Jump to content

system keeps locking up and says it's no longer Genuine Windows


Recommended Posts

Hello,

Recently my sons were home for the holidays and using the computers available to play a game across the internet. Since that time many of the systems have developed unique problems.

This thread deals with my work laptop, which has since developed the following symptoms:

system locking up

Internet Explorer crawls and then locks up

reporting that it is no longer an authentic version of windows

desktop icons are inoperable

right clicking on items is inoperable

trying to uninstall programs in control panel returns errors

etc...

System info is below as well as the requested files:

dds.txt

attach.txt

Any assistance would be appreciated, thanks in advance!

Ken

------------------

System Information

------------------

Time of this report: 2/8/2013, 18:08:31

Machine name: STUDIO-64

Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333)

Language: English (Regional Setting: English)

System Manufacturer: Dell Inc.

System Model: Studio 1737

BIOS: Ver 1.00 BIOS A04 PARTTBL"

Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz (2 CPUs), ~2.5GHz

Memory: 4096MB RAM

Available OS Memory: 4090MB RAM

Page File: 2115MB used, 6064MB available

Windows Dir: C:\Windows

DirectX Version: DirectX 11

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457

Run by Ken at 10:39:19 on 2013-02-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4091.2647 [GMT -5:00]

.

AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxbxcoms.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe

C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\SpywareGuard\sgmain.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\SpywareGuard\sgbhp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig?hl=en

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081217

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

mWinlogon: Userinit = userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files (x86)\SpywareGuard\dlprotect.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll

TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll

TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

StartupFolder: C:\Users\Ken\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYWAR~1.LNK - C:\Program Files (x86)\SpywareGuard\sgmain.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:95

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Append the content of the link to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: Download all by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download by FlashGet3 - C:\Users\Ken\AppData\Roaming\FlashGetBHO\GetUrl.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100

IE: Open with PDF Professional 6 - C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\25546554C4 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222

TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\34C6561627023507F64702036333 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{31A44C8B-F233-42F5-B40B-612968FE4006}\857383B473 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{325EAE92-B1F4-4FA0-9FFC-2C080D4EE66D} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files (x86)\SpywareGuard\spywareguard.dll

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [lxbxmon.exe] "C:\Program Files (x86)\Lexmark 7100 Series\lxbxmon.exe"

x64-Run: [LXBXCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBXtime.dll,RunDLLEntry

x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 7100 Series\ezprint.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\Users\Ken\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll

FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll

FF - component: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Autodesk\Autodesk Design Review Firefox Add-on v1.1\npADRdwf.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\nppdf.dll

FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\7zlv1z4n.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\np-mswmp.dll

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-6-14 62536]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\System32\drivers\vsflt53.sys [2012-7-20 141920]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-6-14 211344]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-6-14 38328]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2010-7-28 89600]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-6-14 1288104]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-1-29 165112]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-24 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-24 682344]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-9-7 1153368]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-13 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]

S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-26 203264]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-17 74256]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-17 13328]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-15 7689216]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]

S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-11-26 25584]

S3 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-6-30 134944]

S3 PTDUBus;PANTECH UM175 Composite Device Driver ;C:\Windows\System32\drivers\PTDUBus.sys [2011-8-26 70672]

S3 PTDUMdm;PANTECH UM175 Drivers;C:\Windows\System32\drivers\PTDUMdm.sys [2011-8-26 173456]

S3 PTDUVsp;PANTECH UM175 Diagnostic Port;C:\Windows\System32\drivers\PTDUVsp.sys [2011-8-26 173456]

S3 PTDUWFLT;PTDUWWAN Filter Driver;C:\Windows\System32\drivers\PTDUWFLT.sys [2011-8-26 12688]

S3 PTDUWWAN;PANTECH UM175 WWAN Driver;C:\Windows\System32\drivers\PTDUWWAN.sys [2011-8-26 141840]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-3-10 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-10 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-12-14 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-26 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\Windows\System32\notepad.exe "%1"

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

ShellExec: Foxit Reader.exe: print="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/p "%1"

ShellExec: Foxit Reader.exe: printto="C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"

.

=============== Created Last 30 ================

.

2013-02-06 11:33:19 -------- d-----w- C:\Users\Ken\Desktop Folders

2013-01-30 14:38:14 -------- d-----w- C:\ProgramData\IDM

2013-01-30 01:40:02 -------- d-----w- C:\Utils

2013-01-29 12:03:10 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2013-01-10 14:26:05 750592 ----a-w- C:\Windows\System32\win32spl.dll

2013-01-10 14:26:05 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-01-10 14:26:04 800768 ----a-w- C:\Windows\System32\usp10.dll

2013-01-10 14:26:04 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-01-10 14:24:55 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2013-01-10 14:24:54 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2013-01-10 14:24:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-01-10 14:24:53 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-01-10 14:24:52 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-01-10 14:24:52 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-01-10 14:24:51 3149824 ----a-w- C:\Windows\System32\win32k.sys

2013-01-10 14:24:47 68608 ----a-w- C:\Windows\System32\taskhost.exe

.

==================== Find3M ====================

.

2013-01-13 14:01:39 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-13 14:01:39 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

.

============= FINISH: 10:39:42.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 7/26/2010 1:42:52 PM

System Uptime: 2/6/2013 6:53:08 AM (4 hours ago)

.

Motherboard: Dell Inc. | | 0P786H

Processor: Intel® Core2 Duo CPU T9400 @ 2.53GHz | U2E1 | 2534/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 66.027 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 2.519 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #3

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Microsoft Teredo Tunneling Adapter

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® WiFi Link 5100 AGN

Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1

Manufacturer: Intel Corporation

Name: Intel® WiFi Link 5100 AGN

PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&B04CCE1&0&00E1

Service: NETw5s64

.

==== System Restore Points ===================

.

RP355: 2/2/2013 7:12:55 PM - Windows Modules Installer

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin 64-bit

Adobe Reader X (10.1.4)

Akamai NetSession Interface

ArcSoft MediaImpression for Kodak

ATI Catalyst Install Manager

BitTorrent

BlackBerry Desktop Software 7.1

Catalyst Control Center InstallProxy

CCleaner

CDDRV_Installer

Chinese Simplified Fonts Support For Adobe Reader X

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Dell Support Center

Dell Touchpad

DivX Setup

Dropbox

DVD Decrypter (Remove Only)

DVD Shrink 3.2

Elcomsoft Blackberry Backup Explorer

eMusic Download Manager 4.1.4

ESET Online Scanner v3

ESET Smart Security

Foxit PDF IFilter

Foxit Phantom

Foxit Reader

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.3.0.977

IDT Audio

Internet Download Manager

iTunes

Japanese Fonts Support For Adobe Reader X

KhalInstallWrapper

Lexmark 7100 Series

Logitech SetPoint

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Mouse and Keyboard Center

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mindjet MindManager 9

Mozilla Firefox 10.0.2 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nuance PDF Professional 6

PANTECH UM175 Driver

PDFCreator

Picasa 3

Plustek OpticSlim M12 Plus

PowerISO

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Replay Media Catcher 4 (4.2.8)

RICOH Media Driver ver.2.07.01.00

Roblox for Ken

Scansoft PDF Professional

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.1

Snagit 10.0.1

Spybot - Search & Destroy

SpywareBlaster 4.4

SpywareGuard v2.2

System Requirements Lab for Intel

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.11

Windows Automated Installation Kit

Windows XP Mode

WinRAR archiver

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Kennyd,

Step 1

Your logs showed some peer-to-peer filesharing apps: Bittorrent

Uninstall it and any other 'torrent or any peer-to-peer program :excl:

and confirm that for me in your next post.

I do not recommend the use of P-2-P programs since such filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Step 5

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 6

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program. excl.png

Then copy/paste the following into your post (in order):

  • the contents of C:\JRT.txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Thanks for your response!

Ok, here we go....

1. Bit Torrent uninstalled

2. ERUNT installled and run

3. All files exposed

4. ESET Security temp disabled and JRT downloaded and run, results below...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Windows 7 Ultimate x64

Ran by Ken on Sat 02/09/2013 at 14:09:14.28

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{30f9b915-b755-4826-820b-08fba6bd249d}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1545054437-1505894867-219525375-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\bittorrentbar

Successfully deleted: [Registry Key] hkey_current_user\software\conduit

Successfully deleted: [Registry Key] hkey_local_machine\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\bittorrentbar

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitengine

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine

Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2790392

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\bittorrentbar"

Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Ken\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Program Files (x86)\bittorrentbar"

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\conduitcommon

Successfully deleted: [Folder] C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\extensions\staged

Successfully deleted the following from C:\Users\Ken\AppData\Roaming\mozilla\firefox\profiles\7zlv1z4n.default\prefs.js

user_pref("CT2790392..clientLogIsEnabled", false);

user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);

user_pref("CT2790392.CTID", "CT2790392");

user_pref("CT2790392.CurrentServerDate", "23-10-2012");

user_pref("CT2790392.DialogsAlignMode", "LTR");

user_pref("CT2790392.DialogsGetterLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.DownloadReferralCookieData", "");

user_pref("CT2790392.EMailNotifierPollDate", "Mon Jan 03 2011 10:47:33 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedLastCount129313977501788460", 292);

user_pref("CT2790392.FeedPollDate129313974171006416", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313975698350231", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313976370850190", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313976648818968", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313977444757117", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313980389131455", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313980655381977", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313980886163259", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313981234756535", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313983226631720", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedPollDate129313983607725691", "Mon Jan 03 2011 10:12:34 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.FeedTTL129313974171006416", 10);

user_pref("CT2790392.FeedTTL129313977444757117", 15);

user_pref("CT2790392.FeedTTL129313980655381977", 5);

user_pref("CT2790392.FeedTTL129313981234756535", 5);

user_pref("CT2790392.FirstServerDate", "3-1-2011");

user_pref("CT2790392.FirstTime", true);

user_pref("CT2790392.FirstTimeFF3", true);

user_pref("CT2790392.FixPageNotFoundErrors", false);

user_pref("CT2790392.GroupingServerCheckInterval", 1440);

user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

user_pref("CT2790392.HasUserGlobalKeys", true);

user_pref("CT2790392.Initialize", true);

user_pref("CT2790392.InitializeCommonPrefs", true);

user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);

user_pref("CT2790392.InstallationType", "UnknownIntegration");

user_pref("CT2790392.InstalledDate", "Mon Jan 03 2011 00:43:14 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.IsGrouping", false);

user_pref("CT2790392.IsMulticommunity", false);

user_pref("CT2790392.IsOpenThankYouPage", true);

user_pref("CT2790392.IsOpenUninstallPage", false);

user_pref("CT2790392.LanguagePackLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);

user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");

user_pref("CT2790392.LastLogin_3.13.0.6", "Tue Oct 23 2012 16:17:16 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.LastLogin_3.2.5.2", "Mon Jan 03 2011 08:12:38 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.LatestVersion", "3.14.1.0");

user_pref("CT2790392.Locale", "en");

user_pref("CT2790392.MCDetectTooltipHeight", "83");

user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT2790392.MCDetectTooltipWidth", "295");

user_pref("CT2790392.MyStuffEnabledAtInstallation", true);

user_pref("CT2790392.SearchFromAddressBarIsInit", true);

user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");

user_pref("CT2790392.SearchInNewTabEnabled", true);

user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);

user_pref("CT2790392.SearchInNewTabLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT2790392.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT2790392.ServiceMapLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.SettingsLastCheckTime", "Tue Oct 23 2012 08:17:15 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.SettingsLastUpdate", "1350331626");

user_pref("CT2790392.ThirdPartyComponentsInterval", 504);

user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Mon Jan 03 2011 00:43:12 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1246790578");

user_pref("CT2790392.ToolbarShrinkedFromSetup", false);

user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");

user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com

user_pref("CT2790392.UserID", "UN65265018280549910");

user_pref("CT2790392.WeatherNetwork", "");

user_pref("CT2790392.WeatherPollDate", "Mon Jan 03 2011 10:42:35 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.WeatherUnit", "F");

user_pref("CT2790392.alertChannelId", "1182482");

user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP

user_pref("CT2790392.homepageProtectorEnableByLogin", true);

user_pref("CT2790392.initDone", true);

user_pref("CT2790392.myStuffEnabled", true);

user_pref("CT2790392.myStuffPublihserMinWidth", 400);

user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT2790392.myStuffServiceIntervalMM", 1440);

user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT2790392.revertSettingsEnabled", false);

user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);

user_pref("CT2790392.searchProtectorEnableByLogin", true);

user_pref("CT2790392.testingCtid", "");

user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Tue Oct 23 2012 08:17:16 GMT-0400 (Eastern Daylight Time)");

user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 00:43:18 GMT-0500 (Eastern Standard Time)");

user_pref("CT2790392.usagesFlag", 1);

user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1c122585334ff8ada9b2bc72c949d5553\"");

user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1182482/1178159/US", "\"0\"");

user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");

user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1334663508\"");

user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");

user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "/oUS1eK2SdsB3t6H2kLPsA==");

user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "a47lyj7cLWBfKLgeVP5JNA==");

user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "o2to7MmrsZrvbHYQMnKy6A==");

user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");

user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"801a319dd78ccc1:12e4\"");

user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:1553\"");

user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");

user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634289840782570000\"");

user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000");

user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634356118310000000");

user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");

user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");

user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1292489669\"");

user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"df80df51efec5da14a945672c4af4018\"");

user_pref("CommunityToolbar.EngineOwner", "");

user_pref("CommunityToolbar.EngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");

user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar");

user_pref("CommunityToolbar.IsEngineShown", true);

user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");

user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");

user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

user_pref("CommunityToolbar.ToolbarsList", "CT2790392");

user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2790392");

user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 06 2011 21:18:57 GMT-0400 (Eastern Daylight Time)");

user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Mar 01 2012 10:09:26 GMT-0500 (Eastern Standard Time)");

user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

user_pref("CommunityToolbar.alert.locale", "en");

user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Mar 01 2012 10:09:14 GMT-0500 (Eastern Standard Time)");

user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

user_pref("CommunityToolbar.alert.showTrayIcon", false);

user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

user_pref("CommunityToolbar.alert.userId", "52c8f38d-a145-4b40-8473-9f6967b36c5c");

user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jan 03 2011 00:43:16 GMT-0500 (Eastern Standard Time)");

user_pref("CommunityToolbar.globalUserId", "caafd986-66db-4020-a8bf-0a210d671ee7");

user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

user_pref("CommunityToolbar.killedEngine", true);

user_pref("CommunityToolbar.undefined", "");

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5,{9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.6,{e

user_pref("extensions.engine@conduit.com.install-event-fired", true);

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 02/09/2013 at 14:16:50.20

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

5. TDSSKiller downloaded and run, results below...

15:08:32.0612 4580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

15:08:32.0921 4580 ============================================================

15:08:32.0921 4580 Current date / time: 2013/02/09 15:08:32.0921

15:08:32.0921 4580 SystemInfo:

15:08:32.0921 4580

15:08:32.0922 4580 OS Version: 6.1.7601 ServicePack: 1.0

15:08:32.0922 4580 Product type: Workstation

15:08:32.0922 4580 ComputerName: STUDIO-64

15:08:32.0922 4580 UserName: Ken

15:08:32.0922 4580 Windows directory: C:\Windows

15:08:32.0922 4580 System windows directory: C:\Windows

15:08:32.0922 4580 Running under WOW64

15:08:32.0922 4580 Processor architecture: Intel x64

15:08:32.0922 4580 Number of processors: 2

15:08:32.0923 4580 Page size: 0x1000

15:08:32.0923 4580 Boot type: Normal boot

15:08:32.0923 4580 ============================================================

15:08:34.0023 4580 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:08:34.0039 4580 ============================================================

15:08:34.0039 4580 \Device\Harddisk0\DR0:

15:08:34.0039 4580 MBR partitions:

15:08:34.0039 4580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000

15:08:34.0039 4580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x1BD7E000

15:08:34.0039 4580 ============================================================

15:08:34.0062 4580 C: <-> \Device\Harddisk0\DR0\Partition2

15:08:34.0094 4580 D: <-> \Device\Harddisk0\DR0\Partition1

15:08:34.0095 4580 ============================================================

15:08:34.0095 4580 Initialize success

15:08:34.0095 4580 ============================================================

15:14:07.0933 3664 ============================================================

15:14:07.0933 3664 Scan started

15:14:07.0933 3664 Mode: Manual; TDLFS;

15:14:07.0933 3664 ============================================================

15:14:08.0448 3664 ================ Scan system memory ========================

15:14:08.0448 3664 System memory - ok

15:14:08.0448 3664 ================ Scan services =============================

15:14:08.0588 3664 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:14:08.0604 3664 1394ohci - ok

15:14:08.0635 3664 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:14:08.0666 3664 ACPI - ok

15:14:08.0682 3664 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:14:08.0682 3664 AcpiPmi - ok

15:14:08.0760 3664 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:14:08.0760 3664 AdobeARMservice - ok

15:14:08.0807 3664 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

15:14:08.0838 3664 adp94xx - ok

15:14:08.0869 3664 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

15:14:08.0885 3664 adpahci - ok

15:14:08.0900 3664 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

15:14:08.0916 3664 adpu320 - ok

15:14:08.0947 3664 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:14:08.0947 3664 AeLookupSvc - ok

15:14:09.0025 3664 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe

15:14:09.0041 3664 AESTFilters - ok

15:14:09.0150 3664 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys

15:14:09.0165 3664 Afc - ok

15:14:09.0212 3664 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:14:09.0228 3664 AFD - ok

15:14:09.0259 3664 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:14:09.0259 3664 agp440 - ok

15:14:09.0415 3664 [ 3F211BC5CC699644479B50B9C0679BF6 ] Akamai c:\program files (x86)\common files\akamai\netsession_win_3f211bc.dll

15:14:09.0493 3664 Akamai - ok

15:14:09.0524 3664 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:14:09.0524 3664 ALG - ok

15:14:09.0555 3664 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:14:09.0555 3664 aliide - ok

15:14:09.0587 3664 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

15:14:09.0602 3664 AMD External Events Utility - ok

15:14:09.0618 3664 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:14:09.0618 3664 amdide - ok

15:14:09.0633 3664 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

15:14:09.0633 3664 AmdK8 - ok

15:14:09.0649 3664 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

15:14:09.0649 3664 AmdPPM - ok

15:14:09.0696 3664 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:14:09.0696 3664 amdsata - ok

15:14:09.0711 3664 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

15:14:09.0727 3664 amdsbs - ok

15:14:09.0743 3664 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:14:09.0743 3664 amdxata - ok

15:14:09.0789 3664 [ D5EC94CB176F682EAFC823ECA8D90DC6 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

15:14:09.0789 3664 ApfiltrService - ok

15:14:09.0821 3664 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:14:09.0821 3664 AppID - ok

15:14:09.0836 3664 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:14:09.0836 3664 AppIDSvc - ok

15:14:09.0867 3664 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

15:14:09.0867 3664 Appinfo - ok

15:14:09.0899 3664 appliandMP - ok

15:14:09.0945 3664 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

15:14:09.0945 3664 AppMgmt - ok

15:14:09.0977 3664 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

15:14:09.0977 3664 arc - ok

15:14:09.0992 3664 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

15:14:09.0992 3664 arcsas - ok

15:14:10.0039 3664 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:14:10.0039 3664 AsyncMac - ok

15:14:10.0070 3664 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:14:10.0070 3664 atapi - ok

15:14:10.0117 3664 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

15:14:10.0117 3664 AtiHdmiService - ok

15:14:10.0273 3664 [ A08339AE90972E268B9622C668F450E8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

15:14:10.0413 3664 atikmdag - ok

15:14:10.0445 3664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:14:10.0491 3664 AudioEndpointBuilder - ok

15:14:10.0507 3664 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:14:10.0523 3664 AudioSrv - ok

15:14:10.0569 3664 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:14:10.0569 3664 AxInstSV - ok

15:14:10.0616 3664 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

15:14:10.0632 3664 b06bdrv - ok

15:14:10.0679 3664 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:14:10.0694 3664 b57nd60a - ok

15:14:10.0725 3664 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:14:10.0725 3664 BDESVC - ok

15:14:10.0757 3664 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:14:10.0757 3664 Beep - ok

15:14:10.0819 3664 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:14:10.0850 3664 BFE - ok

15:14:10.0897 3664 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

15:14:10.0928 3664 BITS - ok

15:14:10.0944 3664 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:14:10.0944 3664 blbdrive - ok

15:14:10.0975 3664 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:14:10.0991 3664 bowser - ok

15:14:11.0006 3664 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:14:11.0006 3664 BrFiltLo - ok

15:14:11.0022 3664 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:14:11.0022 3664 BrFiltUp - ok

15:14:11.0037 3664 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:14:11.0053 3664 Browser - ok

15:14:11.0069 3664 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:14:11.0084 3664 Brserid - ok

15:14:11.0100 3664 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:14:11.0100 3664 BrSerWdm - ok

15:14:11.0100 3664 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:14:11.0115 3664 BrUsbMdm - ok

15:14:11.0115 3664 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:14:11.0115 3664 BrUsbSer - ok

15:14:11.0131 3664 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

15:14:11.0131 3664 BTHMODEM - ok

15:14:11.0147 3664 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:14:11.0147 3664 bthserv - ok

15:14:11.0162 3664 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:14:11.0162 3664 cdfs - ok

15:14:11.0193 3664 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:14:11.0209 3664 cdrom - ok

15:14:11.0240 3664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:14:11.0240 3664 CertPropSvc - ok

15:14:11.0271 3664 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

15:14:11.0271 3664 circlass - ok

15:14:11.0303 3664 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:14:11.0318 3664 CLFS - ok

15:14:11.0365 3664 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:14:11.0365 3664 clr_optimization_v2.0.50727_32 - ok

15:14:11.0412 3664 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:14:11.0412 3664 clr_optimization_v2.0.50727_64 - ok

15:14:11.0459 3664 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:14:11.0459 3664 clr_optimization_v4.0.30319_32 - ok

15:14:11.0490 3664 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:14:11.0490 3664 clr_optimization_v4.0.30319_64 - ok

15:14:11.0521 3664 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:14:11.0521 3664 CmBatt - ok

15:14:11.0552 3664 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:14:11.0552 3664 cmdide - ok

15:14:11.0599 3664 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

15:14:11.0615 3664 CNG - ok

15:14:11.0646 3664 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:14:11.0646 3664 Compbatt - ok

15:14:11.0677 3664 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

15:14:11.0677 3664 CompositeBus - ok

15:14:11.0693 3664 COMSysApp - ok

15:14:11.0708 3664 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

15:14:11.0708 3664 crcdisk - ok

15:14:11.0755 3664 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:14:11.0771 3664 CryptSvc - ok

15:14:11.0802 3664 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

15:14:11.0833 3664 CSC - ok

15:14:11.0864 3664 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

15:14:11.0895 3664 CscService - ok

15:14:11.0942 3664 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

15:14:11.0942 3664 dc3d - ok

15:14:11.0973 3664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:14:11.0989 3664 DcomLaunch - ok

15:14:12.0051 3664 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:14:12.0067 3664 defragsvc - ok

15:14:12.0098 3664 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:14:12.0098 3664 DfsC - ok

15:14:12.0145 3664 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:14:12.0161 3664 Dhcp - ok

15:14:12.0192 3664 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:14:12.0192 3664 discache - ok

15:14:12.0207 3664 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

15:14:12.0223 3664 Disk - ok

15:14:12.0254 3664 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:14:12.0285 3664 Dnscache - ok

15:14:12.0317 3664 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:14:12.0332 3664 dot3svc - ok

15:14:12.0363 3664 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:14:12.0363 3664 DPS - ok

15:14:12.0410 3664 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:14:12.0410 3664 drmkaud - ok

15:14:12.0457 3664 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:14:12.0488 3664 DXGKrnl - ok

15:14:12.0551 3664 [ 45232471A169469EAFCC28D1206C09E2 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

15:14:12.0551 3664 eamonm - ok

15:14:12.0582 3664 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:14:12.0582 3664 EapHost - ok

15:14:12.0660 3664 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

15:14:12.0722 3664 ebdrv - ok

15:14:12.0753 3664 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:14:12.0753 3664 EFS - ok

15:14:12.0785 3664 [ 1CB8BE46590FB6D2806F50608CDE4957 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

15:14:12.0785 3664 ehdrv - ok

15:14:12.0847 3664 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:14:12.0878 3664 ehRecvr - ok

15:14:12.0894 3664 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:14:12.0909 3664 ehSched - ok

15:14:13.0034 3664 [ 52F63774A1866258BF64488A75CA1757 ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

15:14:13.0065 3664 ekrn - ok

15:14:13.0097 3664 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

15:14:13.0128 3664 elxstor - ok

15:14:13.0159 3664 [ ED7E67634657DCBD024EE2A1A6FFBA2F ] epfw C:\Windows\system32\DRIVERS\epfw.sys

15:14:13.0159 3664 epfw - ok

15:14:13.0190 3664 [ ED9A79169F8B47FBFF1D7FE113D4780A ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

15:14:13.0190 3664 EpfwLWF - ok

15:14:13.0221 3664 [ 7E1460F280D31CE3497DE9E540C99264 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

15:14:13.0221 3664 epfwwfp - ok

15:14:13.0253 3664 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:14:13.0253 3664 ErrDev - ok

15:14:13.0315 3664 esihdrv - ok

15:14:13.0362 3664 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:14:13.0377 3664 EventSystem - ok

15:14:13.0393 3664 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:14:13.0409 3664 exfat - ok

15:14:13.0440 3664 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:14:13.0440 3664 fastfat - ok

15:14:13.0502 3664 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:14:13.0533 3664 Fax - ok

15:14:13.0549 3664 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

15:14:13.0549 3664 fdc - ok

15:14:13.0580 3664 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:14:13.0580 3664 fdPHost - ok

15:14:13.0596 3664 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:14:13.0596 3664 FDResPub - ok

15:14:13.0611 3664 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:14:13.0611 3664 FileInfo - ok

15:14:13.0627 3664 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:14:13.0627 3664 Filetrace - ok

15:14:13.0643 3664 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

15:14:13.0643 3664 flpydisk - ok

15:14:13.0674 3664 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:14:13.0689 3664 FltMgr - ok

15:14:13.0736 3664 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

15:14:13.0767 3664 FontCache - ok

15:14:13.0814 3664 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:14:13.0814 3664 FontCache3.0.0.0 - ok

15:14:13.0830 3664 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:14:13.0830 3664 FsDepends - ok

15:14:13.0861 3664 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:14:13.0861 3664 Fs_Rec - ok

15:14:13.0908 3664 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:14:13.0908 3664 fvevol - ok

15:14:13.0939 3664 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

15:14:13.0939 3664 gagp30kx - ok

15:14:13.0970 3664 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:14:13.0986 3664 GEARAspiWDM - ok

15:14:14.0033 3664 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:14:14.0064 3664 gpsvc - ok

15:14:14.0173 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:14:14.0173 3664 gupdate - ok

15:14:14.0204 3664 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

15:14:14.0204 3664 gupdatem - ok

15:14:14.0251 3664 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

15:14:14.0251 3664 gusvc - ok

15:14:14.0267 3664 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:14:14.0282 3664 hcw85cir - ok

15:14:14.0345 3664 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:14:14.0360 3664 HdAudAddService - ok

15:14:14.0407 3664 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

15:14:14.0407 3664 HDAudBus - ok

15:14:14.0423 3664 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

15:14:14.0423 3664 HidBatt - ok

15:14:14.0438 3664 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

15:14:14.0438 3664 HidBth - ok

15:14:14.0469 3664 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

15:14:14.0469 3664 HidIr - ok

15:14:14.0501 3664 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:14:14.0516 3664 hidserv - ok

15:14:14.0532 3664 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:14:14.0547 3664 HidUsb - ok

15:14:14.0563 3664 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:14:14.0579 3664 hkmsvc - ok

15:14:14.0610 3664 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:14:14.0610 3664 HomeGroupListener - ok

15:14:14.0641 3664 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:14:14.0657 3664 HomeGroupProvider - ok

15:14:14.0672 3664 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:14:14.0672 3664 HpSAMD - ok

15:14:14.0719 3664 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:14:14.0766 3664 HTTP - ok

15:14:14.0781 3664 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:14:14.0781 3664 hwpolicy - ok

15:14:14.0797 3664 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

15:14:14.0797 3664 i8042prt - ok

15:14:14.0844 3664 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:14:14.0859 3664 iaStorV - ok

15:14:14.0922 3664 [ 3CBC834892B5E04CE635BB60FB0EE6FF ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys

15:14:14.0922 3664 IDMWFP - ok

15:14:14.0969 3664 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:14:15.0015 3664 idsvc - ok

15:14:15.0031 3664 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

15:14:15.0047 3664 iirsp - ok

15:14:15.0093 3664 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:14:15.0140 3664 IKEEXT - ok

15:14:15.0156 3664 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:14:15.0156 3664 intelide - ok

15:14:15.0171 3664 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:14:15.0171 3664 intelppm - ok

15:14:15.0203 3664 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:14:15.0203 3664 IPBusEnum - ok

15:14:15.0234 3664 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:14:15.0234 3664 IpFilterDriver - ok

15:14:15.0265 3664 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:14:15.0296 3664 iphlpsvc - ok

15:14:15.0327 3664 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:14:15.0343 3664 IPMIDRV - ok

15:14:15.0359 3664 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:14:15.0359 3664 IPNAT - ok

15:14:15.0421 3664 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

15:14:15.0452 3664 iPod Service - ok

15:14:15.0483 3664 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:14:15.0483 3664 IRENUM - ok

15:14:15.0499 3664 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:14:15.0499 3664 isapnp - ok

15:14:15.0530 3664 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:14:15.0546 3664 iScsiPrt - ok

15:14:15.0577 3664 [ 729CC577A823542AAD779A0F1327BDB6 ] itecir C:\Windows\system32\DRIVERS\itecir.sys

15:14:15.0577 3664 itecir - ok

15:14:15.0624 3664 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

15:14:15.0639 3664 k57nd60a - ok

15:14:15.0655 3664 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:14:15.0655 3664 kbdclass - ok

15:14:15.0671 3664 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:14:15.0686 3664 kbdhid - ok

15:14:15.0686 3664 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:14:15.0686 3664 KeyIso - ok

15:14:15.0717 3664 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:14:15.0717 3664 KSecDD - ok

15:14:15.0733 3664 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:14:15.0749 3664 KSecPkg - ok

15:14:15.0764 3664 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:14:15.0764 3664 ksthunk - ok

15:14:15.0795 3664 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:14:15.0795 3664 KtmRm - ok

15:14:15.0842 3664 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:14:15.0842 3664 LanmanServer - ok

15:14:15.0873 3664 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:14:15.0889 3664 LanmanWorkstation - ok

15:14:15.0936 3664 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

15:14:15.0936 3664 LEqdUsb - ok

15:14:15.0998 3664 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

15:14:16.0029 3664 LHidEqd - ok

15:14:16.0061 3664 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

15:14:16.0061 3664 LHidFilt - ok

15:14:16.0092 3664 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:14:16.0092 3664 lltdio - ok

15:14:16.0139 3664 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:14:16.0154 3664 lltdsvc - ok

15:14:16.0185 3664 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:14:16.0185 3664 lmhosts - ok

15:14:16.0201 3664 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

15:14:16.0217 3664 LMouFilt - ok

15:14:16.0248 3664 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

15:14:16.0248 3664 LSI_FC - ok

15:14:16.0263 3664 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

15:14:16.0263 3664 LSI_SAS - ok

15:14:16.0279 3664 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:14:16.0279 3664 LSI_SAS2 - ok

15:14:16.0295 3664 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:14:16.0310 3664 LSI_SCSI - ok

15:14:16.0326 3664 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:14:16.0326 3664 luafv - ok

15:14:16.0357 3664 lxbx_device - ok

15:14:16.0419 3664 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

15:14:16.0419 3664 MBAMProtector - ok

15:14:16.0482 3664 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

15:14:16.0482 3664 MBAMScheduler - ok

15:14:16.0529 3664 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:14:16.0544 3664 MBAMService - ok

15:14:16.0607 3664 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

15:14:16.0622 3664 McciCMService - ok

15:14:16.0653 3664 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:14:16.0669 3664 Mcx2Svc - ok

15:14:16.0685 3664 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

15:14:16.0685 3664 megasas - ok

15:14:16.0716 3664 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

15:14:16.0731 3664 MegaSR - ok

15:14:16.0763 3664 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:14:16.0763 3664 MMCSS - ok

15:14:16.0794 3664 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:14:16.0794 3664 Modem - ok

15:14:16.0825 3664 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:14:16.0825 3664 monitor - ok

15:14:16.0856 3664 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:14:16.0856 3664 mouclass - ok

15:14:16.0872 3664 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:14:16.0887 3664 mouhid - ok

15:14:16.0903 3664 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:14:16.0903 3664 mountmgr - ok

15:14:16.0934 3664 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:14:16.0950 3664 mpio - ok

15:14:16.0965 3664 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:14:16.0965 3664 mpsdrv - ok

15:14:17.0012 3664 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:14:17.0043 3664 MpsSvc - ok

15:14:17.0059 3664 MREMP50 - ok

15:14:17.0075 3664 MREMP50a64 - ok

15:14:17.0075 3664 MREMPR5 - ok

15:14:17.0090 3664 MRENDIS5 - ok

15:14:17.0106 3664 MRESP50 - ok

15:14:17.0106 3664 MRESP50a64 - ok

15:14:17.0121 3664 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:14:17.0137 3664 MRxDAV - ok

15:14:17.0153 3664 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:14:17.0168 3664 mrxsmb - ok

15:14:17.0184 3664 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:14:17.0199 3664 mrxsmb10 - ok

15:14:17.0215 3664 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:14:17.0215 3664 mrxsmb20 - ok

15:14:17.0231 3664 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:14:17.0231 3664 msahci - ok

15:14:17.0246 3664 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:14:17.0246 3664 msdsm - ok

15:14:17.0277 3664 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:14:17.0277 3664 MSDTC - ok

15:14:17.0293 3664 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:14:17.0309 3664 Msfs - ok

15:14:17.0340 3664 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:14:17.0340 3664 mshidkmdf - ok

15:14:17.0355 3664 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:14:17.0355 3664 msisadrv - ok

15:14:17.0387 3664 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:14:17.0387 3664 MSiSCSI - ok

15:14:17.0387 3664 msiserver - ok

15:14:17.0418 3664 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:14:17.0418 3664 MSKSSRV - ok

15:14:17.0433 3664 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:14:17.0433 3664 MSPCLOCK - ok

15:14:17.0449 3664 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:14:17.0449 3664 MSPQM - ok

15:14:17.0480 3664 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:14:17.0496 3664 MsRPC - ok

15:14:17.0496 3664 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

15:14:17.0496 3664 mssmbios - ok

15:14:17.0511 3664 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:14:17.0527 3664 MSTEE - ok

15:14:17.0543 3664 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

15:14:17.0543 3664 MTConfig - ok

15:14:17.0558 3664 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:14:17.0558 3664 Mup - ok

15:14:17.0589 3664 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:14:17.0605 3664 napagent - ok

15:14:17.0636 3664 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:14:17.0636 3664 NativeWifiP - ok

15:14:17.0683 3664 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:14:17.0714 3664 NDIS - ok

15:14:17.0745 3664 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:14:17.0745 3664 NdisCap - ok

15:14:17.0761 3664 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:14:17.0761 3664 NdisTapi - ok

15:14:17.0792 3664 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:14:17.0792 3664 Ndisuio - ok

15:14:17.0823 3664 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:14:17.0823 3664 NdisWan - ok

15:14:17.0855 3664 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:14:17.0855 3664 NDProxy - ok

15:14:17.0870 3664 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:14:17.0870 3664 NetBIOS - ok

15:14:17.0886 3664 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:14:17.0886 3664 NetBT - ok

15:14:17.0901 3664 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:14:17.0901 3664 Netlogon - ok

15:14:17.0948 3664 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:14:17.0964 3664 Netman - ok

15:14:17.0995 3664 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:14:18.0026 3664 netprofm - ok

15:14:18.0057 3664 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:14:18.0057 3664 NetTcpPortSharing - ok

15:14:18.0291 3664 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys

15:14:18.0479 3664 NETw5s64 - ok

15:14:18.0635 3664 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

15:14:18.0775 3664 netw5v64 - ok

15:14:18.0806 3664 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

15:14:18.0806 3664 nfrd960 - ok

15:14:18.0837 3664 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:14:18.0853 3664 NlaSvc - ok

15:14:18.0869 3664 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:14:18.0869 3664 Npfs - ok

15:14:18.0900 3664 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:14:18.0900 3664 nsi - ok

15:14:18.0915 3664 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:14:18.0915 3664 nsiproxy - ok

15:14:18.0978 3664 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:14:19.0040 3664 Ntfs - ok

15:14:19.0071 3664 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

15:14:19.0071 3664 NuidFltr - ok

15:14:19.0087 3664 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:14:19.0087 3664 Null - ok

15:14:19.0103 3664 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:14:19.0118 3664 nvraid - ok

15:14:19.0134 3664 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:14:19.0134 3664 nvstor - ok

15:14:19.0165 3664 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:14:19.0165 3664 nv_agp - ok

15:14:19.0196 3664 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:14:19.0196 3664 ohci1394 - ok

15:14:19.0259 3664 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:14:19.0274 3664 ose - ok

15:14:19.0415 3664 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:14:19.0446 3664 osppsvc - ok

15:14:19.0477 3664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:14:19.0493 3664 p2pimsvc - ok

15:14:19.0508 3664 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:14:19.0524 3664 p2psvc - ok

15:14:19.0524 3664 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

15:14:19.0524 3664 Parport - ok

15:14:19.0555 3664 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:14:19.0555 3664 partmgr - ok

15:14:19.0571 3664 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:14:19.0586 3664 PcaSvc - ok

15:14:19.0649 3664 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms

15:14:19.0664 3664 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok

15:14:19.0680 3664 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:14:19.0680 3664 pci - ok

15:14:19.0695 3664 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:14:19.0711 3664 pciide - ok

15:14:19.0727 3664 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

15:14:19.0727 3664 pcmcia - ok

15:14:19.0742 3664 PCTINDIS5X64 - ok

15:14:19.0758 3664 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:14:19.0758 3664 pcw - ok

15:14:19.0820 3664 [ 52243E196BB773B5163700B183A67123 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe

15:14:19.0836 3664 PDFProFiltSrv - ok

15:14:19.0867 3664 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:14:19.0883 3664 PEAUTH - ok

15:14:19.0945 3664 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

15:14:19.0976 3664 PeerDistSvc - ok

15:14:20.0070 3664 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:14:20.0085 3664 PerfHost - ok

15:14:20.0132 3664 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:14:20.0179 3664 pla - ok

15:14:20.0195 3664 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:14:20.0226 3664 PlugPlay - ok

15:14:20.0241 3664 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:14:20.0241 3664 PNRPAutoReg - ok

15:14:20.0257 3664 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:14:20.0257 3664 PNRPsvc - ok

15:14:20.0319 3664 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

15:14:20.0319 3664 Point64 - ok

15:14:20.0351 3664 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:14:20.0366 3664 PolicyAgent - ok

15:14:20.0397 3664 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

15:14:20.0397 3664 Power - ok

15:14:20.0429 3664 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:14:20.0429 3664 PptpMiniport - ok

15:14:20.0444 3664 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

15:14:20.0444 3664 Processor - ok

15:14:20.0491 3664 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:14:20.0491 3664 ProfSvc - ok

15:14:20.0507 3664 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:14:20.0507 3664 ProtectedStorage - ok

15:14:20.0538 3664 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:14:20.0553 3664 Psched - ok

15:14:20.0585 3664 [ BCCEA08C45BEA866FFD2AF32D23611B5 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys

15:14:20.0600 3664 PTDUBus - ok

15:14:20.0631 3664 [ F94A0753921E97CEBB9002682097149A ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys

15:14:20.0647 3664 PTDUMdm - ok

15:14:20.0678 3664 [ AC70CDAE9E26D26EF6F41C3C23087AAE ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys

15:14:20.0678 3664 PTDUVsp - ok

15:14:20.0709 3664 [ 1D2BD34A8E5C9EFD75085AF598A7D9B4 ] PTDUWFLT C:\Windows\system32\DRIVERS\PTDUWFLT.sys

15:14:20.0709 3664 PTDUWFLT - ok

15:14:20.0741 3664 [ 3D47D2AE93FDF671C3C997B2FAC4E13F ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys

15:14:20.0741 3664 PTDUWWAN - ok

15:14:20.0803 3664 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

15:14:20.0865 3664 ql2300 - ok

15:14:20.0912 3664 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

15:14:20.0912 3664 ql40xx - ok

15:14:20.0943 3664 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:14:20.0959 3664 QWAVE - ok

15:14:20.0975 3664 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:14:20.0975 3664 QWAVEdrv - ok

15:14:20.0990 3664 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:14:20.0990 3664 RasAcd - ok

15:14:21.0021 3664 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:14:21.0021 3664 RasAgileVpn - ok

15:14:21.0037 3664 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:14:21.0037 3664 RasAuto - ok

15:14:21.0068 3664 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:14:21.0068 3664 Rasl2tp - ok

15:14:21.0099 3664 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:14:21.0099 3664 RasMan - ok

15:14:21.0115 3664 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:14:21.0115 3664 RasPppoe - ok

15:14:21.0146 3664 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:14:21.0146 3664 RasSstp - ok

15:14:21.0162 3664 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:14:21.0162 3664 rdbss - ok

15:14:21.0177 3664 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

15:14:21.0177 3664 rdpbus - ok

15:14:21.0209 3664 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:14:21.0209 3664 RDPCDD - ok

15:14:21.0240 3664 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

15:14:21.0240 3664 RDPDR - ok

15:14:21.0255 3664 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:14:21.0255 3664 RDPENCDD - ok

15:14:21.0271 3664 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:14:21.0271 3664 RDPREFMP - ok

15:14:21.0318 3664 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

15:14:21.0318 3664 RdpVideoMiniport - ok

15:14:21.0349 3664 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:14:21.0349 3664 RDPWD - ok

15:14:21.0380 3664 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:14:21.0380 3664 rdyboost - ok

15:14:21.0411 3664 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:14:21.0411 3664 RemoteAccess - ok

15:14:21.0427 3664 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:14:21.0443 3664 RemoteRegistry - ok

15:14:21.0474 3664 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys

15:14:21.0474 3664 rimmptsk - ok

15:14:21.0505 3664 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys

15:14:21.0505 3664 rimsptsk - ok

15:14:21.0552 3664 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

15:14:21.0552 3664 RimUsb - ok

15:14:21.0599 3664 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

15:14:21.0599 3664 RimVSerPort - ok

15:14:21.0614 3664 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys

15:14:21.0614 3664 rismxdp - ok

15:14:21.0645 3664 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

15:14:21.0645 3664 ROOTMODEM - ok

15:14:21.0661 3664 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:14:21.0677 3664 RpcEptMapper - ok

15:14:21.0692 3664 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:14:21.0692 3664 RpcLocator - ok

15:14:21.0739 3664 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:14:21.0739 3664 RpcSs - ok

15:14:21.0770 3664 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:14:21.0770 3664 rspndr - ok

15:14:21.0801 3664 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

15:14:21.0801 3664 s3cap - ok

15:14:21.0817 3664 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:14:21.0817 3664 SamSs - ok

15:14:21.0833 3664 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:14:21.0833 3664 sbp2port - ok

15:14:21.0911 3664 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

15:14:21.0926 3664 SBSDWSCService - ok

15:14:21.0957 3664 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:14:21.0957 3664 SCardSvr - ok

15:14:22.0004 3664 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

15:14:22.0004 3664 SCDEmu - ok

15:14:22.0051 3664 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:14:22.0051 3664 scfilter - ok

15:14:22.0098 3664 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:14:22.0145 3664 Schedule - ok

15:14:22.0176 3664 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:14:22.0176 3664 SCPolicySvc - ok

15:14:22.0207 3664 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

15:14:22.0207 3664 sdbus - ok

15:14:22.0238 3664 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:14:22.0238 3664 SDRSVC - ok

15:14:22.0269 3664 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:14:22.0269 3664 secdrv - ok

15:14:22.0285 3664 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:14:22.0301 3664 seclogon - ok

15:14:22.0316 3664 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:14:22.0332 3664 SENS - ok

15:14:22.0332 3664 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:14:22.0347 3664 SensrSvc - ok

15:14:22.0363 3664 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:14:22.0363 3664 Serenum - ok

15:14:22.0379 3664 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

15:14:22.0379 3664 Serial - ok

15:14:22.0394 3664 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

15:14:22.0394 3664 sermouse - ok

15:14:22.0425 3664 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:14:22.0425 3664 SessionEnv - ok

15:14:22.0441 3664 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

15:14:22.0441 3664 sffdisk - ok

15:14:22.0457 3664 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:14:22.0457 3664 sffp_mmc - ok

15:14:22.0488 3664 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

15:14:22.0488 3664 sffp_sd - ok

15:14:22.0503 3664 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

15:14:22.0535 3664 sfloppy - ok

15:14:22.0566 3664 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:14:22.0566 3664 SharedAccess - ok

15:14:22.0597 3664 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:14:22.0613 3664 ShellHWDetection - ok

15:14:22.0628 3664 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:14:22.0628 3664 SiSRaid2 - ok

15:14:22.0644 3664 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

15:14:22.0644 3664 SiSRaid4 - ok

15:14:22.0706 3664 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:14:22.0706 3664 SkypeUpdate - ok

15:14:22.0737 3664 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:14:22.0737 3664 Smb - ok

15:14:22.0800 3664 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:14:22.0800 3664 SNMPTRAP - ok

15:14:22.0815 3664 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:14:22.0815 3664 spldr - ok

15:14:22.0847 3664 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:14:22.0847 3664 Spooler - ok

15:14:22.0956 3664 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:14:22.0971 3664 sppsvc - ok

15:14:22.0987 3664 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:14:22.0987 3664 sppuinotify - ok

15:14:23.0034 3664 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

15:14:23.0034 3664 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

15:14:23.0034 3664 sptd ( LockedFile.Multi.Generic ) - warning

15:14:23.0034 3664 sptd - detected LockedFile.Multi.Generic (1)

15:14:23.0065 3664 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:14:23.0081 3664 srv - ok

15:14:23.0127 3664 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:14:23.0143 3664 srv2 - ok

15:14:23.0159 3664 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:14:23.0159 3664 srvnet - ok

15:14:23.0190 3664 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:14:23.0190 3664 SSDPSRV - ok

15:14:23.0205 3664 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:14:23.0205 3664 SstpSvc - ok

15:14:23.0299 3664 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

15:14:23.0299 3664 STacSV - ok

15:14:23.0330 3664 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

15:14:23.0330 3664 stexstor - ok

15:14:23.0377 3664 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

15:14:23.0393 3664 STHDA - ok

15:14:23.0439 3664 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:14:23.0471 3664 stisvc - ok

15:14:23.0502 3664 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

15:14:23.0502 3664 storflt - ok

15:14:23.0533 3664 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

15:14:23.0533 3664 storvsc - ok

15:14:23.0564 3664 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

15:14:23.0564 3664 swenum - ok

15:14:23.0580 3664 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:14:23.0595 3664 swprv - ok

15:14:23.0611 3664 Synth3dVsc - ok

15:14:23.0673 3664 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:14:23.0736 3664 SysMain - ok

15:14:23.0751 3664 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:14:23.0767 3664 TabletInputService - ok

15:14:23.0783 3664 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:14:23.0783 3664 TapiSrv - ok

15:14:23.0798 3664 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:14:23.0798 3664 TBS - ok

15:14:23.0861 3664 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:14:23.0907 3664 Tcpip - ok

15:14:23.0985 3664 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:14:24.0001 3664 TCPIP6 - ok

15:14:24.0032 3664 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:14:24.0032 3664 tcpipreg - ok

15:14:24.0048 3664 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:14:24.0048 3664 TDPIPE - ok

15:14:24.0079 3664 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:14:24.0079 3664 TDTCP - ok

15:14:24.0110 3664 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:14:24.0126 3664 tdx - ok

15:14:24.0141 3664 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

15:14:24.0141 3664 TermDD - ok

15:14:24.0173 3664 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:14:24.0204 3664 TermService - ok

15:14:24.0204 3664 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:14:24.0219 3664 Themes - ok

15:14:24.0235 3664 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:14:24.0235 3664 THREADORDER - ok

15:14:24.0266 3664 [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys

15:14:24.0266 3664 tifsfilter - ok

15:14:24.0282 3664 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:14:24.0282 3664 TrkWks - ok

15:14:24.0329 3664 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:14:24.0329 3664 TrustedInstaller - ok

15:14:24.0344 3664 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:14:24.0344 3664 tssecsrv - ok

15:14:24.0375 3664 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:14:24.0391 3664 TsUsbFlt - ok

15:14:24.0391 3664 tsusbhub - ok

15:14:24.0422 3664 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:14:24.0422 3664 tunnel - ok

15:14:24.0453 3664 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

15:14:24.0453 3664 uagp35 - ok

15:14:24.0485 3664 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:14:24.0485 3664 udfs - ok

15:14:24.0516 3664 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:14:24.0516 3664 UI0Detect - ok

15:14:24.0531 3664 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:14:24.0547 3664 uliagpkx - ok

15:14:24.0578 3664 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

15:14:24.0578 3664 umbus - ok

15:14:24.0594 3664 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

15:14:24.0594 3664 UmPass - ok

15:14:24.0609 3664 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

15:14:24.0609 3664 UmRdpService - ok

15:14:24.0625 3664 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:14:24.0641 3664 upnphost - ok

15:14:24.0672 3664 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:14:24.0672 3664 USBAAPL64 - ok

15:14:24.0703 3664 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

15:14:24.0703 3664 usbaudio - ok

15:14:24.0734 3664 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:14:24.0734 3664 usbccgp - ok

15:14:24.0765 3664 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:14:24.0765 3664 usbcir - ok

15:14:24.0781 3664 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:14:24.0781 3664 usbehci - ok

15:14:24.0812 3664 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:14:24.0828 3664 usbhub - ok

15:14:24.0843 3664 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

15:14:24.0843 3664 usbohci - ok

15:14:24.0859 3664 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:14:24.0859 3664 usbprint - ok

15:14:24.0890 3664 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:14:24.0890 3664 usbscan - ok

15:14:24.0921 3664 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:14:24.0921 3664 USBSTOR - ok

15:14:24.0937 3664 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

15:14:24.0937 3664 usbuhci - ok

15:14:24.0968 3664 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

15:14:24.0984 3664 usbvideo - ok

15:14:24.0984 3664 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:14:24.0984 3664 UxSms - ok

15:14:25.0015 3664 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:14:25.0015 3664 VaultSvc - ok

15:14:25.0031 3664 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:14:25.0031 3664 vdrvroot - ok

15:14:25.0062 3664 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:14:25.0093 3664 vds - ok

15:14:25.0109 3664 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:14:25.0109 3664 vga - ok

15:14:25.0124 3664 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:14:25.0124 3664 VgaSave - ok

15:14:25.0155 3664 VGPU - ok

15:14:25.0187 3664 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:14:25.0187 3664 vhdmp - ok

15:14:25.0202 3664 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:14:25.0202 3664 viaide - ok

15:14:25.0233 3664 [ C69A784BEC737CD7460EBF3C3834D65E ] vidsflt53 C:\Windows\system32\DRIVERS\vsflt53.sys

15:14:25.0249 3664 vidsflt53 - ok

15:14:25.0265 3664 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

15:14:25.0265 3664 vmbus - ok

15:14:25.0280 3664 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

15:14:25.0280 3664 VMBusHID - ok

15:14:25.0296 3664 VMnetAdapter - ok

15:14:25.0327 3664 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:14:25.0327 3664 volmgr - ok

15:14:25.0358 3664 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:14:25.0358 3664 volmgrx - ok

15:14:25.0374 3664 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:14:25.0389 3664 volsnap - ok

15:14:25.0421 3664 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys

15:14:25.0421 3664 vpcbus - ok

15:14:25.0436 3664 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys

15:14:25.0436 3664 vpcusb - ok

15:14:25.0467 3664 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

15:14:25.0467 3664 vsmraid - ok

15:14:25.0514 3664 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:14:25.0577 3664 VSS - ok

15:14:25.0592 3664 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:14:25.0592 3664 vwifibus - ok

15:14:25.0608 3664 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:14:25.0608 3664 vwififlt - ok

15:14:25.0655 3664 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:14:25.0670 3664 vwifimp - ok

15:14:25.0701 3664 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:14:25.0733 3664 W32Time - ok

15:14:25.0748 3664 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

15:14:25.0748 3664 WacomPen - ok

15:14:25.0795 3664 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:14:25.0811 3664 WANARP - ok

15:14:25.0811 3664 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:14:25.0811 3664 Wanarpv6 - ok

15:14:25.0889 3664 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:14:25.0889 3664 WatAdminSvc - ok

15:14:25.0935 3664 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:14:25.0982 3664 wbengine - ok

15:14:25.0998 3664 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:14:26.0013 3664 WbioSrvc - ok

15:14:26.0060 3664 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:14:26.0076 3664 wcncsvc - ok

15:14:26.0107 3664 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:14:26.0107 3664 WcsPlugInService - ok

15:14:26.0123 3664 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

15:14:26.0138 3664 Wd - ok

15:14:26.0169 3664 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:14:26.0216 3664 Wdf01000 - ok

15:14:26.0232 3664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:14:26.0232 3664 WdiServiceHost - ok

15:14:26.0247 3664 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:14:26.0247 3664 WdiSystemHost - ok

15:14:26.0263 3664 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:14:26.0279 3664 WebClient - ok

15:14:26.0294 3664 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:14:26.0310 3664 Wecsvc - ok

15:14:26.0325 3664 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:14:26.0325 3664 wercplsupport - ok

15:14:26.0341 3664 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:14:26.0341 3664 WerSvc - ok

15:14:26.0372 3664 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:14:26.0372 3664 WfpLwf - ok

15:14:26.0435 3664 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

15:14:26.0450 3664 WimFltr - ok

15:14:26.0466 3664 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:14:26.0466 3664 WIMMount - ok

15:14:26.0481 3664 WinDefend - ok

15:14:26.0497 3664 WinHttpAutoProxySvc - ok

15:14:26.0559 3664 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:14:26.0559 3664 Winmgmt - ok

15:14:26.0637 3664 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:14:26.0715 3664 WinRM - ok

15:14:26.0747 3664 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

15:14:26.0747 3664 WinUsb - ok

15:14:26.0793 3664 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:14:26.0825 3664 Wlansvc - ok

15:14:26.0856 3664 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

15:14:26.0856 3664 WmiAcpi - ok

15:14:26.0871 3664 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:14:26.0887 3664 wmiApSrv - ok

15:14:26.0918 3664 WMPNetworkSvc - ok

15:14:26.0934 3664 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:14:26.0934 3664 WPCSvc - ok

15:14:26.0949 3664 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:14:26.0965 3664 WPDBusEnum - ok

15:14:26.0981 3664 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:14:26.0981 3664 ws2ifsl - ok

15:14:26.0996 3664 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

15:14:26.0996 3664 wscsvc - ok

15:14:27.0012 3664 WSearch - ok

15:14:27.0090 3664 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:14:27.0152 3664 wuauserv - ok

15:14:27.0168 3664 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:14:27.0168 3664 WudfPf - ok

15:14:27.0199 3664 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:14:27.0199 3664 WUDFRd - ok

15:14:27.0230 3664 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:14:27.0246 3664 wudfsvc - ok

15:14:27.0261 3664 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

15:14:27.0261 3664 WwanSvc - ok

15:14:27.0308 3664 ================ Scan global ===============================

15:14:27.0324 3664 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:14:27.0355 3664 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

15:14:27.0355 3664 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

15:14:27.0371 3664 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:14:27.0402 3664 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:14:27.0417 3664 [Global] - ok

15:14:27.0417 3664 ================ Scan MBR ==================================

15:14:27.0433 3664 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

15:14:27.0885 3664 \Device\Harddisk0\DR0 - ok

15:14:27.0885 3664 ================ Scan VBR ==================================

15:14:27.0932 3664 [ 3F517D68D6BFBE7E40EF4DAC3ADEC045 ] \Device\Harddisk0\DR0\Partition1

15:14:27.0932 3664 \Device\Harddisk0\DR0\Partition1 - ok

15:14:27.0932 3664 [ BFCB31D4157D9B1B8C3692545868638B ] \Device\Harddisk0\DR0\Partition2

15:14:27.0932 3664 \Device\Harddisk0\DR0\Partition2 - ok

15:14:27.0932 3664 ============================================================

15:14:27.0932 3664 Scan finished

15:14:27.0932 3664 ============================================================

15:14:27.0963 0964 Detected object count: 1

15:14:27.0963 0964 Actual detected object count: 1

15:14:49.0008 0964 sptd ( LockedFile.Multi.Generic ) - skipped by user

15:14:49.0008 0964 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

15:15:02.0346 3024 Deinitialize success

6. RogueKiller downloaded and run, results below...

RogueKiller V8.5.0 [Feb 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ken [Admin rights]

Mode : Scan -- Date : 02/09/2013 15:48:51

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤

[TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU458B.tmp.exe -> FOUND

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU3CA4.tmp.exe -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250421ASG ATA Device +++++

--- User ---

[MBR] b7693a2bf58ae1342f3804dee50cc93f

[bSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 228092 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02092013_02d1548.txt >>

RKreport[1]_S_02092013_02d1548.txt

ESET Security re-enabled, files posted.

All steps completed as requested...

Link to post
Share on other sites

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Right-Click RogueKiller and select Run as Administrator.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU458B.tmp.exe -> FOUND
    [TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp\IHU3CA4.tmp.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Step 4

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other services

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Step 5

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Link to post
Share on other sites

Wow that was fast!

Ok, round 2...Ding!

1. ESET disabled, RogueKiller run, report below...

RogueKiller V8.5.0 [Feb 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo...uekiller/

Website : http://tigzy.geeksto...iller.php

Blog : http://tigzyrk.blogs...spot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Ken [Admin rights]

Mode : Remove -- Date : 02/09/2013 17:35:37

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤

[TASK][sUSP PATH] IHSelfDeleteTASK : CMD /C DEL C:\Users\Ken\AppData\Local\Temp

\IHU458B.tmp.exe -> DELETED

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Ken\AppData\Local

\Temp\IHU3CA4.tmp.exe -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) ->

REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1)

-> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) ->

NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) ->

NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) ->

NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.007guard.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>007guard.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>008i.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.008k.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>008k.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.00hq.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>00hq.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>010402.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.032439.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>032439.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.0scan.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>0scan.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>1000gratisproben.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.1000gratisproben.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>1001namen.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.1001namen.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>100888290cs.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.100888290cs.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>www.100sexlinks.com

127.0.0.1<span class="Apple-tab-span" style="white-space:pre"> </span>100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250421ASG ATA Device +++++

--- User ---

[MBR] b7693a2bf58ae1342f3804dee50cc93f

[bSP] 43e2be632fa467e7e97cb39987fa84d2 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 141 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 290816 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21262336 | Size: 228092 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_02092013_02d1735.txt >>

RKreport[1]_S_02092013_02d1548.txt ; RKreport[2]_S_02092013_02d1732.txt ; RKreport

[3]_D_02092013_02d1735.txt

2. aswMBR downloaded and run, Fix button was not enabled, see log below...

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-09 21:11:58

-----------------------------

21:11:58.270 OS Version: Windows x64 6.1.7601 Service Pack 1

21:11:58.270 Number of processors: 2 586 0x1706

21:11:58.271 ComputerName: STUDIO-64 UserName: Ken

21:11:59.168 Initialize success

21:12:23.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:12:23.388 Disk 0 Vendor: ST9250421ASG DE14 Size: 238475MB BusType: 11

21:12:23.462 Disk 0 MBR read successfully

21:12:23.466 Disk 0 MBR scan

21:12:23.470 Disk 0 Windows 7 default MBR code

21:12:23.472 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 141 MB

offset 63

21:12:23.482 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB

offset 290816

21:12:23.486 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228092 MB

offset 21262336

21:12:23.501 Disk 0 scanning C:\Windows\system32\drivers

21:12:32.987 Service scanning

21:12:43.956 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

21:12:47.520 Modules scanning

21:12:47.534 Scan finished successfully

21:15:37.700 Disk 0 MBR has been saved successfully to "C:\Users\Ken\Desktop

\MBR.dat"

21:15:37.704 The log file has been saved successfully to "C:\Users\Ken\Desktop

\aswMBR.txt"

3. MBAM Scan, see log below...

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.09.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ken :: STUDIO-64 [administrator]

Protection: Enabled

2/9/2013 9:36:39 PM

mbam-log-2013-02-09 (21-36-39).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 214543

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

4. downloaded and ran FSS, see log below...

Farbar Service Scanner Version: 30-01-2013

Ran by Ken (administrator) on 09-02-2013 at 21:54:00

Running from "C:\Users\Ken\Desktop"

Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Google IP is offline

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters

\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

5. Download and ran MSRT, see log below...

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013

Started On Sat Feb 09 22:20:24 2013

->Scan ERROR: resource process://pid:3992 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:3120 (code 0x00000490 (1168))

->Scan ERROR: resource process://pid:3288 (code 0x00000005 (5))

Results Summary:

----------------

No infection found.

All steps completed as requested.

Edited by Maurice Naggar
Link to post
Share on other sites

Your last post had a lot of extra (unwanted) formatting. I have edited & adjusted that.

What you need to do, when replying

is click on the More Reply Options button at the bottom of the forum topic,

and then make sure that the "toolbar at top of the reply box" is OFF. If it is on, click 1 time on the light-switch icon so that it is off.

Further, I want you to "preview" your post before pressing the final "Add reply" button :excl:

Now, then, I really need to know, IF you are seeing the "not Genuine" Windows message icon_question.gif

IF yes, then I need all details {when / how / where .....etc}

btw, the MBAM scan results is good, as well as the others.

Link to post
Share on other sites

Ok, sorry about that, I don't know how it happened.

I create the responses in notepad and then cut and paste it into here so that I don't have any browser open when running the scans.

As to your "when/how/where" question,

When? it usually pops up within the first 30-60 minutes of the machine being on

How? not sure how to answer this w/o being sarcastic

Where? on the center of my screen, regardless of what else is running

See for yourself...

post-125855-0-55623500-1360585231.jpg

Link to post
Share on other sites

Here are some suggestions for you, regarding WGA issue

1) Since this is a Dell machine, and I presume you are the original buyer, DO get help at DELL customer support.

OEM machines are auto-activated and you ought not to be seeing this "issue".

2) Review / dig into this MS reference

http://windows.micro...elp/genuine/faq

Also see Windows Activation Technologies in Windows 7

3) To properly analyse and solve problems with Activation and Validation, one needs to see a full copy of the report produced by the MGADiag tool (download and save to desktop -

http://go.microsoft....k/?linkid=52012 ) Once saved, run the tool.

Click on the Continue button, which will produce the report.

To copy the report to your response, click on the Copy button in the tool (ignore any error messages at this point), and then paste (using either r-click/Paste, or Ctrl+V ) into your response.

- **in your own thread**, please

Please also state the Version and Edition of Windows quoted on your COA sticker (if you have one) on the case of your machine (or inside the battery compartment), but do NOT quote the Key on the sticker!

http://www.microsoft...l/Hardware.aspx

{with thanks to NoelDP for the MGADiag bits }

Edited by Maurice Naggar
Link to post
Share on other sites

Thanks again for your quick responses,

Ok, well as is my SOP...

1. the machine is out of warranty by more than a year

2. the FAQ didn't really help much

3.the MGA Diags returned an error when trying to get a report (the MGADiagToolOutput folder was empty as well), so here is a screen shot

post-125855-0-60669700-1360605329.jpg

and if you need any of the other tabs, I have screenshots of them as well.

I get the feeling we're running out of options, please tell me I'm wrong...lol

Link to post
Share on other sites

It does not matter if the machine is or is not in warranty. You should go to the Dell support website and get help for free. The o.s. is preloaded by them and they should help out.

You may provide them a link to this topic, if you wish.

An alternate choice, is to check the Sevenforums forum

http://www.sevenforums.com/windows-updates-activation/234159-windows-genuine-activation-issue-posting-instructions.html

Link to post
Share on other sites

Thank you, I wholeheartedly agree with you that Dell should help me for free, however they have a different economical perspective than you and I and are steadfast in expecting payment for any "Out of Warranty" support.

Thank you for all your help, I will see what I can accomplish at sevenforums.....God Bless!

Link to post
Share on other sites

You should do well at Sevenforums. I expect so.

I'd meant the Dell support website-forum {that's what I had in mind}.

In any event, I do wish you well. I will close this now. If you should feel the need to re-open this in the next few days, ping me by pm.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.