Jump to content

Undeletable .exe file, please help.


Recommended Posts

I have been away from my computer for a period of time and it appears someone in my family has downloaded a file that I cannot delete. Avira has identified it as; ADWARE/InstallCore.Gen

The file is microsoft powerpoint 2010 setup.exe, as I said I cannot be sure when/where this was downloaded.

Although Malwarebytes did not detect anything wrong with the file I am sure its some sort of virus as everytime I delete it, it just re-appears on my desktop. I cannot run the file and have tried using fileassassin and lockhunter to delete it but I cannot open the file in these programmes as it requires admin permissions.

I have attached the required files if someone could please look at them, thanks!

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.9.2

Run by Sean at 18:52:07 on 2013-01-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8175.6362 [GMT 0:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll

uRun: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [spotify Web Helper] "C:\Users\Sean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

TCP: Interfaces\{31345E57-AD61-40FE-9188-29223D592EA8} : NameServer = 192.168.1.1,192.168.1.15

AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll

SSODL: WebCheck - <orphaned>

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll

x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-1-28 21104]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-1-28 27760]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-1-17 577824]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2011-12-19 43248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-1 283200]

R1 VirtDiskBus;3TB+ Unlock;C:\Windows\System32\drivers\VirtDiskBus64.sys [2012-1-28 66160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-3-9 203776]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-1-28 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-1-28 110032]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-1-28 98848]

R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-1-28 21992]

R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-1-26 148104]

R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-1-28 114688]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-1-28 115216]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-1-28 413800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-1-28 25640]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-1-28 30528]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-28 1255736]

.

=============== Created Last 30 ================

.

2013-01-11 18:45:01 -------- d-----w- C:\Program Files\LockHunter

2013-01-11 18:40:00 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

2013-01-11 18:16:56 -------- d-----w- C:\Users\Sean\AppData\Local\Programs

2013-01-09 02:25:45 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1502B8F7-AD4D-404C-A13D-94F47A4C1A4B}\offreg.dll

2013-01-06 16:57:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1502B8F7-AD4D-404C-A13D-94F47A4C1A4B}\mpengine.dll

2013-01-05 19:02:58 -------- d-----w- C:\Users\Sean\Green Street Hooligans (2005)

2013-01-01 19:03:31 -------- d-----w- C:\Users\Sean\The.Bourne.Legacy.2012.720p.BRRip.x264.AC3-JYK

2012-12-24 18:59:12 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-24 18:59:12 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-24 18:59:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-24 18:59:12 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

.

==================== Find3M ====================

.

2013-01-11 18:47:01 25640 ----a-w- C:\Windows\gdrv.sys

2013-01-08 22:43:35 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-08 22:43:35 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

.

============= FINISH: 18:52:27.00 ===============

attach.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Hello sean1604.

Going forward, do -NOT- attach logs. Always Copy all contents and Paste directly into main-body of reply box.

Use multiple replies if needed.

You must not have Tea Timer on while we hunt and try to make fixes. If you are not intimately familiar with Spybot's Tea Timer feature, leave it off. Otherwise it undoes any fixes we may do.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode

then select Advanced Mode

On the left hand side, slect Tools

Then click on the Resident icon in the list

Uncheck Resident TeaTimer and OK any prompts.

Now Logoff & Restart your computer fresh.

NEXT

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

◦Double click DeFogger to run the tool.

◦The application window will appear

◦Click the Disable button to disable your CD Emulation drivers.

◦Click Yes to continue

◦A 'Finished!' message will appear

◦Click OK

◦DeFogger will now ask to reboot the machine - click OK

◦IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

◦Do not re-enable these drivers until otherwise instructed.

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 6

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 8

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

post-118599-0-44508700-1358022593.jpg

Thought I would also post this picture of the file that keeps re-appearing, the icon for it has changed since I started this, it was just a basic windows icon and now its a picture.

Here are the logs you asked for and thanks for the help!

ADWCleaner log;

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 20:18:34

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Sean - SEAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Sean\Desktop\Virus Logs and Files\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit

Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\Sean\AppData\Local\Conduit

Folder Found : C:\Users\Sean\AppData\LocalLow\Conduit

Folder Found : C:\Users\Sean\AppData\LocalLow\wxDfast

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKU\S-1-5-21-3921608650-3821936656-1871749345-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\prefs.js

Found : user_pref("extensions.4fba2f0a1f1ed.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [2549 octets] - [12/01/2013 20:18:34]

########## EOF - C:\AdwCleaner[R1].txt - [2609 octets] ##########

TDSSKILLER Log;

20:19:40.0249 2752 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

20:19:42.0277 2752 ============================================================

20:19:42.0277 2752 Current date / time: 2013/01/12 20:19:42.0277

20:19:42.0277 2752 SystemInfo:

20:19:42.0277 2752

20:19:42.0277 2752 OS Version: 6.1.7601 ServicePack: 1.0

20:19:42.0277 2752 Product type: Workstation

20:19:42.0277 2752 ComputerName: SEAN-PC

20:19:42.0277 2752 UserName: Sean

20:19:42.0277 2752 Windows directory: C:\Windows

20:19:42.0277 2752 System windows directory: C:\Windows

20:19:42.0277 2752 Running under WOW64

20:19:42.0277 2752 Processor architecture: Intel x64

20:19:42.0277 2752 Number of processors: 4

20:19:42.0277 2752 Page size: 0x1000

20:19:42.0277 2752 Boot type: Normal boot

20:19:42.0277 2752 ============================================================

20:19:42.0527 2752 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:19:42.0527 2752 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

20:19:42.0542 2752 ============================================================

20:19:42.0542 2752 \Device\Harddisk0\DR0:

20:19:42.0542 2752 MBR partitions:

20:19:42.0542 2752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x494572B0

20:19:42.0542 2752 \Device\Harddisk1\DR1:

20:19:42.0542 2752 MBR partitions:

20:19:42.0542 2752 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:19:42.0542 2752 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000

20:19:42.0542 2752 ============================================================

20:19:42.0542 2752 C: <-> \Device\Harddisk1\DR1\Partition2

20:19:42.0558 2752 D: <-> \Device\Harddisk0\DR0\Partition1

20:19:42.0558 2752 ============================================================

20:19:42.0558 2752 Initialize success

20:19:42.0558 2752 ============================================================

20:19:48.0954 3580 ============================================================

20:19:48.0954 3580 Scan started

20:19:48.0954 3580 Mode: Manual;

20:19:48.0954 3580 ============================================================

20:19:49.0141 3580 ================ Scan system memory ========================

20:19:49.0141 3580 System memory - ok

20:19:49.0141 3580 ================ Scan services =============================

20:19:49.0172 3580 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

20:19:49.0172 3580 1394ohci - ok

20:19:49.0188 3580 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:19:49.0188 3580 ACPI - ok

20:19:49.0188 3580 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:19:49.0188 3580 AcpiPmi - ok

20:19:49.0203 3580 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:19:49.0203 3580 AdobeFlashPlayerUpdateSvc - ok

20:19:49.0219 3580 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

20:19:49.0219 3580 adp94xx - ok

20:19:49.0219 3580 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

20:19:49.0235 3580 adpahci - ok

20:19:49.0235 3580 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

20:19:49.0235 3580 adpu320 - ok

20:19:49.0235 3580 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:19:49.0235 3580 AeLookupSvc - ok

20:19:49.0235 3580 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

20:19:49.0250 3580 AFD - ok

20:19:49.0250 3580 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:19:49.0250 3580 agp440 - ok

20:19:49.0250 3580 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

20:19:49.0250 3580 ALG - ok

20:19:49.0250 3580 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

20:19:49.0250 3580 aliide - ok

20:19:49.0266 3580 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

20:19:49.0266 3580 AMD External Events Utility - ok

20:19:49.0266 3580 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

20:19:49.0266 3580 amdide - ok

20:19:49.0266 3580 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

20:19:49.0266 3580 AmdK8 - ok

20:19:49.0344 3580 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

20:19:49.0406 3580 amdkmdag - ok

20:19:49.0422 3580 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

20:19:49.0422 3580 amdkmdap - ok

20:19:49.0422 3580 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

20:19:49.0422 3580 AmdPPM - ok

20:19:49.0422 3580 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:19:49.0422 3580 amdsata - ok

20:19:49.0437 3580 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

20:19:49.0437 3580 amdsbs - ok

20:19:49.0437 3580 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:19:49.0437 3580 amdxata - ok

20:19:49.0437 3580 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

20:19:49.0437 3580 AntiVirSchedulerService - ok

20:19:49.0453 3580 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

20:19:49.0453 3580 AntiVirService - ok

20:19:49.0453 3580 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

20:19:49.0453 3580 AppID - ok

20:19:49.0453 3580 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:19:49.0453 3580 AppIDSvc - ok

20:19:49.0453 3580 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

20:19:49.0453 3580 Appinfo - ok

20:19:49.0453 3580 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys

20:19:49.0453 3580 AppleCharger - ok

20:19:49.0453 3580 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe

20:19:49.0469 3580 AppleChargerSrv - ok

20:19:49.0469 3580 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

20:19:49.0469 3580 arc - ok

20:19:49.0469 3580 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

20:19:49.0469 3580 arcsas - ok

20:19:49.0484 3580 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:19:49.0484 3580 aspnet_state - ok

20:19:49.0484 3580 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:19:49.0484 3580 AsyncMac - ok

20:19:49.0484 3580 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

20:19:49.0484 3580 atapi - ok

20:19:49.0484 3580 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

20:19:49.0484 3580 AtiHDAudioService - ok

20:19:49.0500 3580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:19:49.0500 3580 AudioEndpointBuilder - ok

20:19:49.0515 3580 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:19:49.0515 3580 AudioSrv - ok

20:19:49.0515 3580 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

20:19:49.0515 3580 avgntflt - ok

20:19:49.0515 3580 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

20:19:49.0515 3580 avipbb - ok

20:19:49.0515 3580 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

20:19:49.0531 3580 avkmgr - ok

20:19:49.0531 3580 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:19:49.0531 3580 AxInstSV - ok

20:19:49.0531 3580 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

20:19:49.0531 3580 b06bdrv - ok

20:19:49.0547 3580 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:19:49.0547 3580 b57nd60a - ok

20:19:49.0547 3580 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

20:19:49.0547 3580 BDESVC - ok

20:19:49.0547 3580 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

20:19:49.0547 3580 Beep - ok

20:19:49.0562 3580 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

20:19:49.0562 3580 BFE - ok

20:19:49.0578 3580 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

20:19:49.0578 3580 BITS - ok

20:19:49.0578 3580 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:19:49.0578 3580 blbdrive - ok

20:19:49.0593 3580 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:19:49.0593 3580 bowser - ok

20:19:49.0593 3580 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

20:19:49.0593 3580 BrFiltLo - ok

20:19:49.0593 3580 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

20:19:49.0593 3580 BrFiltUp - ok

20:19:49.0593 3580 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

20:19:49.0593 3580 Browser - ok

20:19:49.0609 3580 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:19:49.0609 3580 Brserid - ok

20:19:49.0609 3580 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:19:49.0609 3580 BrSerWdm - ok

20:19:49.0609 3580 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:19:49.0609 3580 BrUsbMdm - ok

20:19:49.0609 3580 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:19:49.0609 3580 BrUsbSer - ok

20:19:49.0609 3580 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

20:19:49.0625 3580 BTHMODEM - ok

20:19:49.0625 3580 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

20:19:49.0625 3580 bthserv - ok

20:19:49.0625 3580 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:19:49.0625 3580 cdfs - ok

20:19:49.0625 3580 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

20:19:49.0625 3580 cdrom - ok

20:19:49.0640 3580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

20:19:49.0640 3580 CertPropSvc - ok

20:19:49.0640 3580 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

20:19:49.0640 3580 circlass - ok

20:19:49.0640 3580 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

20:19:49.0640 3580 CLFS - ok

20:19:49.0656 3580 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:19:49.0656 3580 clr_optimization_v2.0.50727_32 - ok

20:19:49.0656 3580 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:19:49.0656 3580 clr_optimization_v2.0.50727_64 - ok

20:19:49.0671 3580 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:19:49.0671 3580 clr_optimization_v4.0.30319_32 - ok

20:19:49.0671 3580 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:19:49.0687 3580 clr_optimization_v4.0.30319_64 - ok

20:19:49.0687 3580 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

20:19:49.0687 3580 CmBatt - ok

20:19:49.0703 3580 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

20:19:49.0718 3580 cmdAgent - ok

20:19:49.0718 3580 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys

20:19:49.0734 3580 cmdGuard - ok

20:19:49.0734 3580 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys

20:19:49.0734 3580 cmdHlp - ok

20:19:49.0734 3580 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:19:49.0734 3580 cmdide - ok

20:19:49.0734 3580 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

20:19:49.0734 3580 CNG - ok

20:19:49.0749 3580 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

20:19:49.0749 3580 Compbatt - ok

20:19:49.0749 3580 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

20:19:49.0749 3580 CompositeBus - ok

20:19:49.0749 3580 COMSysApp - ok

20:19:49.0749 3580 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys

20:19:49.0749 3580 cpuz135 - ok

20:19:49.0749 3580 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

20:19:49.0749 3580 crcdisk - ok

20:19:49.0765 3580 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:19:49.0765 3580 CryptSvc - ok

20:19:49.0765 3580 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

20:19:49.0765 3580 dc3d - ok

20:19:49.0765 3580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:19:49.0781 3580 DcomLaunch - ok

20:19:49.0781 3580 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

20:19:49.0781 3580 defragsvc - ok

20:19:49.0781 3580 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:19:49.0781 3580 DfsC - ok

20:19:49.0796 3580 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

20:19:49.0796 3580 Dhcp - ok

20:19:49.0796 3580 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

20:19:49.0796 3580 discache - ok

20:19:49.0796 3580 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

20:19:49.0796 3580 Disk - ok

20:19:49.0796 3580 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:19:49.0812 3580 Dnscache - ok

20:19:49.0812 3580 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:19:49.0812 3580 dot3svc - ok

20:19:49.0812 3580 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

20:19:49.0812 3580 Dot4 - ok

20:19:49.0827 3580 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

20:19:49.0827 3580 Dot4Print - ok

20:19:49.0827 3580 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

20:19:49.0827 3580 dot4usb - ok

20:19:49.0827 3580 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

20:19:49.0827 3580 DPS - ok

20:19:49.0827 3580 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:19:49.0827 3580 drmkaud - ok

20:19:49.0827 3580 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

20:19:49.0843 3580 dtsoftbus01 - ok

20:19:49.0843 3580 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:19:49.0843 3580 DXGKrnl - ok

20:19:49.0859 3580 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

20:19:49.0859 3580 EapHost - ok

20:19:49.0874 3580 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

20:19:49.0905 3580 ebdrv - ok

20:19:49.0905 3580 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

20:19:49.0905 3580 EFS - ok

20:19:49.0921 3580 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:19:49.0921 3580 ehRecvr - ok

20:19:49.0921 3580 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

20:19:49.0937 3580 ehSched - ok

20:19:49.0937 3580 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

20:19:49.0937 3580 elxstor - ok

20:19:49.0937 3580 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:19:49.0937 3580 ErrDev - ok

20:19:49.0952 3580 [ 84486624268E078255BC7AA47F0960BC ] etdrv C:\Windows\etdrv.sys

20:19:49.0952 3580 etdrv - ok

20:19:49.0952 3580 EtronHub3 - ok

20:19:49.0952 3580 EtronXHCI - ok

20:19:49.0952 3580 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

20:19:49.0952 3580 EventSystem - ok

20:19:49.0968 3580 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

20:19:49.0968 3580 exfat - ok

20:19:49.0968 3580 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:19:49.0968 3580 fastfat - ok

20:19:49.0983 3580 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

20:19:49.0983 3580 Fax - ok

20:19:49.0983 3580 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

20:19:49.0983 3580 fdc - ok

20:19:49.0983 3580 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

20:19:49.0983 3580 fdPHost - ok

20:19:49.0999 3580 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

20:19:49.0999 3580 FDResPub - ok

20:19:49.0999 3580 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:19:49.0999 3580 FileInfo - ok

20:19:49.0999 3580 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:19:49.0999 3580 Filetrace - ok

20:19:49.0999 3580 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

20:19:49.0999 3580 flpydisk - ok

20:19:49.0999 3580 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:19:50.0015 3580 FltMgr - ok

20:19:50.0015 3580 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

20:19:50.0030 3580 FontCache - ok

20:19:50.0030 3580 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:19:50.0030 3580 FontCache3.0.0.0 - ok

20:19:50.0030 3580 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:19:50.0030 3580 FsDepends - ok

20:19:50.0030 3580 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:19:50.0030 3580 Fs_Rec - ok

20:19:50.0046 3580 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:19:50.0046 3580 fvevol - ok

20:19:50.0046 3580 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

20:19:50.0046 3580 gagp30kx - ok

20:19:50.0046 3580 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys

20:19:50.0046 3580 gdrv - ok

20:19:50.0061 3580 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

20:19:50.0061 3580 gpsvc - ok

20:19:50.0061 3580 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys

20:19:50.0061 3580 GVTDrv64 - ok

20:19:50.0061 3580 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:19:50.0061 3580 hcw85cir - ok

20:19:50.0077 3580 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:19:50.0077 3580 HdAudAddService - ok

20:19:50.0077 3580 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:19:50.0077 3580 HDAudBus - ok

20:19:50.0077 3580 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

20:19:50.0077 3580 HidBatt - ok

20:19:50.0093 3580 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

20:19:50.0093 3580 HidBth - ok

20:19:50.0093 3580 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

20:19:50.0093 3580 HidIr - ok

20:19:50.0093 3580 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

20:19:50.0093 3580 hidserv - ok

20:19:50.0093 3580 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:19:50.0093 3580 HidUsb - ok

20:19:50.0093 3580 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:19:50.0093 3580 hkmsvc - ok

20:19:50.0108 3580 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:19:50.0108 3580 HomeGroupListener - ok

20:19:50.0108 3580 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:19:50.0108 3580 HomeGroupProvider - ok

20:19:50.0108 3580 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:19:50.0108 3580 HpSAMD - ok

20:19:50.0124 3580 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

20:19:50.0139 3580 HPSLPSVC - ok

20:19:50.0139 3580 [ A60C877E1CD3AA2E4E5CCD8AF305C0F1 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys

20:19:50.0139 3580 HssDrv - ok

20:19:50.0139 3580 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe

20:19:50.0139 3580 HssSrv - ok

20:19:50.0139 3580 HssWd - ok

20:19:50.0155 3580 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:19:50.0155 3580 HTTP - ok

20:19:50.0171 3580 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:19:50.0171 3580 hwpolicy - ok

20:19:50.0171 3580 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:19:50.0171 3580 i8042prt - ok

20:19:50.0171 3580 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:19:50.0171 3580 iaStorV - ok

20:19:50.0186 3580 [ C3FAB09DEF3FC44E4C20078A1E7C0808 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys

20:19:50.0186 3580 IDMWFP - ok

20:19:50.0186 3580 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:19:50.0186 3580 IDriverT - ok

20:19:50.0202 3580 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:19:50.0202 3580 idsvc - ok

20:19:50.0202 3580 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

20:19:50.0202 3580 iirsp - ok

20:19:50.0217 3580 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

20:19:50.0217 3580 IKEEXT - ok

20:19:50.0233 3580 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys

20:19:50.0233 3580 inspect - ok

20:19:50.0249 3580 [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

20:19:50.0264 3580 IntcAzAudAddService - ok

20:19:50.0264 3580 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

20:19:50.0264 3580 intelide - ok

20:19:50.0264 3580 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:19:50.0264 3580 intelppm - ok

20:19:50.0264 3580 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:19:50.0264 3580 IPBusEnum - ok

20:19:50.0280 3580 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:19:50.0280 3580 IpFilterDriver - ok

20:19:50.0280 3580 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:19:50.0280 3580 iphlpsvc - ok

20:19:50.0295 3580 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:19:50.0295 3580 IPMIDRV - ok

20:19:50.0295 3580 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:19:50.0295 3580 IPNAT - ok

20:19:50.0295 3580 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:19:50.0295 3580 IRENUM - ok

20:19:50.0295 3580 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:19:50.0295 3580 isapnp - ok

20:19:50.0295 3580 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:19:50.0311 3580 iScsiPrt - ok

20:19:50.0311 3580 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

20:19:50.0311 3580 kbdclass - ok

20:19:50.0311 3580 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

20:19:50.0311 3580 kbdhid - ok

20:19:50.0311 3580 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

20:19:50.0311 3580 KeyIso - ok

20:19:50.0311 3580 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:19:50.0311 3580 KSecDD - ok

20:19:50.0327 3580 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:19:50.0327 3580 KSecPkg - ok

20:19:50.0327 3580 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:19:50.0327 3580 ksthunk - ok

20:19:50.0327 3580 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

20:19:50.0342 3580 KtmRm - ok

20:19:50.0342 3580 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

20:19:50.0342 3580 LanmanServer - ok

20:19:50.0342 3580 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:19:50.0342 3580 LanmanWorkstation - ok

20:19:50.0358 3580 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:19:50.0358 3580 lltdio - ok

20:19:50.0358 3580 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:19:50.0358 3580 lltdsvc - ok

20:19:50.0358 3580 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:19:50.0358 3580 lmhosts - ok

20:19:50.0373 3580 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

20:19:50.0373 3580 LSI_FC - ok

20:19:50.0373 3580 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

20:19:50.0373 3580 LSI_SAS - ok

20:19:50.0373 3580 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

20:19:50.0373 3580 LSI_SAS2 - ok

20:19:50.0389 3580 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

20:19:50.0389 3580 LSI_SCSI - ok

20:19:50.0389 3580 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

20:19:50.0389 3580 luafv - ok

20:19:50.0389 3580 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:19:50.0389 3580 Mcx2Svc - ok

20:19:50.0389 3580 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

20:19:50.0389 3580 megasas - ok

20:19:50.0405 3580 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

20:19:50.0405 3580 MegaSR - ok

20:19:50.0405 3580 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

20:19:50.0405 3580 MEIx64 - ok

20:19:50.0405 3580 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

20:19:50.0405 3580 MMCSS - ok

20:19:50.0405 3580 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

20:19:50.0420 3580 Modem - ok

20:19:50.0420 3580 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:19:50.0420 3580 monitor - ok

20:19:50.0420 3580 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:19:50.0420 3580 mouclass - ok

20:19:50.0420 3580 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:19:50.0420 3580 mouhid - ok

20:19:50.0420 3580 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:19:50.0420 3580 mountmgr - ok

20:19:50.0420 3580 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:19:50.0436 3580 MozillaMaintenance - ok

20:19:50.0436 3580 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

20:19:50.0436 3580 mpio - ok

20:19:50.0436 3580 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:19:50.0436 3580 mpsdrv - ok

20:19:50.0451 3580 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:19:50.0451 3580 MpsSvc - ok

20:19:50.0451 3580 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:19:50.0451 3580 MRxDAV - ok

20:19:50.0467 3580 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:19:50.0467 3580 mrxsmb - ok

20:19:50.0467 3580 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:19:50.0467 3580 mrxsmb10 - ok

20:19:50.0467 3580 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:19:50.0467 3580 mrxsmb20 - ok

20:19:50.0483 3580 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

20:19:50.0483 3580 msahci - ok

20:19:50.0483 3580 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:19:50.0483 3580 msdsm - ok

20:19:50.0483 3580 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

20:19:50.0483 3580 MSDTC - ok

20:19:50.0483 3580 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:19:50.0483 3580 Msfs - ok

20:19:50.0498 3580 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:19:50.0498 3580 mshidkmdf - ok

20:19:50.0498 3580 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:19:50.0498 3580 msisadrv - ok

20:19:50.0498 3580 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:19:50.0498 3580 MSiSCSI - ok

20:19:50.0498 3580 msiserver - ok

20:19:50.0498 3580 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:19:50.0498 3580 MSKSSRV - ok

20:19:50.0498 3580 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:19:50.0514 3580 MSPCLOCK - ok

20:19:50.0514 3580 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:19:50.0514 3580 MSPQM - ok

20:19:50.0514 3580 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:19:50.0514 3580 MsRPC - ok

20:19:50.0514 3580 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

20:19:50.0514 3580 mssmbios - ok

20:19:50.0514 3580 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:19:50.0529 3580 MSTEE - ok

20:19:50.0529 3580 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

20:19:50.0529 3580 MTConfig - ok

20:19:50.0529 3580 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

20:19:50.0529 3580 Mup - ok

20:19:50.0529 3580 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

20:19:50.0529 3580 napagent - ok

20:19:50.0545 3580 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:19:50.0545 3580 NativeWifiP - ok

20:19:50.0561 3580 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

20:19:50.0561 3580 NDIS - ok

20:19:50.0561 3580 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:19:50.0561 3580 NdisCap - ok

20:19:50.0561 3580 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:19:50.0561 3580 NdisTapi - ok

20:19:50.0576 3580 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:19:50.0576 3580 Ndisuio - ok

20:19:50.0576 3580 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:19:50.0576 3580 NdisWan - ok

20:19:50.0576 3580 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:19:50.0576 3580 NDProxy - ok

20:19:50.0576 3580 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

20:19:50.0576 3580 Net Driver HPZ12 - ok

20:19:50.0576 3580 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:19:50.0592 3580 NetBIOS - ok

20:19:50.0592 3580 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:19:50.0592 3580 NetBT - ok

20:19:50.0592 3580 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

20:19:50.0592 3580 Netlogon - ok

20:19:50.0592 3580 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

20:19:50.0607 3580 Netman - ok

20:19:50.0607 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:19:50.0607 3580 NetMsmqActivator - ok

20:19:50.0607 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:19:50.0607 3580 NetPipeActivator - ok

20:19:50.0623 3580 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

20:19:50.0623 3580 netprofm - ok

20:19:50.0623 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:19:50.0623 3580 NetTcpActivator - ok

20:19:50.0623 3580 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:19:50.0623 3580 NetTcpPortSharing - ok

20:19:50.0623 3580 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

20:19:50.0623 3580 nfrd960 - ok

20:19:50.0639 3580 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:19:50.0639 3580 NlaSvc - ok

20:19:50.0639 3580 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:19:50.0639 3580 Npfs - ok

20:19:50.0639 3580 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

20:19:50.0639 3580 nsi - ok

20:19:50.0639 3580 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:19:50.0639 3580 nsiproxy - ok

20:19:50.0654 3580 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:19:50.0670 3580 Ntfs - ok

20:19:50.0685 3580 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

20:19:50.0685 3580 NuidFltr - ok

20:19:50.0685 3580 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

20:19:50.0685 3580 Null - ok

20:19:50.0685 3580 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:19:50.0685 3580 nvraid - ok

20:19:50.0685 3580 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:19:50.0685 3580 nvstor - ok

20:19:50.0701 3580 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:19:50.0701 3580 nv_agp - ok

20:19:50.0701 3580 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:19:50.0701 3580 odserv - ok

20:19:50.0717 3580 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:19:50.0717 3580 ohci1394 - ok

20:19:50.0717 3580 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:19:50.0717 3580 ose - ok

20:19:50.0717 3580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:19:50.0717 3580 p2pimsvc - ok

20:19:50.0732 3580 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

20:19:50.0732 3580 p2psvc - ok

20:19:50.0732 3580 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

20:19:50.0732 3580 Parport - ok

20:19:50.0748 3580 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:19:50.0748 3580 partmgr - ok

20:19:50.0748 3580 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:19:50.0748 3580 PcaSvc - ok

20:19:50.0748 3580 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

20:19:50.0748 3580 pci - ok

20:19:50.0748 3580 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

20:19:50.0748 3580 pciide - ok

20:19:50.0763 3580 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

20:19:50.0763 3580 pcmcia - ok

20:19:50.0763 3580 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

20:19:50.0763 3580 pcw - ok

20:19:50.0763 3580 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:19:50.0779 3580 PEAUTH - ok

20:19:50.0795 3580 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:19:50.0795 3580 PerfHost - ok

20:19:50.0810 3580 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

20:19:50.0826 3580 pla - ok

20:19:50.0826 3580 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:19:50.0826 3580 PlugPlay - ok

20:19:50.0841 3580 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

20:19:50.0841 3580 Pml Driver HPZ12 - ok

20:19:50.0841 3580 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:19:50.0841 3580 PNRPAutoReg - ok

20:19:50.0841 3580 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:19:50.0841 3580 PNRPsvc - ok

20:19:50.0841 3580 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

20:19:50.0841 3580 Point64 - ok

20:19:50.0857 3580 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:19:50.0857 3580 PolicyAgent - ok

20:19:50.0857 3580 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

20:19:50.0873 3580 Power - ok

20:19:50.0873 3580 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:19:50.0873 3580 PptpMiniport - ok

20:19:50.0873 3580 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

20:19:50.0873 3580 Processor - ok

20:19:50.0873 3580 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

20:19:50.0873 3580 ProfSvc - ok

20:19:50.0888 3580 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:19:50.0888 3580 ProtectedStorage - ok

20:19:50.0888 3580 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:19:50.0888 3580 Psched - ok

20:19:50.0904 3580 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

20:19:50.0919 3580 ql2300 - ok

20:19:50.0919 3580 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

20:19:50.0919 3580 ql40xx - ok

20:19:50.0919 3580 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

20:19:50.0919 3580 QWAVE - ok

20:19:50.0919 3580 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:19:50.0935 3580 QWAVEdrv - ok

20:19:50.0935 3580 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:19:50.0935 3580 RasAcd - ok

20:19:50.0935 3580 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:19:50.0935 3580 RasAgileVpn - ok

20:19:50.0935 3580 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

20:19:50.0935 3580 RasAuto - ok

20:19:50.0935 3580 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:19:50.0935 3580 Rasl2tp - ok

20:19:50.0951 3580 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

20:19:50.0951 3580 RasMan - ok

20:19:50.0951 3580 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:19:50.0951 3580 RasPppoe - ok

20:19:50.0951 3580 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:19:50.0951 3580 RasSstp - ok

20:19:50.0966 3580 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:19:50.0966 3580 rdbss - ok

20:19:50.0966 3580 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

20:19:50.0966 3580 rdpbus - ok

20:19:50.0966 3580 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:19:50.0966 3580 RDPCDD - ok

20:19:50.0966 3580 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:19:50.0966 3580 RDPENCDD - ok

20:19:50.0982 3580 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:19:50.0982 3580 RDPREFMP - ok

20:19:50.0982 3580 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:19:50.0982 3580 RDPWD - ok

20:19:50.0982 3580 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:19:50.0982 3580 rdyboost - ok

20:19:50.0997 3580 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:19:50.0997 3580 RemoteAccess - ok

20:19:50.0997 3580 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:19:50.0997 3580 RemoteRegistry - ok

20:19:50.0997 3580 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:19:50.0997 3580 RpcEptMapper - ok

20:19:50.0997 3580 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

20:19:50.0997 3580 RpcLocator - ok

20:19:51.0013 3580 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

20:19:51.0013 3580 RpcSs - ok

20:19:51.0013 3580 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:19:51.0013 3580 rspndr - ok

20:19:51.0029 3580 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

20:19:51.0029 3580 RTL8167 - ok

20:19:51.0029 3580 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

20:19:51.0029 3580 SamSs - ok

20:19:51.0029 3580 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:19:51.0029 3580 sbp2port - ok

20:19:51.0029 3580 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:19:51.0044 3580 SCardSvr - ok

20:19:51.0044 3580 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:19:51.0044 3580 scfilter - ok

20:19:51.0044 3580 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

20:19:51.0060 3580 Schedule - ok

20:19:51.0060 3580 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

20:19:51.0060 3580 SCPolicySvc - ok

20:19:51.0060 3580 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:19:51.0075 3580 SDRSVC - ok

20:19:51.0075 3580 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:19:51.0075 3580 secdrv - ok

20:19:51.0075 3580 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

20:19:51.0075 3580 seclogon - ok

20:19:51.0075 3580 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

20:19:51.0075 3580 SENS - ok

20:19:51.0075 3580 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:19:51.0075 3580 SensrSvc - ok

20:19:51.0091 3580 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:19:51.0091 3580 Serenum - ok

20:19:51.0091 3580 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:19:51.0091 3580 Serial - ok

20:19:51.0091 3580 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

20:19:51.0091 3580 sermouse - ok

20:19:51.0091 3580 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

20:19:51.0107 3580 SessionEnv - ok

20:19:51.0107 3580 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:19:51.0107 3580 sffdisk - ok

20:19:51.0107 3580 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:19:51.0107 3580 sffp_mmc - ok

20:19:51.0107 3580 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:19:51.0107 3580 sffp_sd - ok

20:19:51.0107 3580 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

20:19:51.0107 3580 sfloppy - ok

20:19:51.0122 3580 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:19:51.0122 3580 SharedAccess - ok

20:19:51.0122 3580 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:19:51.0122 3580 ShellHWDetection - ok

20:19:51.0122 3580 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

20:19:51.0138 3580 SiSRaid2 - ok

20:19:51.0138 3580 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

20:19:51.0138 3580 SiSRaid4 - ok

20:19:51.0138 3580 [ 101556F6216E97F1258D87C38203695F ] Smart TimeLock C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

20:19:51.0138 3580 Smart TimeLock - ok

20:19:51.0138 3580 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:19:51.0138 3580 Smb - ok

20:19:51.0153 3580 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:19:51.0153 3580 SNMPTRAP - ok

20:19:51.0153 3580 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

20:19:51.0153 3580 spldr - ok

20:19:51.0153 3580 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

20:19:51.0153 3580 Spooler - ok

20:19:51.0185 3580 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

20:19:51.0200 3580 sppsvc - ok

20:19:51.0200 3580 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:19:51.0216 3580 sppuinotify - ok

20:19:51.0216 3580 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

20:19:51.0216 3580 srv - ok

20:19:51.0216 3580 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:19:51.0231 3580 srv2 - ok

20:19:51.0231 3580 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:19:51.0231 3580 srvnet - ok

20:19:51.0231 3580 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:19:51.0231 3580 SSDPSRV - ok

20:19:51.0247 3580 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:19:51.0247 3580 SstpSvc - ok

20:19:51.0247 3580 Steam Client Service - ok

20:19:51.0247 3580 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

20:19:51.0247 3580 stexstor - ok

20:19:51.0247 3580 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

20:19:51.0263 3580 stisvc - ok

20:19:51.0263 3580 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

20:19:51.0263 3580 swenum - ok

20:19:51.0263 3580 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

20:19:51.0278 3580 swprv - ok

20:19:51.0294 3580 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

20:19:51.0309 3580 SysMain - ok

20:19:51.0309 3580 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:19:51.0309 3580 TabletInputService - ok

20:19:51.0309 3580 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:19:51.0309 3580 TapiSrv - ok

20:19:51.0325 3580 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

20:19:51.0325 3580 TBS - ok

20:19:51.0341 3580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:19:51.0356 3580 Tcpip - ok

20:19:51.0372 3580 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:19:51.0372 3580 TCPIP6 - ok

20:19:51.0387 3580 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:19:51.0387 3580 tcpipreg - ok

20:19:51.0387 3580 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:19:51.0387 3580 TDPIPE - ok

20:19:51.0387 3580 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:19:51.0387 3580 TDTCP - ok

20:19:51.0387 3580 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:19:51.0387 3580 tdx - ok

20:19:51.0387 3580 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

20:19:51.0387 3580 TermDD - ok

20:19:51.0403 3580 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

20:19:51.0403 3580 TermService - ok

20:19:51.0419 3580 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

20:19:51.0419 3580 Themes - ok

20:19:51.0419 3580 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

20:19:51.0419 3580 THREADORDER - ok

20:19:51.0419 3580 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

20:19:51.0419 3580 TrkWks - ok

20:19:51.0419 3580 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys

20:19:51.0419 3580 truecrypt - ok

20:19:51.0434 3580 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:19:51.0434 3580 TrustedInstaller - ok

20:19:51.0434 3580 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:19:51.0434 3580 tssecsrv - ok

20:19:51.0434 3580 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:19:51.0434 3580 TsUsbFlt - ok

20:19:51.0434 3580 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

20:19:51.0434 3580 TsUsbGD - ok

20:19:51.0450 3580 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:19:51.0450 3580 tunnel - ok

20:19:51.0450 3580 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

20:19:51.0450 3580 uagp35 - ok

20:19:51.0450 3580 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:19:51.0450 3580 udfs - ok

20:19:51.0465 3580 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:19:51.0465 3580 UI0Detect - ok

20:19:51.0465 3580 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:19:51.0465 3580 uliagpkx - ok

20:19:51.0465 3580 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

20:19:51.0465 3580 umbus - ok

20:19:51.0465 3580 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

20:19:51.0465 3580 UmPass - ok

20:19:51.0481 3580 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

20:19:51.0481 3580 upnphost - ok

20:19:51.0481 3580 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

20:19:51.0481 3580 usbaudio - ok

20:19:51.0481 3580 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:19:51.0497 3580 usbccgp - ok

20:19:51.0497 3580 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:19:51.0497 3580 usbcir - ok

20:19:51.0497 3580 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

20:19:51.0497 3580 usbehci - ok

20:19:51.0497 3580 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:19:51.0512 3580 usbhub - ok

20:19:51.0512 3580 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:19:51.0512 3580 usbohci - ok

20:19:51.0512 3580 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:19:51.0512 3580 usbprint - ok

20:19:51.0512 3580 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:19:51.0512 3580 usbscan - ok

20:19:51.0512 3580 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:19:51.0512 3580 USBSTOR - ok

20:19:51.0528 3580 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

20:19:51.0528 3580 usbuhci - ok

20:19:51.0528 3580 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

20:19:51.0528 3580 UxSms - ok

20:19:51.0528 3580 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

20:19:51.0528 3580 VaultSvc - ok

20:19:51.0528 3580 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:19:51.0528 3580 vdrvroot - ok

20:19:51.0543 3580 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

20:19:51.0543 3580 vds - ok

20:19:51.0543 3580 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:19:51.0543 3580 vga - ok

20:19:51.0543 3580 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

20:19:51.0543 3580 VgaSave - ok

20:19:51.0543 3580 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:19:51.0559 3580 vhdmp - ok

20:19:51.0559 3580 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

20:19:51.0559 3580 viaide - ok

20:19:51.0559 3580 [ FF7C6E015AA32FC6BE0AEF582B802332 ] VirtDiskBus C:\Windows\system32\DRIVERS\VirtDiskBus64.sys

20:19:51.0559 3580 VirtDiskBus - ok

20:19:51.0559 3580 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:19:51.0559 3580 volmgr - ok

20:19:51.0559 3580 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:19:51.0575 3580 volmgrx - ok

20:19:51.0575 3580 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:19:51.0575 3580 volsnap - ok

20:19:51.0575 3580 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

20:19:51.0575 3580 vsmraid - ok

20:19:51.0590 3580 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

20:19:51.0606 3580 VSS - ok

20:19:51.0606 3580 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

20:19:51.0606 3580 vwifibus - ok

20:19:51.0606 3580 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

20:19:51.0621 3580 W32Time - ok

20:19:51.0621 3580 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

20:19:51.0621 3580 WacomPen - ok

20:19:51.0621 3580 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:19:51.0621 3580 WANARP - ok

20:19:51.0621 3580 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:19:51.0621 3580 Wanarpv6 - ok

20:19:51.0637 3580 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:19:51.0653 3580 WatAdminSvc - ok

20:19:51.0668 3580 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

20:19:51.0668 3580 wbengine - ok

20:19:51.0684 3580 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:19:51.0684 3580 WbioSrvc - ok

20:19:51.0684 3580 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:19:51.0684 3580 wcncsvc - ok

20:19:51.0699 3580 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:19:51.0699 3580 WcsPlugInService - ok

20:19:51.0699 3580 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

20:19:51.0699 3580 Wd - ok

20:19:51.0699 3580 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:19:51.0715 3580 Wdf01000 - ok

20:19:51.0715 3580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:19:51.0715 3580 WdiServiceHost - ok

20:19:51.0715 3580 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:19:51.0715 3580 WdiSystemHost - ok

20:19:51.0731 3580 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

20:19:51.0731 3580 WebClient - ok

20:19:51.0731 3580 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:19:51.0731 3580 Wecsvc - ok

20:19:51.0731 3580 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:19:51.0731 3580 wercplsupport - ok

20:19:51.0746 3580 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

20:19:51.0746 3580 WerSvc - ok

20:19:51.0746 3580 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:19:51.0746 3580 WfpLwf - ok

20:19:51.0746 3580 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:19:51.0746 3580 WIMMount - ok

20:19:51.0746 3580 WinDefend - ok

20:19:51.0746 3580 WinHttpAutoProxySvc - ok

20:19:51.0762 3580 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:19:51.0762 3580 Winmgmt - ok

20:19:51.0777 3580 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

20:19:51.0793 3580 WinRM - ok

20:19:51.0809 3580 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

20:19:51.0809 3580 WinUsb - ok

20:19:51.0809 3580 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

20:19:51.0824 3580 Wlansvc - ok

20:19:51.0840 3580 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:19:51.0855 3580 wlidsvc - ok

20:19:51.0855 3580 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

20:19:51.0855 3580 WmiAcpi - ok

20:19:51.0855 3580 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:19:51.0855 3580 wmiApSrv - ok

20:19:51.0855 3580 WMPNetworkSvc - ok

20:19:51.0855 3580 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:19:51.0871 3580 WPCSvc - ok

20:19:51.0871 3580 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:19:51.0871 3580 WPDBusEnum - ok

20:19:51.0871 3580 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:19:51.0871 3580 ws2ifsl - ok

20:19:51.0871 3580 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

20:19:51.0871 3580 wscsvc - ok

20:19:51.0871 3580 WSearch - ok

20:19:51.0902 3580 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

20:19:51.0918 3580 wuauserv - ok

20:19:51.0918 3580 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:19:51.0918 3580 WudfPf - ok

20:19:51.0933 3580 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:19:51.0933 3580 WUDFRd - ok

20:19:51.0933 3580 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:19:51.0933 3580 wudfsvc - ok

20:19:51.0933 3580 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

20:19:51.0949 3580 WwanSvc - ok

20:19:51.0949 3580 ================ Scan global ===============================

20:19:51.0949 3580 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:19:51.0949 3580 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

20:19:51.0949 3580 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

20:19:51.0965 3580 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:19:51.0965 3580 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:19:51.0965 3580 [Global] - ok

20:19:51.0965 3580 ================ Scan MBR ==================================

20:19:51.0980 3580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:19:52.0136 3580 \Device\Harddisk0\DR0 - ok

20:19:52.0152 3580 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

20:19:52.0199 3580 \Device\Harddisk1\DR1 - ok

20:19:52.0199 3580 ================ Scan VBR ==================================

20:19:52.0199 3580 [ 95CCE245BA855655051560A1100AE0FE ] \Device\Harddisk0\DR0\Partition1

20:19:52.0199 3580 \Device\Harddisk0\DR0\Partition1 - ok

20:19:52.0199 3580 [ DFDB005E4357F7A3C0B356464E703C66 ] \Device\Harddisk1\DR1\Partition1

20:19:52.0199 3580 \Device\Harddisk1\DR1\Partition1 - ok

20:19:52.0199 3580 [ 83F526B967BFBCCA83219F50074273F2 ] \Device\Harddisk1\DR1\Partition2

20:19:52.0199 3580 \Device\Harddisk1\DR1\Partition2 - ok

20:19:52.0199 3580 ============================================================

20:19:52.0199 3580 Scan finished

20:19:52.0199 3580 ============================================================

20:19:52.0199 3136 Detected object count: 0

20:19:52.0199 3136 Actual detected object count: 0

RKReport log;

RogueKiller V8.4.3 [Jan 10 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...13-roguekiller/

Website : http://tigzy.geeksto...roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Sean [Admin rights]

Mode : Scan -- Date : 01/12/2013 20:22:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[RUN][sUSP PATH] [ON_D:]HKLM\Software[...]\Wow6432Node\Run : US4Service (C:\ProgramData\Everstrike\US4Service.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Users\Default\NTUSER.DAT

-> D:\Users\Default User\NTUSER.DAT

-> D:\Users\Public\NTUSER.DAT

-> D:\Users\Sean\NTUSER.DAT

-> D:\Documents and Settings\Default\NTUSER.DAT

-> D:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B0 ATA Device +++++

--- User ---

[MBR] c70f5e1a578ce8eea8b7b962c2bc4d98

[bSP] a99b7c81c3f698579e9e68af56f252f4 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 600238 Mo

User = LL1 ... OK!

Link to post
Share on other sites

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Now then, as to that "questionable file on your Desktop"

You should be able to delete it directly off the desktop. Carefully

Do 1 click on it with your mouse---- a single click just to get focus.

Then press & Hold SHIFT + DELete keys

and answer YES to delete

Edited by Maurice Naggar
Link to post
Share on other sites

That managed to delete the file thanks and here is the log you asked for;

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 21:00:42

# Updated 08/01/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Sean - SEAN-PC

# Boot Mode : Normal

# Running from : C:\Users\Sean\Desktop\Virus Logs and Files\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Premium

Folder Deleted : C:\Users\Sean\AppData\Local\Conduit

Folder Deleted : C:\Users\Sean\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Sean\AppData\LocalLow\wxDfast

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\7r92u0ic.default\prefs.js

Deleted : user_pref("extensions.4fba2f0a1f1ed.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...]

*************************

AdwCleaner[R1].txt - [2672 octets] - [12/01/2013 20:18:34]

AdwCleaner[s1].txt - [2498 octets] - [12/01/2013 21:00:42]

########## EOF - C:\AdwCleaner[s1].txt - [2558 octets] ##########

Link to post
Share on other sites

Very good :)

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Post the latest MBAM log, and .... Tell me, How's the system now ?

Link to post
Share on other sites

Nothing found, system seems to be fine and I'm happy that the file is no longer there! :)

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.12.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Sean :: SEAN-PC [administrator]

12/01/2013 21:28:30

mbam-log-2013-01-12 (21-28-30).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209951

Time elapsed: 50 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Enable button to re-enable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

adwcleaner.exe

TDSSKILLER.exe

Roguekiller.exe

defogger.exe

Be very aware that there's a new Java runtime vulnerability

Java Zero-Day (Again), Time To Disable/Remove Java http://securitygarden.blogspot.com/2013/01/java-zero-day-again-time-to.html

You are urged to disable java running in your browsers.

kb.cert.org Article: http://goo.gl/e2DAI

&

How to disable Java: http://goo.gl/pxIvG

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.