 6440  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:20:35.0837 6440  BDESVC - ok
19:20:35.0867 6440  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:20:35.0867 6440  Beep - ok
19:20:35.0927 6440  [ BFEA421F72A051845352638A375BC221 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
19:20:35.0927 6440  BEService - ok
19:20:36.0047 6440  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:20:36.0057 6440  BFE - ok
19:20:36.0097 6440  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:20:36.0117 6440  BITS - ok
19:20:36.0167 6440  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:36.0167 6440  blbdrive - ok
19:20:36.0257 6440  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:20:36.0257 6440  Bonjour Service - ok
19:20:36.0337 6440  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:20:36.0347 6440  bowser - ok
19:20:36.0377 6440  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:20:36.0377 6440  BrFiltLo - ok
19:20:36.0387 6440  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:20:36.0387 6440  BrFiltUp - ok
19:20:36.0457 6440  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:20:36.0457 6440  Browser - ok
19:20:36.0557 6440  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:20:36.0557 6440  Brserid - ok
19:20:36.0567 6440  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:36.0567 6440  BrSerWdm - ok
19:20:36.0577 6440  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:36.0587 6440  BrUsbMdm - ok
19:20:36.0587 6440  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:36.0587 6440  BrUsbSer - ok
19:20:36.0637 6440  [ 50D912C86B924C397DEAE7C813E25B78 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
19:20:36.0637 6440  BTATH_A2DP - ok
19:20:36.0667 6440  [ 486362291E8C2AABC3698FCB0052D042 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
19:20:36.0667 6440  btath_avdt - ok
19:20:36.0747 6440  [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
19:20:36.0747 6440  BTATH_BUS - ok
19:20:36.0767 6440  [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:20:36.0767 6440  BTATH_HCRP - ok
19:20:36.0797 6440  [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:20:36.0797 6440  BTATH_LWFLT - ok
19:20:36.0817 6440  [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
19:20:36.0827 6440  BTATH_RCP - ok
19:20:36.0927 6440  [ E2BC720E66DA3E51E41D47C12FE353F1 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
19:20:36.0937 6440  BtFilter - ok
19:20:36.0967 6440  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
19:20:36.0977 6440  BthEnum - ok
19:20:37.0007 6440  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:20:37.0017 6440  BTHMODEM - ok
19:20:37.0037 6440  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:20:37.0047 6440  BthPan - ok
19:20:37.0077 6440  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
19:20:37.0087 6440  BTHPORT - ok
19:20:37.0167 6440  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:20:37.0177 6440  bthserv - ok
19:20:37.0217 6440  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
19:20:37.0217 6440  BTHUSB - ok
19:20:37.0257 6440  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:20:37.0257 6440  cdfs - ok
19:20:37.0337 6440  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:20:37.0347 6440  cdrom - ok
19:20:37.0377 6440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:20:37.0377 6440  CertPropSvc - ok
19:20:37.0397 6440  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:20:37.0407 6440  circlass - ok
19:20:37.0427 6440  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:20:37.0497 6440  CLFS - ok
19:20:37.0578 6440  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:20:37.0578 6440  clr_optimization_v2.0.50727_32 - ok
19:20:37.0608 6440  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:20:37.0608 6440  clr_optimization_v2.0.50727_64 - ok
19:20:37.0778 6440  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:20:37.0778 6440  clr_optimization_v4.0.30319_32 - ok
19:20:37.0848 6440  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:20:37.0848 6440  clr_optimization_v4.0.30319_64 - ok
19:20:37.0878 6440  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:37.0878 6440  CmBatt - ok
19:20:37.0908 6440  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:20:37.0908 6440  cmdide - ok
19:20:37.0958 6440  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:20:37.0968 6440  CNG - ok
19:20:38.0048 6440  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:20:38.0048 6440  Compbatt - ok
19:20:38.0088 6440  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:20:38.0088 6440  CompositeBus - ok
19:20:38.0098 6440  COMSysApp - ok
19:20:38.0118 6440  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:20:38.0138 6440  crcdisk - ok
19:20:38.0208 6440  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:20:38.0208 6440  CryptSvc - ok
19:20:38.0308 6440  CV2K1 - ok
19:20:38.0418 6440  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:20:38.0428 6440  cvhsvc - ok
19:20:38.0478 6440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:20:38.0488 6440  DcomLaunch - ok
19:20:38.0528 6440  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:20:38.0538 6440  defragsvc - ok
19:20:38.0638 6440  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:20:38.0638 6440  DfsC - ok
19:20:38.0668 6440  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:20:38.0678 6440  Dhcp - ok
19:20:38.0718 6440  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:20:38.0718 6440  discache - ok
19:20:38.0748 6440  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:20:38.0748 6440  Disk - ok
19:20:38.0768 6440  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:20:38.0778 6440  Dnscache - ok
19:20:38.0798 6440  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:20:38.0808 6440  dot3svc - ok
19:20:38.0818 6440  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:20:38.0828 6440  DPS - ok
19:20:38.0868 6440  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:20:38.0868 6440  drmkaud - ok
19:20:38.0988 6440  dump_wmimmc - ok
19:20:39.0038 6440  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:20:39.0058 6440  DXGKrnl - ok
19:20:39.0108 6440  EagleX64 - ok
19:20:39.0148 6440  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:20:39.0148 6440  EapHost - ok
19:20:39.0298 6440  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:20:39.0348 6440  ebdrv - ok
19:20:39.0418 6440  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:20:39.0418 6440  EFS - ok
19:20:39.0528 6440  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:20:39.0538 6440  ehRecvr - ok
19:20:39.0558 6440  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:20:39.0558 6440  ehSched - ok
19:20:39.0608 6440  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:20:39.0618 6440  elxstor - ok
19:20:39.0618 6440  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:20:39.0618 6440  ErrDev - ok
19:20:39.0698 6440  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:20:39.0708 6440  EventSystem - ok
19:20:39.0748 6440  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:20:39.0748 6440  exfat - ok
19:20:39.0888 6440  FairplayKD - ok
19:20:39.0938 6440  [ 440698D7CF32AA990B295AFA40EE9517 ] FanChkService   C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
19:20:39.0938 6440  FanChkService - ok
19:20:39.0978 6440  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:20:39.0978 6440  fastfat - ok
19:20:40.0078 6440  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:20:40.0088 6440  Fax - ok
19:20:40.0128 6440  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:20:40.0128 6440  fdc - ok
19:20:40.0168 6440  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:20:40.0168 6440  fdPHost - ok
19:20:40.0188 6440  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:20:40.0188 6440  FDResPub - ok
19:20:40.0228 6440  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:20:40.0228 6440  FileInfo - ok
19:20:40.0258 6440  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:20:40.0258 6440  Filetrace - ok
19:20:40.0258 6440  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:20:40.0258 6440  flpydisk - ok
19:20:40.0288 6440  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:20:40.0288 6440  FltMgr - ok
19:20:40.0428 6440  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
19:20:40.0448 6440  FontCache - ok
19:20:40.0508 6440  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:20:40.0508 6440  FontCache3.0.0.0 - ok
19:20:40.0538 6440  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:20:40.0538 6440  FsDepends - ok
19:20:40.0628 6440  [ B16B626996C74B564005BA855C5DEE90 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
19:20:40.0638 6440  fssfltr - ok
19:20:40.0728 6440  [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:20:40.0748 6440  fsssvc - ok
19:20:40.0798 6440  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:20:40.0798 6440  Fs_Rec - ok
19:20:40.0848 6440  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:20:40.0848 6440  fvevol - ok
19:20:40.0928 6440  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:20:40.0928 6440  gagp30kx - ok
19:20:40.0988 6440  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:20:40.0998 6440  GEARAspiWDM - ok
19:20:41.0038 6440  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:20:41.0048 6440  gpsvc - ok
19:20:41.0138 6440  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:20:41.0138 6440  gupdate - ok
19:20:41.0158 6440  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:20:41.0158 6440  gupdatem - ok
19:20:41.0188 6440  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
19:20:41.0188 6440  hamachi - ok
19:20:41.0218 6440  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:20:41.0218 6440  hcw85cir - ok
19:20:41.0298 6440  [ D349C898BEF44885EADC37BB900B3B0A ] HcwDevCentralService C:\PROGRA~2\HAUPPA~1\DEVICE~1\HCWDEV~1.EXE
19:20:41.0308 6440  HcwDevCentralService - ok
19:20:41.0398 6440  [ 319C2E7A2D45476767F31B16EE98B520 ] hcwE5bda        C:\Windows\system32\drivers\hcwE5bda.sys
19:20:41.0408 6440  hcwE5bda - ok
19:20:41.0458 6440  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:20:41.0468 6440  HdAudAddService - ok
19:20:41.0538 6440  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:20:41.0538 6440  HDAudBus - ok
19:20:41.0578 6440  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:20:41.0578 6440  HidBatt - ok
19:20:41.0578 6440  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:20:41.0588 6440  HidBth - ok
19:20:41.0628 6440  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:20:41.0628 6440  HidIr - ok
19:20:41.0698 6440  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:20:41.0708 6440  hidserv - ok
19:20:41.0728 6440  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:20:41.0728 6440  HidUsb - ok
19:20:41.0778 6440  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:20:41.0778 6440  hkmsvc - ok
19:20:41.0818 6440  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:20:41.0818 6440  HomeGroupListener - ok
19:20:41.0908 6440  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:20:41.0908 6440  HomeGroupProvider - ok
19:20:41.0948 6440  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:20:41.0948 6440  HpSAMD - ok
19:20:41.0988 6440  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:20:41.0998 6440  HTTP - ok
19:20:42.0008 6440  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:20:42.0008 6440  hwpolicy - ok
19:20:42.0038 6440  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:20:42.0048 6440  i8042prt - ok
19:20:42.0078 6440  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
19:20:42.0078 6440  iaStor - ok
19:20:42.0118 6440  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:20:42.0188 6440  iaStorV - ok
19:20:42.0238 6440  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:20:42.0258 6440  idsvc - ok
19:20:42.0278 6440  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:20:42.0288 6440  iirsp - ok
19:20:42.0348 6440  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:20:42.0358 6440  IKEEXT - ok
19:20:42.0428 6440  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
19:20:42.0438 6440  Intel® Capability Licensing Service Interface - ok
19:20:42.0528 6440  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
19:20:42.0528 6440  Intel® ME Service - ok
19:20:42.0568 6440  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:20:42.0568 6440  intelide - ok
19:20:42.0598 6440  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:20:42.0608 6440  intelppm - ok
19:20:42.0698 6440  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:20:42.0698 6440  IPBusEnum - ok
19:20:42.0718 6440  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:20:42.0728 6440  IpFilterDriver - ok
19:20:42.0778 6440  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:20:42.0788 6440  iphlpsvc - ok
19:20:42.0818 6440  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:20:42.0828 6440  IPMIDRV - ok
19:20:42.0858 6440  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:20:42.0868 6440  IPNAT - ok
19:20:42.0918 6440  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:20:42.0928 6440  iPod Service - ok
19:20:42.0988 6440  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:20:42.0988 6440  IRENUM - ok
19:20:43.0008 6440  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:20:43.0008 6440  isapnp - ok
19:20:43.0058 6440  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:20:43.0058 6440  iScsiPrt - ok
19:20:43.0098 6440  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:20:43.0098 6440  iusb3hcs - ok
19:20:43.0188 6440  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:20:43.0188 6440  iusb3hub - ok
19:20:43.0218 6440  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:20:43.0228 6440  iusb3xhc - ok
19:20:43.0268 6440  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
19:20:43.0268 6440  jhi_service - ok
19:20:43.0298 6440  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:20:43.0298 6440  kbdclass - ok
19:20:43.0378 6440  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:20:43.0378 6440  kbdhid - ok
19:20:43.0418 6440  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
19:20:43.0418 6440  kbfiltr - ok
19:20:43.0448 6440  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:20:43.0458 6440  KeyIso - ok
19:20:43.0488 6440  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:20:43.0488 6440  KSecDD - ok
19:20:43.0558 6440  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:20:43.0568 6440  KSecPkg - ok
19:20:43.0598 6440  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:20:43.0598 6440  ksthunk - ok
19:20:43.0638 6440  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:20:43.0638 6440  KtmRm - ok
19:20:43.0678 6440  [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:20:43.0678 6440  L1C - ok
19:20:43.0718 6440  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:20:43.0728 6440  LanmanServer - ok
19:20:43.0758 6440  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:20:43.0758 6440  LanmanWorkstation - ok
19:20:43.0848 6440  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:20:43.0848 6440  lltdio - ok
19:20:43.0878 6440  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:20:43.0878 6440  lltdsvc - ok
19:20:43.0908 6440  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:20:43.0908 6440  lmhosts - ok
19:20:43.0998 6440  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:20:44.0008 6440  LMS - ok
19:20:44.0028 6440  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:20:44.0028 6440  LSI_FC - ok
19:20:44.0048 6440  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:20:44.0048 6440  LSI_SAS - ok
19:20:44.0058 6440  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:20:44.0058 6440  LSI_SAS2 - ok
19:20:44.0078 6440  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:20:44.0078 6440  LSI_SCSI - ok
19:20:44.0098 6440  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:20:44.0098 6440  luafv - ok
19:20:44.0198 6440  [ DE585D1D266805E5EEDAE911FDD16F38 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
19:20:44.0198 6440  ManyCam - ok
19:20:44.0248 6440  [ 5858C4ABE87D0A842A941D6BD08038F1 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
19:20:44.0248 6440  mcaudrv_simple - ok
19:20:44.0288 6440  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:20:44.0298 6440  Mcx2Svc - ok
19:20:44.0318 6440  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:20:44.0328 6440  megasas - ok
19:20:44.0348 6440  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:20:44.0358 6440  MegaSR - ok
19:20:44.0448 6440  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:20:44.0448 6440  MEIx64 - ok
19:20:44.0478 6440  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:20:44.0478 6440  MMCSS - ok
19:20:44.0488 6440  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:20:44.0488 6440  Modem - ok
19:20:44.0528 6440  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:20:44.0528 6440  monitor - ok
19:20:44.0568 6440  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:20:44.0568 6440  mouclass - ok
19:20:44.0638 6440  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:20:44.0648 6440  mouhid - ok
19:20:44.0678 6440  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:20:44.0678 6440  mountmgr - ok
19:20:44.0728 6440  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:20:44.0728 6440  MozillaMaintenance - ok
19:20:44.0748 6440  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:20:44.0748 6440  mpio - ok
19:20:44.0768 6440  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:20:44.0768 6440  mpsdrv - ok
19:20:44.0818 6440  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:20:44.0838 6440  MpsSvc - ok
19:20:44.0838 6440  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:20:44.0848 6440  MRxDAV - ok
19:20:44.0888 6440  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:44.0898 6440  mrxsmb - ok
19:20:44.0938 6440  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:44.0938 6440  mrxsmb10 - ok
19:20:44.0958 6440  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:44.0958 6440  mrxsmb20 - ok
19:20:44.0978 6440  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:20:44.0978 6440  msahci - ok
19:20:45.0028 6440  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:20:45.0028 6440  msdsm - ok
19:20:45.0068 6440  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:20:45.0078 6440  MSDTC - ok
19:20:45.0138 6440  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:20:45.0148 6440  Msfs - ok
19:20:45.0158 6440  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:20:45.0158 6440  mshidkmdf - ok
19:20:45.0188 6440  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:20:45.0188 6440  msisadrv - ok
19:20:45.0228 6440  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:20:45.0228 6440  MSiSCSI - ok
19:20:45.0238 6440  msiserver - ok
19:20:45.0278 6440  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:20:45.0278 6440  MSKSSRV - ok
19:20:45.0318 6440  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:20:45.0318 6440  MSPCLOCK - ok
19:20:45.0318 6440  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:20:45.0318 6440  MSPQM - ok
19:20:45.0358 6440  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:20:45.0368 6440  MsRPC - ok
19:20:45.0428 6440  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:20:45.0428 6440  mssmbios - ok
19:20:45.0488 6440  MSSQL$SQLEXPRESS - ok
19:20:45.0638 6440  [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:20:45.0638 6440  MSSQLServerADHelper100 - ok
19:20:45.0678 6440  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:20:45.0678 6440  MSTEE - ok
19:20:45.0708 6440  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:20:45.0708 6440  MTConfig - ok
19:20:45.0738 6440  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:20:45.0738 6440  Mup - ok
19:20:45.0778 6440  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:20:45.0788 6440  napagent - ok
19:20:45.0848 6440  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:20:45.0858 6440  NativeWifiP - ok
19:20:45.0938 6440  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:20:45.0948 6440  NDIS - ok
19:20:45.0988 6440  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:20:45.0998 6440  NdisCap - ok
19:20:46.0008 6440  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:20:46.0008 6440  NdisTapi - ok
19:20:46.0038 6440  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:20:46.0038 6440  Ndisuio - ok
19:20:46.0048 6440  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:20:46.0058 6440  NdisWan - ok
19:20:46.0078 6440  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:20:46.0078 6440  NDProxy - ok
19:20:46.0138 6440  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:20:46.0138 6440  NetBIOS - ok
19:20:46.0168 6440  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:20:46.0168 6440  NetBT - ok
19:20:46.0188 6440  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:20:46.0198 6440  Netlogon - ok
19:20:46.0248 6440  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:20:46.0248 6440  Netman - ok
19:20:46.0308 6440  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:46.0318 6440  NetMsmqActivator - ok
19:20:46.0318 6440  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:46.0318 6440  NetPipeActivator - ok
19:20:46.0358 6440  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:20:46.0368 6440  netprofm - ok
19:20:46.0388 6440  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:46.0388 6440  NetTcpActivator - ok
19:20:46.0398 6440  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:20:46.0398 6440  NetTcpPortSharing - ok
19:20:46.0428 6440  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:20:46.0428 6440  nfrd960 - ok
19:20:46.0458 6440  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:20:46.0468 6440  NlaSvc - ok
19:20:46.0498 6440  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:20:46.0498 6440  Npfs - ok
19:20:46.0599 6440  npggsvc - ok
19:20:46.0619 6440  NPPTNT2 - ok
19:20:46.0649 6440  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:20:46.0649 6440  nsi - ok
19:20:46.0689 6440  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:20:46.0689 6440  nsiproxy - ok
19:20:46.0739 6440  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:20:46.0769 6440  Ntfs - ok
19:20:46.0789 6440  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:20:46.0789 6440  Null - ok
19:20:46.0899 6440  [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
19:20:46.0899 6440  NVHDA - ok
19:20:47.0139 6440  [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:20:47.0379 6440  nvlddmkm - ok
19:20:47.0419 6440  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:20:47.0419 6440  nvraid - ok
19:20:47.0479 6440  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:20:47.0489 6440  nvstor - ok
19:20:47.0549 6440  [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:20:47.0559 6440  nvsvc - ok
19:20:47.0689 6440  [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:20:47.0709 6440  nvUpdatusService - ok
19:20:47.0759 6440  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:20:47.0759 6440  nv_agp - ok
19:20:47.0779 6440  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:20:47.0779 6440  ohci1394 - ok
19:20:47.0829 6440  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:20:47.0829 6440  ose - ok
19:20:48.0009 6440  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:20:48.0109 6440  osppsvc - ok
19:20:48.0159 6440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:20:48.0159 6440  p2pimsvc - ok
19:20:48.0219 6440  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:20:48.0229 6440  p2psvc - ok
19:20:48.0309 6440  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:20:48.0309 6440  Parport - ok
19:20:48.0329 6440  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:20:48.0329 6440  partmgr - ok
19:20:48.0369 6440  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:20:48.0369 6440  PcaSvc - ok
19:20:48.0399 6440  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:20:48.0399 6440  pci - ok
19:20:48.0429 6440  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:20:48.0429 6440  pciide - ok
19:20:48.0469 6440  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:20:48.0469 6440  pcmcia - ok
19:20:48.0539 6440  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:20:48.0549 6440  pcw - ok
19:20:48.0579 6440  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:20:48.0589 6440  PEAUTH - ok
19:20:48.0669 6440  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:20:48.0669 6440  PerfHost - ok
19:20:48.0729 6440  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:20:48.0749 6440  pla - ok
19:20:48.0789 6440  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:20:48.0789 6440  PlugPlay - ok
19:20:48.0849 6440  [ 64CA1485214340CACC315FFDFDED73EF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:20:48.0849 6440  Pml Driver HPZ12 - ok
19:20:48.0869 6440  PnkBstrA - ok
19:20:48.0959 6440  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:20:48.0959 6440  PNRPAutoReg - ok
19:20:48.0989 6440  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:20:48.0989 6440  PNRPsvc - ok
19:20:49.0039 6440  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:20:49.0049 6440  PolicyAgent - ok
19:20:49.0069 6440  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:20:49.0079 6440  Power - ok
19:20:49.0109 6440  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:20:49.0109 6440  PptpMiniport - ok
19:20:49.0129 6440  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:20:49.0129 6440  Processor - ok
19:20:49.0159 6440  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:20:49.0159 6440  ProfSvc - ok
19:20:49.0229 6440  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:20:49.0229 6440  ProtectedStorage - ok
19:20:49.0259 6440  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:20:49.0259 6440  Psched - ok
19:20:49.0289 6440  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
19:20:49.0289 6440  PxHlpa64 - ok
19:20:49.0359 6440  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:20:49.0389 6440  ql2300 - ok
19:20:49.0449 6440  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:20:49.0449 6440  ql40xx - ok
19:20:49.0489 6440  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:20:49.0489 6440  QWAVE - ok
19:20:49.0499 6440  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:20:49.0499 6440  QWAVEdrv - ok
19:20:49.0519 6440  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:20:49.0519 6440  RasAcd - ok
19:20:49.0569 6440  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:20:49.0569 6440  RasAgileVpn - ok
19:20:49.0589 6440  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:20:49.0589 6440  RasAuto - ok
19:20:49.0599 6440  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:20:49.0609 6440  Rasl2tp - ok
19:20:49.0629 6440  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:20:49.0639 6440  RasMan - ok
19:20:49.0649 6440  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:20:49.0659 6440  RasPppoe - ok
19:20:49.0719 6440  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:20:49.0729 6440  RasSstp - ok
19:20:49.0749 6440  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:20:49.0749 6440  rdbss - ok
19:20:49.0769 6440  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:20:49.0769 6440  rdpbus - ok
19:20:49.0789 6440  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:20:49.0799 6440  RDPCDD - ok
19:20:49.0809 6440  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:20:49.0809 6440  RDPENCDD - ok
19:20:49.0879 6440  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:20:49.0879 6440  RDPREFMP - ok
19:20:49.0929 6440  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:20:49.0939 6440  RdpVideoMiniport - ok
19:20:49.0949 6440  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:20:49.0959 6440  RDPWD - ok
19:20:49.0989 6440  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:20:49.0989 6440  rdyboost - ok
19:20:50.0059 6440  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:20:50.0069 6440  RemoteAccess - ok
19:20:50.0099 6440  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:20:50.0109 6440  RemoteRegistry - ok
19:20:50.0169 6440  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:20:50.0169 6440  RFCOMM - ok
19:20:50.0189 6440  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:20:50.0189 6440  RpcEptMapper - ok
19:20:50.0229 6440  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:20:50.0229 6440  RpcLocator - ok
19:20:50.0259 6440  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:20:50.0269 6440  RpcSs - ok
19:20:50.0319 6440  [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105        C:\Windows\system32\DRIVERS\RsFx0105.sys
19:20:50.0319 6440  RsFx0105 - ok
19:20:50.0409 6440  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:20:50.0409 6440  rspndr - ok
19:20:50.0439 6440  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:20:50.0439 6440  SamSs - ok
19:20:50.0489 6440  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:20:50.0489 6440  sbp2port - ok
19:20:50.0529 6440  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:20:50.0529 6440  SCardSvr - ok
19:20:50.0549 6440  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:20:50.0559 6440  scfilter - ok
19:20:50.0599 6440  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:20:50.0619 6440  Schedule - ok
19:20:50.0689 6440  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:20:50.0689 6440  SCPolicySvc - ok
19:20:50.0729 6440  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:20:50.0739 6440  SDRSVC - ok
19:20:50.0779 6440  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:20:50.0779 6440  secdrv - ok
19:20:50.0799 6440  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:20:50.0809 6440  seclogon - ok
19:20:50.0839 6440  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:20:50.0839 6440  SENS - ok
19:20:50.0899 6440  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:20:50.0899 6440  SensrSvc - ok
19:20:50.0929 6440  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:20:50.0929 6440  Serenum - ok
19:20:50.0949 6440  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
19:20:50.0949 6440  Serial - ok
19:20:50.0959 6440  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:20:50.0959 6440  sermouse - ok
19:20:50.0999 6440  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:20:50.0999 6440  SessionEnv - ok
19:20:51.0039 6440  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:20:51.0049 6440  sffdisk - ok
19:20:51.0049 6440  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:20:51.0049 6440  sffp_mmc - ok
19:20:51.0099 6440  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:20:51.0099 6440  sffp_sd - ok
19:20:51.0119 6440  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:20:51.0129 6440  sfloppy - ok
19:20:51.0179 6440  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:20:51.0189 6440  Sftfs - ok
19:20:51.0229 6440  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:20:51.0239 6440  sftlist - ok
19:20:51.0319 6440  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:20:51.0319 6440  Sftplay - ok
19:20:51.0359 6440  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:20:51.0359 6440  Sftredir - ok
19:20:51.0409 6440  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:20:51.0409 6440  Sftvol - ok
19:20:51.0449 6440  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:20:51.0459 6440  sftvsa - ok
19:20:51.0519 6440  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:20:51.0529 6440  SharedAccess - ok
19:20:51.0559 6440  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:20:51.0569 6440  ShellHWDetection - ok
19:20:51.0609 6440  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
19:20:51.0619 6440  SiSGbeLH - ok
19:20:51.0629 6440  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:20:51.0639 6440  SiSRaid2 - ok
19:20:51.0639 6440  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:20:51.0639 6440  SiSRaid4 - ok
19:20:51.0739 6440  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:20:51.0739 6440  SkypeUpdate - ok
19:20:51.0769 6440  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:20:51.0779 6440  Smb - ok
19:20:51.0819 6440  [ E81E48E132216DE7BD5A4E7C89054187 ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver.sys
19:20:51.0819 6440  SmbDrv - ok
19:20:51.0869 6440  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:20:51.0879 6440  SNMPTRAP - ok
19:20:51.0889 6440  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:20:51.0889 6440  spldr - ok
19:20:51.0919 6440  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:20:51.0939 6440  Spooler - ok
19:20:52.0059 6440  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:20:52.0149 6440  sppsvc - ok
19:20:52.0209 6440  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:20:52.0209 6440  sppuinotify - ok
19:20:52.0289 6440  [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:20:52.0299 6440  SQLAgent$SQLEXPRESS - ok
19:20:52.0379 6440  [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:20:52.0389 6440  SQLBrowser - ok
19:20:52.0449 6440  [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:20:52.0449 6440  SQLWriter - ok
19:20:52.0489 6440  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:20:52.0499 6440  srv - ok
19:20:52.0559 6440  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:20:52.0559 6440  srv2 - ok
19:20:52.0619 6440  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:20:52.0619 6440  srvnet - ok
19:20:52.0679 6440  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:20:52.0679 6440  SSDPSRV - ok
19:20:52.0699 6440  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:20:52.0709 6440  SstpSvc - ok
19:20:52.0819 6440  [ 9E1380328C39D661E085B24D6A6E044E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
19:20:52.0829 6440  Steam Client Service - ok
19:20:52.0909 6440  [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:20:52.0919 6440  Stereo Service - ok
19:20:52.0939 6440  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:20:52.0949 6440  stexstor - ok
19:20:52.0989 6440  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:20:52.0999 6440  stisvc - ok
19:20:53.0049 6440  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:20:53.0049 6440  swenum - ok
19:20:53.0139 6440  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:20:53.0149 6440  swprv - ok
19:20:53.0189 6440  [ 5338ADD749AD5A3CEA35787F8654C015 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:20:53.0199 6440  SynTP - ok
19:20:53.0269 6440  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:20:53.0289 6440  SysMain - ok
19:20:53.0329 6440  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:20:53.0329 6440  TabletInputService - ok
19:20:53.0369 6440  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:20:53.0369 6440  tap0901 - ok
19:20:53.0379 6440  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:20:53.0389 6440  TapiSrv - ok
19:20:53.0429 6440  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:20:53.0429 6440  TBS - ok
19:20:53.0499 6440  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:20:53.0579 6440  Tcpip - ok
19:20:53.0629 6440  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:20:53.0649 6440  TCPIP6 - ok
19:20:53.0689 6440  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:20:53.0689 6440  tcpipreg - ok
19:20:53.0769 6440  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:20:53.0769 6440  TDPIPE - ok
19:20:53.0789 6440  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:20:53.0799 6440  TDTCP - ok
19:20:53.0829 6440  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:20:53.0829 6440  tdx - ok
19:20:54.0029 6440  [ 7C8DD5576695B3362202EF09B20C425E ] TeamViewer8     C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:20:54.0069 6440  TeamViewer8 - ok
19:20:54.0099 6440  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:20:54.0099 6440  TermDD - ok
19:20:54.0149 6440  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:20:54.0159 6440  TermService - ok
19:20:54.0229 6440  [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes          C:\Windows\system32\themeservice.dll
19:20:54.0229 6440  Themes - ok
19:20:54.0259 6440  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:20:54.0259 6440  THREADORDER - ok
19:20:54.0319 6440  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
19:20:54.0319 6440  TPM - ok
19:20:54.0399 6440  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:20:54.0399 6440  TrkWks - ok
19:20:54.0459 6440  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:20:54.0459 6440  TrustedInstaller - ok
19:20:54.0489 6440  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:20:54.0489 6440  tssecsrv - ok
19:20:54.0529 6440  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:20:54.0529 6440  TsUsbFlt - ok
19:20:54.0600 6440  [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:20:54.0600 6440  TsUsbGD - ok
19:20:54.0650 6440  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:20:54.0650 6440  tunnel - ok
19:20:54.0670 6440  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:20:54.0680 6440  uagp35 - ok
19:20:54.0710 6440  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:20:54.0710 6440  udfs - ok
19:20:54.0780 6440  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:20:54.0790 6440  UI0Detect - ok
19:20:54.0830 6440  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:20:54.0830 6440  uliagpkx - ok
19:20:54.0850 6440  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:20:54.0850 6440  umbus - ok
19:20:54.0900 6440  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:20:54.0900 6440  UmPass - ok
19:20:55.0040 6440  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:20:55.0040 6440  UNS - ok
19:20:55.0080 6440  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:20:55.0090 6440  upnphost - ok
19:20:55.0140 6440  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:20:55.0140 6440  usbaudio - ok
19:20:55.0170 6440  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:20:55.0170 6440  usbccgp - ok
19:20:55.0200 6440  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:20:55.0200 6440  usbcir - ok
19:20:55.0220 6440  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:20:55.0220 6440  usbehci - ok
19:20:55.0260 6440  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:20:55.0260 6440  usbhub - ok
19:20:55.0300 6440  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:20:55.0300 6440  usbohci - ok
19:20:55.0370 6440  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:20:55.0380 6440  usbprint - ok
19:20:55.0410 6440  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:20:55.0410 6440  usbscan - ok
19:20:55.0430 6440  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:20:55.0430 6440  USBSTOR - ok
19:20:55.0470 6440  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:20:55.0470 6440  usbuhci - ok
19:20:55.0510 6440  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
19:20:55.0510 6440  usbvideo - ok
19:20:55.0580 6440  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:20:55.0580 6440  UxSms - ok
19:20:55.0610 6440  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:20:55.0610 6440  VaultSvc - ok
19:20:55.0630 6440  vcuunjqf - ok
19:20:55.0650 6440  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:20:55.0650 6440  vdrvroot - ok
19:20:55.0670 6440  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:20:55.0680 6440  vds - ok
19:20:55.0710 6440  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:20:55.0710 6440  vga - ok
19:20:55.0710 6440  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:20:55.0720 6440  VgaSave - ok
19:20:55.0750 6440  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:20:55.0750 6440  vhdmp - ok
19:20:55.0890 6440  [ 3826718E3B26643470094C414AA762CA ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:20:55.0910 6440  VIAHdAudAddService - ok
19:20:55.0940 6440  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:20:55.0940 6440  viaide - ok
19:20:56.0020 6440  [ A83A9731D98F7ACEC581AF9DDD57FE10 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:20:56.0020 6440  VIAKaraokeService - ok
19:20:56.0050 6440  vmci - ok
19:20:56.0060 6440  VMnetAdapter - ok
19:20:56.0090 6440  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:20:56.0100 6440  volmgr - ok
19:20:56.0120 6440  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:20:56.0120 6440  volmgrx - ok
19:20:56.0170 6440  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:20:56.0170 6440  volsnap - ok
19:20:56.0250 6440  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:20:56.0260 6440  vsmraid - ok
19:20:56.0310 6440  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:20:56.0330 6440  VSS - ok
19:20:56.0390 6440  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:20:56.0390 6440  vwifibus - ok
19:20:56.0400 6440  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:20:56.0400 6440  vwififlt - ok
19:20:56.0440 6440  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:20:56.0450 6440  W32Time - ok
19:20:56.0560 6440  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
19:20:56.0570 6440  W3SVC - ok
19:20:56.0640 6440  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:20:56.0640 6440  WacomPen - ok
19:20:56.0690 6440  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:20:56.0690 6440  WANARP - ok
19:20:56.0690 6440  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:20:56.0690 6440  Wanarpv6 - ok
19:20:56.0750 6440  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
19:20:56.0760 6440  WAS - ok
19:20:56.0880 6440  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
19:20:56.0900 6440  WatAdminSvc - ok
19:20:56.0960 6440  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:20:56.0980 6440  wbengine - ok
19:20:57.0030 6440  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:20:57.0040 6440  WbioSrvc - ok
19:20:57.0190 6440  [ 8F105ADE434064ADFBBFBE198513B84F ] WCMVCAM         C:\Windows\system32\DRIVERS\wcmvcam64.sys
19:20:57.0200 6440  WCMVCAM - ok
19:20:57.0260 6440  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:20:57.0340 6440  wcncsvc - ok
19:20:57.0350 6440  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:20:57.0350 6440  WcsPlugInService - ok
19:20:57.0370 6440  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:20:57.0370 6440  Wd - ok
19:20:57.0410 6440  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:20:57.0420 6440  Wdf01000 - ok
19:20:57.0440 6440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:20:57.0440 6440  WdiServiceHost - ok
19:20:57.0450 6440  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:20:57.0450 6440  WdiSystemHost - ok
19:20:57.0510 6440  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:20:57.0520 6440  WebClient - ok
19:20:57.0540 6440  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:20:57.0540 6440  Wecsvc - ok
19:20:57.0550 6440  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:20:57.0560 6440  wercplsupport - ok
19:20:57.0590 6440  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:20:57.0590 6440  WerSvc - ok
19:20:57.0620 6440  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:20:57.0620 6440  WfpLwf - ok
19:20:57.0710 6440  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:20:57.0710 6440  WimFltr - ok
19:20:57.0740 6440  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:20:57.0740 6440  WIMMount - ok
19:20:57.0760 6440  WinDefend - ok
19:20:57.0770 6440  WinHttpAutoProxySvc - ok
19:20:57.0890 6440  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:20:57.0890 6440  Winmgmt - ok
19:20:57.0950 6440  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:20:57.0980 6440  WinRM - ok
19:20:58.0070 6440  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
19:20:58.0070 6440  WinUsb - ok
19:20:58.0110 6440  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:20:58.0130 6440  Wlansvc - ok
19:20:58.0290 6440  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:20:58.0330 6440  wlidsvc - ok
19:20:58.0370 6440  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
19:20:58.0370 6440  WmiAcpi - ok
19:20:58.0410 6440  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:20:58.0420 6440  wmiApSrv - ok
19:20:58.0470 6440  WMPNetworkSvc - ok
19:20:58.0620 6440  [ 722662D798C82859D52BDAEAB391C821 ] wolf            C:\AeriaGames\Wolfteam\avital\wolf64.sys
19:20:58.0620 6440  wolf - ok
19:20:58.0670 6440  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:20:58.0680 6440  WPCSvc - ok
19:20:58.0720 6440  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:20:58.0720 6440  WPDBusEnum - ok
19:20:58.0750 6440  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:20:58.0750 6440  ws2ifsl - ok
19:20:58.0760 6440  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:20:58.0760 6440  wscsvc - ok
19:20:58.0770 6440  WSearch - ok
19:20:58.0840 6440  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:20:58.0870 6440  wuauserv - ok
19:20:58.0910 6440  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:20:58.0920 6440  WudfPf - ok
19:20:58.0960 6440  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:20:58.0960 6440  WUDFRd - ok
19:20:59.0030 6440  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:20:59.0030 6440  wudfsvc - ok
19:20:59.0070 6440  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:20:59.0080 6440  WwanSvc - ok
19:20:59.0150 6440  X6va009 - ok
19:20:59.0190 6440  X6va011 - ok
19:20:59.0210 6440  X6va012 - ok
19:20:59.0260 6440  [ D83C2FF7EA53E66B8EA7901D710494EA ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:20:59.0260 6440  ZAtheros Bt&Wlan Coex Agent - ok
19:20:59.0270 6440  ================ Scan global ===============================
19:20:59.0300 6440  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:20:59.0330 6440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:20:59.0340 6440  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:20:59.0410 6440  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:20:59.0430 6440  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:20:59.0440 6440  [Global] - ok
19:20:59.0440 6440  ================ Scan MBR ==================================
19:20:59.0460 6440  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:20:59.0610 6440  \Device\Harddisk0\DR0 - ok
19:20:59.0610 6440  ================ Scan VBR ==================================
19:20:59.0640 6440  [ CD4D50ECFD3B8BB87BB6035CE07AC7A9 ] \Device\Harddisk0\DR0\Partition1
19:20:59.0650 6440  \Device\Harddisk0\DR0\Partition1 - ok
19:20:59.0660 6440  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
19:20:59.0660 6440  \Device\Harddisk0\DR0\Partition2 - ok
19:20:59.0670 6440  [ 8B7B6EC028C396D3D022ECC6BDD93861 ] \Device\Harddisk0\DR0\Partition3
19:20:59.0680 6440  \Device\Harddisk0\DR0\Partition3 - ok
19:20:59.0710 6440  [ C94C08CE3194C1751AC1FE7EB1EE1736 ] \Device\Harddisk0\DR0\Partition4
19:20:59.0720 6440  \Device\Harddisk0\DR0\Partition4 - ok
19:20:59.0720 6440  ============================================================
19:20:59.0720 6440  Scan finished
19:20:59.0720 6440  ============================================================
19:20:59.0730 1648  Detected object count: 0
19:20:59.0730 1648  Actual detected object count: 0
19:21:50.0666 2616  Deinitialize success
 



# AdwCleaner v2.306 - Logfile created 08/07/2013 at 19:23:55
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JamesGamm - JAMESGAMM-PC
# Boot Mode : Normal
# Running from : C:\Users\JamesGamm\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\ask.xml
File Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\searchplugins\Askcom.xml
File Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\searchplugins\Conduit.xml
File Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\searchplugins\EasyLife.xml
File Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\searchplugins\Searchab.xml
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Coupon Companion
Folder Deleted : C:\Program Files (x86)\EasyLife
Folder Deleted : C:\Program Files (x86)\Zoomex
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saafE  ssaVVe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SearchNewTab
Folder Deleted : C:\ProgramData\saafE  ssaVVe
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\ProgramData\Zoomex
Folder Deleted : C:\Users\JamesGamm\AppData\Local\APN
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Conduit
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Coupon Companion
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aadgccheeflmkoclmefdjojodpghpcjh
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjcmmciajgfondoidmpaccblgjmbcagd
Folder Deleted : C:\Users\JamesGamm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkealaondnknodbalikpajoipfmaipjn
Folder Deleted : C:\Users\JamesGamm\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\JamesGamm\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\CT3220468
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\extensions\50e8d3fbe5ae6@50e8d3fbe5b1f.com
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\extensions\crossriderapp4493@crossrider.com
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\extensions\svqeu@lfopoaeuyue.edu
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\extensions\u.ooo@ktfw-b.org
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\Smartbar
Folder Deleted : C:\Users\JamesGamm\AppData\Roaming\SendSpace

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\safesa~1\sprote~1.dll
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF5C07A0-5DE6-272E-E519-9DD16E5FDD31}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF5C07A0-5DE6-272E-E519-9DD16E5FDD31}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033443393}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CF5C07A0-5DE6-272E-E519-9DD16E5FDD31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF5C07A0-5DE6-272E-E519-9DD16E5FDD31}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447793}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/03&hid=2367044686&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/03&hid=2367044686&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\JamesGamm\AppData\Roaming\Mozilla\Firefox\Profiles\ojvi41hn.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1350350349,\"uuid\":73096892980556,\"seq_id\":1,\"ssb[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Deleted : user_pref("CT3220468.RevertSettingsEnabled", false);
Deleted : user_pref("CT3220468.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3220468.UserID", "UN49821147622187534");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime.enc", "TW9uIE9jdCAxNSAyMDEyIDE4OjE5OjAxIEdNVC0wNzAwIChQYWNpZmljIERh[...]
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.homepageuserchanged", true);
Deleted : user_pref("CT3220468.installId", "fft177D.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3220468.isNewTabEnabled", false);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.keyword", true);
Deleted : user_pref("CT3220468.lastVersion", "10.15.0.562");
Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NDMyNjc5NzU0Mw==");
Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3220468.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5Iiw[...]
Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");
Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NDMyNjc5NzQzNA==");
Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3220468.mam_gk_userId.enc", "MzkxZmQ1MjEtMzg2Yi00Yjk0LWJkYWYtMWQ0ZTNhNWEzNjJl");
Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.sendUsageEnabled", "false");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364326913853");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1364326913479");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364326913570");
Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1364321573530");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353370277618");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358638807394");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364321573867");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362434431083");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363294144656");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1364355715144");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364326913648");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1364326913867");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1364321573276");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364326913507");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1364361739418");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1364321573781");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Deleted : user_pref("CT3220468.smartbar.homepage", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.startPage", "userChanged");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "16-10-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "27-3-2013");
Deleted : user_pref("CT3220468.toolbarDisabled", "true");
Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Thu Mar 14 2013 14:54:27 GMT-0700 (Pacific Daylight T[...]
Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.ask.com/web?l=dis&o=APN10022&gct=kwd&[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"hxxp://www.gamerzneeds.net/forums/private.p[...]
Deleted : user_pref("browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/03&[...]
Deleted : user_pref("browser.search.order.1", "EasyLife");
Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Deleted : user_pref("extensions.50e8d3fbe5b92.scode", "if(window.self==window.top){var script=document.createE[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285[...]
Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/03&hid=2367044686[...]
Deleted : user_pref("smartbar.machineId", "EYNTQ590IFWOS6KYIFSM+JLAJLHP+X/YZA1BYIOCEM/981M6VRZDCKJOYTIZGZT0N9J[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "EasyLife");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=3[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=[...]
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v28.0.1500.95

File : C:\Users\JamesGamm\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [20690 octets] - [07/08/2013 19:23:55]

########## EOF - C:\AdwCleaner[S1].txt - [20751 octets] ##########
 



#9 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 09 August 2013 - 05:35 PM

http://pastebin.com/3UDcubUc

 

 

 

I couldn't post the whole Eset Log here so I uploaded it to pastebin..


Edited by JamesGamm, 09 August 2013 - 05:35 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 11 August 2013 - 07:31 PM

Hello sorry for the delay.. this is what took so long.' Win32/Ramnit.A virus '

I'm afraid I have very bad news.

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.


Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 12 August 2013 - 12:48 AM

I honestly do not know how to reinstall my Windows. I mean my windows 7 will it be unregistered?



#12 JamesGamm

JamesGamm
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:18 AM

Posted 12 August 2013 - 01:20 AM

Oh and thank you for taking your time and helping me out.



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 AM

Posted 12 August 2013 - 01:27 PM

Your welcome. if these don't help ask in WIN 7 the answer anything about it.
 

How to format a computer and Reinstall Windows 7

Windows 7 users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq, Toshiba, Gateway, Dell or other manufacturer built computer, you may not have an original CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. Please read Technology Advisory Recovery Media.

If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead. If you lost or misplaced your recovery disks, again you can contact and advise the manufacturer. In many cases they will send replacements as part of their support.

If you have made a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.) before your system was infected, then using it is another option. Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistent to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made. You will then have to reinstall all programs that you added afterwards. This includes all security updates and patches from Microsoft.

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos, music, videos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), dynamic link library (*.dll), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or by adding double file extensions and/or space(s) in the file's name to hide the real extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.If your computer will not boot properly, please refer to:If you need additional assistance with reformatting, partitioning or reinstalling the OS, you can start a new topic in the Operating Systems Subforums.

Edited by boopme, 12 August 2013 - 01:31 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users