Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus!!


  • Please log in to reply
13 replies to this topic

#1 Trevrev

Trevrev

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 25 April 2012 - 06:31 AM

Hi Guys,
Running a dell inspirion laptop, windows 7.
Yesterday my son was playing on "Moshi Monsters", a very popular online childrens, Play/Network site.

He had, what he said was a strange window pop-up, so he just closed it and then the Laptop just went blank!
After alot of playing about trying to get a very frozen laptop to do anything, i managed to run superantispyware.
It picked up Trojan.agent/gen-injector in 12 locations.

It quarantined the offending critter, shutdown and rebooted. Said it was all clear!
I also ran Malwarebytes after which came up clean.
Forgot to say, the Anti Virus we have is Sophos, which didn't detect anything!!!!

The laptop seemed to run fine after that.
Just to be safe, in my eyes at least, i also did a system restore, and rolled it back a few weeks to when i knew it was clean. Not sure if this does any good!

Just to be safe again i ran scans, with SAS, MBAM, And Sophos. All came back clear.

Can i take it that the offending virus has gone?

Still a bit pi**ed that The virus just skipped past Sophos without any problem!

Hope that all made sense......Thanks for any input.

This laptop is always wired, never wireless!

Trevor.

Edited by Trevrev, 25 April 2012 - 08:44 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 25 April 2012 - 11:11 AM

Hello, this should be OK.. I'd like to do a few thimgs to ge sure as an injector wants to infect every .exe file.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed..



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 25 April 2012 - 01:58 PM

MINI TOOLBOX LOG:-


MiniToolBox by Farbar Version: 18-01-2012
Ran by Jenny Day (administrator) on 25-04-2012 at 19:53:31
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JennyDay-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : AC-72-89-26-F1-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : AC-72-89-26-F1-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : AC-72-89-26-F1-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 18-03-73-62-44-62
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c0df:41c:167:d2af%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 25 April 2012 19:30:38
Lease Expires . . . . . . . . . . : 26 April 2012 19:30:38
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 286786419
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B9-6E-45-18-03-73-62-44-62
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : AC-72-89-26-F1-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B2499D6D-788A-4F10-8B6D-DF6C7251B07C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A05F0839-EE0E-4B64-97E6-0E64B06B7BEC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{C15607B5-FBEC-4B3D-A1E4-591AC5C8B835}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF3F53E5-0CAA-41C8-92BA-4847D7EB7A47}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F2031596-0298-4F0A-A101-FF69E9596BDC}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:300e:1a51:3f57:fffd(Preferred)
Link-local IPv6 Address . . . . . : fe80::300e:1a51:3f57:fffd%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www.routerlogin.com
Address: 192.168.0.1

Name: google.com
Addresses: 173.194.34.164
173.194.34.167
173.194.34.169
173.194.34.168
173.194.34.163
173.194.34.161
173.194.34.166
173.194.34.160
173.194.34.174
173.194.34.162
173.194.34.165


Pinging google.com [173.194.34.164] with 32 bytes of data:
Reply from 173.194.34.164: bytes=32 time=30ms TTL=54
Reply from 173.194.34.164: bytes=32 time=30ms TTL=54

Ping statistics for 173.194.34.164:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 30ms, Average = 30ms
Server: www.routerlogin.com
Address: 192.168.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=234ms TTL=47
Reply from 98.139.183.24: bytes=32 time=157ms TTL=47

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 157ms, Maximum = 234ms, Average = 195ms
Server: www.routerlogin.com
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...ac 72 89 26 f1 52 ......Microsoft Virtual WiFi Miniport Adapter #2
15...ac 72 89 26 f1 52 ......Microsoft Virtual WiFi Miniport Adapter
14...ac 72 89 26 f1 51 ......Intel® Centrino® Wireless-N 1030
13...18 03 73 62 44 62 ......Realtek PCIe FE Family Controller
12...ac 72 89 26 f1 55 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:73b8:300e:1a51:3f57:fffd/128
On-link
13 276 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::300e:1a51:3f57:fffd/128
On-link
13 276 fe80::c0df:41c:167:d2af/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [80408] (Sophos Limited)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 16 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 17 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 18 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 19 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [116760] (Sophos Limited)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/25/2012 06:13:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2012 04:51:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2012 07:38:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2012 06:15:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2012 06:14:16 PM) (Source: Sophos Anti-Virus) (User: )
Description: No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory cannot be returned.

Error: (04/24/2012 06:14:15 PM) (Source: Sophos Anti-Virus) (User: )
Description: No versions of component 'MessageResDSFactory' are registered. MessageResDSFactory cannot be returned.

Error: (04/24/2012 05:19:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2012 04:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 210336

Error: (04/24/2012 04:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 210336

Error: (04/24/2012 04:59:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/25/2012 06:10:54 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/24/2012 05:18:41 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 16:59:36 on ?24/?04/?2012 was unexpected.

Error: (04/24/2012 05:16:50 PM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (04/24/2012 05:16:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Error: (04/24/2012 05:16:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (04/24/2012 05:15:50 PM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (04/24/2012 05:15:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.

Error: (04/24/2012 05:15:20 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (04/24/2012 05:14:50 PM) (Source: Service Control Manager) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error:
%%1053

Error: (04/24/2012 05:14:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.233)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.233)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Blio (Version: 2.3.7140)
Bonjour (Version: 3.0.0.10)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.65)
Dell Product Registration (Version: 1.0.3)
Dell Stage (Version: 1.7.209.0)
Dell Support Center (Version: 3.1.5907.29)
Dell Touchpad (Version: 7.1209.101.204)
Dell VideoStage (Version: 1.2.0.1712)
Dell Webcam Central (Version: 2.00.44)
DirectX 9 Runtime (Version: 1.00.0000)
eBay (Version: 1.4.0)
Epson Easy Photo Print 2 (Version: 2.1.0.0)
Epson Event Manager (Version: 2.20.00)
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
High-Definition Video Playback (Version: 11.1.10400.2.65)
IDT Audio (Version: 1.0.6324.0)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1118)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.0.0454)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® WiDi (Version: 2.1.35.0)
Intel® Wireless Display
iTunes (Version: 10.6.1.7)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 11.0 (x86 en-GB) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 10 Movie ThemePack Basic (Version: 10.6.10000.1.0)
Nero Control Center 10 (Version: 10.6.13000.0.11)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.19900.9.11)
Nero Update (Version: 11.0.10623.22.0)
PhotoShowExpress (Version: 2.0.063)
PlayReady PC Runtime x86 (Version: 1.3.0)
Quickset64 (Version: 10.09.20)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek Ethernet Controller Driver (Version: 7.31.1025.2010)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30126)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.169)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sophos Anti-Virus (Version: 10.0.3)
Sophos AutoUpdate (Version: 2.6.0)
SUPERAntiSpyware (Version: 5.0.1132)
SyncUP (Version: 1.10.11100.8.106)
SyncUP (Version: 10.2.13500)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01) (Version: 6.03.00.9188)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.10 (64-bit) (Version: 4.10.0)
Zinio Reader 4 (Version: 4.2.4164)

========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4003.18 MB
Available physical RAM: 2377.7 MB
Total Pagefile: 8004.54 MB
Available Pagefile: 6022.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.49 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:399.42 GB) NTFS

========================= Users: ========================================

User accounts for \\JENNYDAY-PC

Administrator Guest Jenny Day
SophosSAUJENNYDAY-P0


**** End of log ****

#4 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 25 April 2012 - 02:12 PM

TDSS KILLER LOG:-

20:07:51.0001 6280 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:07:51.0250 6280 ============================================================
20:07:51.0250 6280 Current date / time: 2012/04/25 20:07:51.0250
20:07:51.0250 6280 SystemInfo:
20:07:51.0250 6280
20:07:51.0250 6280 OS Version: 6.1.7601 ServicePack: 1.0
20:07:51.0250 6280 Product type: Workstation
20:07:51.0250 6280 ComputerName: JENNYDAY-PC
20:07:51.0250 6280 UserName: Jenny Day
20:07:51.0250 6280 Windows directory: C:\windows
20:07:51.0250 6280 System windows directory: C:\windows
20:07:51.0250 6280 Running under WOW64
20:07:51.0250 6280 Processor architecture: Intel x64
20:07:51.0250 6280 Number of processors: 4
20:07:51.0250 6280 Page size: 0x1000
20:07:51.0250 6280 Boot type: Normal boot
20:07:51.0250 6280 ============================================================
20:07:51.0687 6280 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:51.0703 6280 ============================================================
20:07:51.0703 6280 \Device\Harddisk0\DR0:
20:07:51.0703 6280 MBR partitions:
20:07:51.0703 6280 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
20:07:51.0703 6280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
20:07:51.0703 6280 ============================================================
20:07:51.0734 6280 C: <-> \Device\Harddisk0\DR0\Partition1
20:07:51.0734 6280 ============================================================
20:07:51.0734 6280 Initialize success
20:07:51.0734 6280 ============================================================
20:08:24.0449 6484 ============================================================
20:08:24.0449 6484 Scan started
20:08:24.0449 6484 Mode: Manual;
20:08:24.0449 6484 ============================================================
20:08:24.0839 6484 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:08:24.0855 6484 !SASCORE - ok
20:08:25.0167 6484 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:08:25.0213 6484 1394ohci - ok
20:08:25.0276 6484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:08:25.0291 6484 ACPI - ok
20:08:25.0291 6484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:08:25.0323 6484 AcpiPmi - ok
20:08:25.0494 6484 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:08:25.0494 6484 AdobeARMservice - ok
20:08:25.0666 6484 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:08:25.0666 6484 AdobeFlashPlayerUpdateSvc - ok
20:08:25.0759 6484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
20:08:25.0791 6484 adp94xx - ok
20:08:25.0869 6484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
20:08:25.0900 6484 adpahci - ok
20:08:25.0947 6484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
20:08:25.0993 6484 adpu320 - ok
20:08:26.0040 6484 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:08:26.0040 6484 AeLookupSvc - ok
20:08:26.0165 6484 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
20:08:26.0165 6484 AESTFilters - ok
20:08:26.0290 6484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:08:26.0290 6484 AFD - ok
20:08:26.0352 6484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:08:26.0383 6484 agp440 - ok
20:08:26.0415 6484 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:08:26.0415 6484 ALG - ok
20:08:26.0430 6484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:08:26.0461 6484 aliide - ok
20:08:26.0477 6484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:08:26.0493 6484 amdide - ok
20:08:26.0508 6484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
20:08:26.0539 6484 AmdK8 - ok
20:08:26.0555 6484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
20:08:26.0571 6484 AmdPPM - ok
20:08:26.0633 6484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:08:26.0664 6484 amdsata - ok
20:08:26.0680 6484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
20:08:26.0695 6484 amdsbs - ok
20:08:26.0711 6484 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:08:26.0711 6484 amdxata - ok
20:08:26.0805 6484 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
20:08:26.0805 6484 ApfiltrService - ok
20:08:26.0851 6484 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:08:26.0883 6484 AppID - ok
20:08:26.0914 6484 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:08:26.0929 6484 AppIDSvc - ok
20:08:26.0945 6484 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:08:26.0945 6484 Appinfo - ok
20:08:27.0070 6484 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:08:27.0070 6484 Apple Mobile Device - ok
20:08:27.0132 6484 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
20:08:27.0163 6484 arc - ok
20:08:27.0179 6484 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
20:08:27.0195 6484 arcsas - ok
20:08:27.0366 6484 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:08:27.0366 6484 aspnet_state - ok
20:08:27.0413 6484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:08:27.0413 6484 AsyncMac - ok
20:08:27.0460 6484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:08:27.0460 6484 atapi - ok
20:08:27.0616 6484 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:08:27.0616 6484 AudioEndpointBuilder - ok
20:08:27.0631 6484 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:08:27.0631 6484 AudioSrv - ok
20:08:27.0694 6484 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:08:27.0694 6484 AxInstSV - ok
20:08:27.0787 6484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
20:08:27.0819 6484 b06bdrv - ok
20:08:27.0912 6484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:08:27.0912 6484 b57nd60a - ok
20:08:27.0975 6484 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:08:27.0975 6484 BDESVC - ok
20:08:28.0021 6484 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:08:28.0021 6484 Beep - ok
20:08:28.0146 6484 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:08:28.0162 6484 BFE - ok
20:08:28.0255 6484 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:08:28.0271 6484 BITS - ok
20:08:28.0365 6484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:08:28.0365 6484 blbdrive - ok
20:08:28.0567 6484 Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:08:28.0583 6484 Bluetooth Device Monitor - ok
20:08:28.0677 6484 Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:08:28.0708 6484 Bluetooth Media Service - ok
20:08:28.0848 6484 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:08:28.0848 6484 Bonjour Service - ok
20:08:29.0020 6484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:08:29.0020 6484 bowser - ok
20:08:29.0082 6484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
20:08:29.0098 6484 BrFiltLo - ok
20:08:29.0113 6484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
20:08:29.0129 6484 BrFiltUp - ok
20:08:29.0191 6484 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:08:29.0207 6484 Browser - ok
20:08:29.0223 6484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:08:29.0269 6484 Brserid - ok
20:08:29.0285 6484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:08:29.0285 6484 BrSerWdm - ok
20:08:29.0301 6484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:08:29.0316 6484 BrUsbMdm - ok
20:08:29.0332 6484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:08:29.0332 6484 BrUsbSer - ok
20:08:29.0410 6484 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:08:29.0425 6484 BthEnum - ok
20:08:29.0488 6484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
20:08:29.0519 6484 BTHMODEM - ok
20:08:29.0566 6484 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:08:29.0581 6484 BthPan - ok
20:08:29.0675 6484 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
20:08:29.0691 6484 BTHPORT - ok
20:08:29.0769 6484 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:08:29.0769 6484 bthserv - ok
20:08:29.0784 6484 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
20:08:29.0784 6484 BTHUSB - ok
20:08:29.0862 6484 btmaux (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
20:08:29.0862 6484 btmaux - ok
20:08:29.0925 6484 btmhsf (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
20:08:29.0925 6484 btmhsf - ok
20:08:29.0956 6484 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:08:29.0956 6484 cdfs - ok
20:08:30.0018 6484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
20:08:30.0018 6484 cdrom - ok
20:08:30.0081 6484 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:08:30.0096 6484 CertPropSvc - ok
20:08:30.0143 6484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
20:08:30.0174 6484 circlass - ok
20:08:30.0268 6484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:08:30.0268 6484 CLFS - ok
20:08:30.0346 6484 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:08:30.0346 6484 clr_optimization_v2.0.50727_32 - ok
20:08:30.0393 6484 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:08:30.0393 6484 clr_optimization_v2.0.50727_64 - ok
20:08:30.0517 6484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:08:30.0517 6484 clr_optimization_v4.0.30319_32 - ok
20:08:30.0580 6484 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:08:30.0580 6484 clr_optimization_v4.0.30319_64 - ok
20:08:30.0642 6484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:08:30.0642 6484 CmBatt - ok
20:08:30.0658 6484 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:08:30.0689 6484 cmdide - ok
20:08:30.0783 6484 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:08:30.0798 6484 CNG - ok
20:08:30.0829 6484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
20:08:30.0829 6484 Compbatt - ok
20:08:30.0892 6484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
20:08:30.0892 6484 CompositeBus - ok
20:08:30.0923 6484 COMSysApp - ok
20:08:30.0923 6484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
20:08:30.0954 6484 crcdisk - ok
20:08:31.0001 6484 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
20:08:31.0001 6484 CryptSvc - ok
20:08:31.0095 6484 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
20:08:31.0095 6484 CtClsFlt - ok
20:08:31.0313 6484 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:08:31.0313 6484 cvhsvc - ok
20:08:31.0391 6484 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:08:31.0407 6484 DcomLaunch - ok
20:08:31.0453 6484 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:08:31.0469 6484 defragsvc - ok
20:08:31.0563 6484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:08:31.0578 6484 DfsC - ok
20:08:31.0656 6484 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:08:31.0656 6484 Dhcp - ok
20:08:31.0703 6484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:08:31.0719 6484 discache - ok
20:08:31.0750 6484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
20:08:31.0750 6484 Disk - ok
20:08:31.0812 6484 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:08:31.0828 6484 Dnscache - ok
20:08:31.0859 6484 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:08:31.0875 6484 dot3svc - ok
20:08:31.0906 6484 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:08:31.0906 6484 DPS - ok
20:08:31.0953 6484 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:08:31.0953 6484 drmkaud - ok
20:08:32.0046 6484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:08:32.0124 6484 DXGKrnl - ok
20:08:32.0155 6484 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:08:32.0155 6484 EapHost - ok
20:08:32.0389 6484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
20:08:32.0545 6484 ebdrv - ok
20:08:32.0701 6484 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:08:32.0701 6484 EFS - ok
20:08:32.0795 6484 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:08:32.0811 6484 ehRecvr - ok
20:08:32.0842 6484 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:08:32.0842 6484 ehSched - ok
20:08:32.0982 6484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
20:08:33.0029 6484 elxstor - ok
20:08:33.0045 6484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:08:33.0060 6484 ErrDev - ok
20:08:33.0154 6484 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:08:33.0169 6484 EventSystem - ok
20:08:33.0435 6484 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:08:33.0450 6484 EvtEng - ok
20:08:33.0637 6484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:08:33.0653 6484 exfat - ok
20:08:33.0684 6484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:08:33.0684 6484 fastfat - ok
20:08:33.0809 6484 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:08:33.0825 6484 Fax - ok
20:08:33.0840 6484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
20:08:33.0856 6484 fdc - ok
20:08:33.0918 6484 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:08:33.0918 6484 fdPHost - ok
20:08:33.0934 6484 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:08:33.0934 6484 FDResPub - ok
20:08:33.0965 6484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:08:33.0965 6484 FileInfo - ok
20:08:33.0996 6484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:08:33.0996 6484 Filetrace - ok
20:08:34.0012 6484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
20:08:34.0043 6484 flpydisk - ok
20:08:34.0059 6484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:08:34.0059 6484 FltMgr - ok
20:08:34.0168 6484 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:08:34.0183 6484 FontCache - ok
20:08:34.0277 6484 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:34.0277 6484 FontCache3.0.0.0 - ok
20:08:34.0339 6484 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:08:34.0339 6484 FsDepends - ok
20:08:34.0402 6484 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:08:34.0402 6484 Fs_Rec - ok
20:08:34.0480 6484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:08:34.0480 6484 fvevol - ok
20:08:34.0527 6484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
20:08:34.0558 6484 gagp30kx - ok
20:08:34.0620 6484 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:08:34.0620 6484 GEARAspiWDM - ok
20:08:34.0745 6484 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:08:34.0761 6484 gpsvc - ok
20:08:34.0761 6484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:08:34.0776 6484 hcw85cir - ok
20:08:34.0854 6484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:08:34.0870 6484 HdAudAddService - ok
20:08:34.0885 6484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
20:08:34.0901 6484 HDAudBus - ok
20:08:34.0901 6484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
20:08:34.0932 6484 HidBatt - ok
20:08:34.0932 6484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
20:08:34.0948 6484 HidBth - ok
20:08:34.0995 6484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
20:08:35.0026 6484 HidIr - ok
20:08:35.0041 6484 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:08:35.0041 6484 hidserv - ok
20:08:35.0104 6484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:08:35.0104 6484 HidUsb - ok
20:08:35.0166 6484 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:08:35.0166 6484 hkmsvc - ok
20:08:35.0229 6484 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:08:35.0229 6484 HomeGroupListener - ok
20:08:35.0322 6484 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:08:35.0322 6484 HomeGroupProvider - ok
20:08:35.0385 6484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:08:35.0416 6484 HpSAMD - ok
20:08:35.0509 6484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:08:35.0525 6484 HTTP - ok
20:08:35.0541 6484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:08:35.0541 6484 hwpolicy - ok
20:08:35.0603 6484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
20:08:35.0603 6484 i8042prt - ok
20:08:35.0665 6484 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
20:08:35.0681 6484 iaStor - ok
20:08:35.0775 6484 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:08:35.0775 6484 IAStorDataMgrSvc - ok
20:08:35.0868 6484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:08:35.0915 6484 iaStorV - ok
20:08:35.0993 6484 iBtFltCoex (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
20:08:35.0993 6484 iBtFltCoex - ok
20:08:36.0133 6484 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:36.0165 6484 idsvc - ok
20:08:36.0820 6484 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
20:08:37.0147 6484 igfx - ok
20:08:37.0319 6484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
20:08:37.0350 6484 iirsp - ok
20:08:37.0444 6484 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:08:37.0444 6484 IKEEXT - ok
20:08:37.0522 6484 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
20:08:37.0522 6484 intaud_WaveExtensible - ok
20:08:37.0631 6484 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
20:08:37.0631 6484 IntcDAud - ok
20:08:37.0647 6484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:08:37.0662 6484 intelide - ok
20:08:37.0725 6484 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:08:37.0725 6484 intelppm - ok
20:08:37.0787 6484 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:08:37.0787 6484 IPBusEnum - ok
20:08:37.0818 6484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:08:37.0818 6484 IpFilterDriver - ok
20:08:37.0912 6484 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:08:37.0927 6484 iphlpsvc - ok
20:08:37.0959 6484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:08:37.0959 6484 IPMIDRV - ok
20:08:38.0005 6484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:08:38.0005 6484 IPNAT - ok
20:08:38.0193 6484 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:08:38.0208 6484 iPod Service - ok
20:08:38.0239 6484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:08:38.0239 6484 IRENUM - ok
20:08:38.0271 6484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:08:38.0302 6484 isapnp - ok
20:08:38.0333 6484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:08:38.0364 6484 iScsiPrt - ok
20:08:38.0411 6484 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
20:08:38.0411 6484 iwdbus - ok
20:08:38.0458 6484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
20:08:38.0458 6484 kbdclass - ok
20:08:38.0489 6484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:08:38.0505 6484 kbdhid - ok
20:08:38.0583 6484 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:38.0583 6484 KeyIso - ok
20:08:38.0614 6484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:08:38.0614 6484 KSecDD - ok
20:08:38.0629 6484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:08:38.0645 6484 KSecPkg - ok
20:08:38.0645 6484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:08:38.0676 6484 ksthunk - ok
20:08:38.0739 6484 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:08:38.0739 6484 KtmRm - ok
20:08:38.0832 6484 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:08:38.0848 6484 LanmanServer - ok
20:08:38.0910 6484 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:08:38.0910 6484 LanmanWorkstation - ok
20:08:38.0988 6484 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:08:38.0988 6484 lltdio - ok
20:08:39.0035 6484 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:08:39.0035 6484 lltdsvc - ok
20:08:39.0097 6484 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:08:39.0097 6484 lmhosts - ok
20:08:39.0253 6484 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:08:39.0253 6484 LMS - ok
20:08:39.0316 6484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
20:08:39.0347 6484 LSI_FC - ok
20:08:39.0378 6484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
20:08:39.0409 6484 LSI_SAS - ok
20:08:39.0409 6484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
20:08:39.0425 6484 LSI_SAS2 - ok
20:08:39.0441 6484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
20:08:39.0456 6484 LSI_SCSI - ok
20:08:39.0472 6484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:08:39.0503 6484 luafv - ok
20:08:39.0550 6484 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:08:39.0550 6484 Mcx2Svc - ok
20:08:39.0550 6484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
20:08:39.0581 6484 megasas - ok
20:08:39.0628 6484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
20:08:39.0675 6484 MegaSR - ok
20:08:39.0737 6484 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
20:08:39.0737 6484 MEIx64 - ok
20:08:39.0768 6484 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:08:39.0768 6484 MMCSS - ok
20:08:39.0784 6484 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:08:39.0799 6484 Modem - ok
20:08:39.0846 6484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:08:39.0846 6484 monitor - ok
20:08:39.0909 6484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:08:39.0909 6484 mouclass - ok
20:08:39.0955 6484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:08:39.0955 6484 mouhid - ok
20:08:40.0018 6484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:08:40.0018 6484 mountmgr - ok
20:08:40.0065 6484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:08:40.0096 6484 mpio - ok
20:08:40.0111 6484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:08:40.0111 6484 mpsdrv - ok
20:08:40.0189 6484 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:08:40.0205 6484 MpsSvc - ok
20:08:40.0221 6484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:08:40.0236 6484 MRxDAV - ok
20:08:40.0267 6484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:08:40.0267 6484 mrxsmb - ok
20:08:40.0299 6484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:08:40.0314 6484 mrxsmb10 - ok
20:08:40.0345 6484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:08:40.0345 6484 mrxsmb20 - ok
20:08:40.0361 6484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:08:40.0361 6484 msahci - ok
20:08:40.0377 6484 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:08:40.0392 6484 msdsm - ok
20:08:40.0423 6484 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:08:40.0423 6484 MSDTC - ok
20:08:40.0439 6484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:08:40.0439 6484 Msfs - ok
20:08:40.0501 6484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:08:40.0533 6484 mshidkmdf - ok
20:08:40.0533 6484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:08:40.0533 6484 msisadrv - ok
20:08:40.0579 6484 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:08:40.0579 6484 MSiSCSI - ok
20:08:40.0595 6484 msiserver - ok
20:08:40.0642 6484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:08:40.0642 6484 MSKSSRV - ok
20:08:40.0689 6484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:08:40.0689 6484 MSPCLOCK - ok
20:08:40.0704 6484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:08:40.0704 6484 MSPQM - ok
20:08:40.0751 6484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:08:40.0751 6484 MsRPC - ok
20:08:40.0782 6484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
20:08:40.0782 6484 mssmbios - ok
20:08:40.0798 6484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:08:40.0798 6484 MSTEE - ok
20:08:40.0813 6484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
20:08:40.0845 6484 MTConfig - ok
20:08:40.0860 6484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:08:40.0860 6484 Mup - ok
20:08:41.0016 6484 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:08:41.0032 6484 MyWiFiDHCPDNS - ok
20:08:41.0094 6484 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:08:41.0110 6484 napagent - ok
20:08:41.0203 6484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:08:41.0203 6484 NativeWifiP - ok
20:08:41.0344 6484 NAUpdate (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
20:08:41.0359 6484 NAUpdate - ok
20:08:41.0500 6484 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
20:08:41.0515 6484 NDIS - ok
20:08:41.0562 6484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:08:41.0562 6484 NdisCap - ok
20:08:41.0609 6484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:08:41.0609 6484 NdisTapi - ok
20:08:41.0671 6484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:08:41.0671 6484 Ndisuio - ok
20:08:41.0687 6484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:08:41.0687 6484 NdisWan - ok
20:08:41.0703 6484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:08:41.0703 6484 NDProxy - ok
20:08:41.0749 6484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:08:41.0749 6484 NetBIOS - ok
20:08:41.0781 6484 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:08:41.0781 6484 NetBT - ok
20:08:41.0827 6484 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:41.0827 6484 Netlogon - ok
20:08:41.0921 6484 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:08:41.0921 6484 Netman - ok
20:08:42.0030 6484 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:42.0139 6484 NetMsmqActivator - ok
20:08:42.0139 6484 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:42.0139 6484 NetPipeActivator - ok
20:08:42.0202 6484 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:08:42.0202 6484 netprofm - ok
20:08:42.0217 6484 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:42.0217 6484 NetTcpActivator - ok
20:08:42.0217 6484 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:08:42.0233 6484 NetTcpPortSharing - ok
20:08:42.0732 6484 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
20:08:42.0904 6484 NETwNs64 - ok
20:08:43.0060 6484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
20:08:43.0091 6484 nfrd960 - ok
20:08:43.0185 6484 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:08:43.0185 6484 NlaSvc - ok
20:08:43.0200 6484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:08:43.0200 6484 Npfs - ok
20:08:43.0216 6484 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:08:43.0216 6484 nsi - ok
20:08:43.0232 6484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:08:43.0232 6484 nsiproxy - ok
20:08:43.0388 6484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:08:43.0403 6484 Ntfs - ok
20:08:43.0544 6484 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:08:43.0544 6484 Null - ok
20:08:43.0606 6484 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
20:08:43.0606 6484 nusb3hub - ok
20:08:43.0684 6484 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
20:08:43.0684 6484 nusb3xhc - ok
20:08:43.0762 6484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:08:43.0793 6484 nvraid - ok
20:08:43.0871 6484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:08:43.0902 6484 nvstor - ok
20:08:43.0965 6484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:08:43.0996 6484 nv_agp - ok
20:08:44.0168 6484 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:08:44.0183 6484 odserv - ok
20:08:44.0199 6484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:08:44.0214 6484 ohci1394 - ok
20:08:44.0292 6484 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:08:44.0292 6484 ose - ok
20:08:44.0636 6484 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:08:45.0010 6484 osppsvc - ok
20:08:45.0166 6484 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:08:45.0166 6484 p2pimsvc - ok
20:08:45.0228 6484 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:08:45.0228 6484 p2psvc - ok
20:08:45.0291 6484 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
20:08:45.0322 6484 Parport - ok
20:08:45.0369 6484 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:08:45.0369 6484 partmgr - ok
20:08:45.0400 6484 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:08:45.0400 6484 PcaSvc - ok
20:08:45.0416 6484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:08:45.0431 6484 pci - ok
20:08:45.0447 6484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:08:45.0462 6484 pciide - ok
20:08:45.0509 6484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
20:08:45.0540 6484 pcmcia - ok
20:08:45.0572 6484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:08:45.0572 6484 pcw - ok
20:08:45.0618 6484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:08:45.0634 6484 PEAUTH - ok
20:08:45.0759 6484 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:08:45.0759 6484 PerfHost - ok
20:08:46.0008 6484 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:08:46.0040 6484 pla - ok
20:08:46.0133 6484 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:08:46.0149 6484 PlugPlay - ok
20:08:46.0180 6484 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:08:46.0180 6484 PNRPAutoReg - ok
20:08:46.0211 6484 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:08:46.0227 6484 PNRPsvc - ok
20:08:46.0289 6484 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:08:46.0305 6484 PolicyAgent - ok
20:08:46.0352 6484 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:08:46.0352 6484 Power - ok
20:08:46.0476 6484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:08:46.0476 6484 PptpMiniport - ok
20:08:46.0508 6484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
20:08:46.0508 6484 Processor - ok
20:08:46.0554 6484 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
20:08:46.0570 6484 ProfSvc - ok
20:08:46.0601 6484 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:46.0601 6484 ProtectedStorage - ok
20:08:46.0648 6484 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:08:46.0664 6484 Psched - ok
20:08:46.0726 6484 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:08:46.0726 6484 PxHlpa64 - ok
20:08:46.0882 6484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
20:08:46.0976 6484 ql2300 - ok
20:08:47.0100 6484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
20:08:47.0147 6484 ql40xx - ok
20:08:47.0194 6484 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:08:47.0210 6484 QWAVE - ok
20:08:47.0225 6484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:08:47.0241 6484 QWAVEdrv - ok
20:08:47.0241 6484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:08:47.0241 6484 RasAcd - ok
20:08:47.0319 6484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:08:47.0319 6484 RasAgileVpn - ok
20:08:47.0350 6484 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:08:47.0350 6484 RasAuto - ok
20:08:47.0381 6484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:08:47.0381 6484 Rasl2tp - ok
20:08:47.0475 6484 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:08:47.0475 6484 RasMan - ok
20:08:47.0490 6484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:08:47.0490 6484 RasPppoe - ok
20:08:47.0522 6484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:08:47.0522 6484 RasSstp - ok
20:08:47.0553 6484 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:08:47.0553 6484 rdbss - ok
20:08:47.0553 6484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
20:08:47.0584 6484 rdpbus - ok
20:08:47.0631 6484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:08:47.0631 6484 RDPCDD - ok
20:08:47.0662 6484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:08:47.0662 6484 RDPENCDD - ok
20:08:47.0709 6484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:08:47.0709 6484 RDPREFMP - ok
20:08:47.0756 6484 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
20:08:47.0771 6484 RDPWD - ok
20:08:47.0787 6484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:08:47.0787 6484 rdyboost - ok
20:08:47.0990 6484 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:08:48.0005 6484 RegSrvc - ok
20:08:48.0052 6484 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:08:48.0052 6484 RemoteAccess - ok
20:08:48.0130 6484 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:08:48.0146 6484 RemoteRegistry - ok
20:08:48.0255 6484 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:08:48.0255 6484 RFCOMM - ok
20:08:48.0473 6484 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:08:48.0489 6484 RoxMediaDB12OEM - ok
20:08:48.0536 6484 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:08:48.0551 6484 RoxWatch12 - ok
20:08:48.0660 6484 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:08:48.0676 6484 RpcEptMapper - ok
20:08:48.0707 6484 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:08:48.0707 6484 RpcLocator - ok
20:08:48.0770 6484 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:08:48.0770 6484 RpcSs - ok
20:08:48.0879 6484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:08:48.0879 6484 rspndr - ok
20:08:48.0972 6484 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
20:08:48.0988 6484 RSUSBSTOR - ok
20:08:49.0082 6484 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
20:08:49.0097 6484 RTL8167 - ok
20:08:49.0128 6484 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:49.0128 6484 SamSs - ok
20:08:49.0222 6484 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:08:49.0222 6484 SASDIFSV - ok
20:08:49.0284 6484 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:08:49.0284 6484 SASKUTIL - ok
20:08:49.0440 6484 SAVAdminService (a8683c9a82a4b5ecb4cd44c867bd79f2) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
20:08:49.0440 6484 SAVAdminService - ok
20:08:49.0518 6484 SAVOnAccess (7f5c54e0634827a87032eedf95f63715) C:\windows\system32\DRIVERS\savonaccess.sys
20:08:49.0518 6484 SAVOnAccess - ok
20:08:49.0550 6484 SAVService (5762aac0451e319d4c649fcc9b8540aa) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
20:08:49.0550 6484 SAVService - ok
20:08:49.0596 6484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:08:49.0628 6484 sbp2port - ok
20:08:49.0674 6484 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:08:49.0674 6484 SCardSvr - ok
20:08:49.0706 6484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:08:49.0706 6484 scfilter - ok
20:08:49.0799 6484 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:08:49.0815 6484 Schedule - ok
20:08:49.0862 6484 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:08:49.0862 6484 SCPolicySvc - ok
20:08:49.0908 6484 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:08:49.0908 6484 SDRSVC - ok
20:08:50.0018 6484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:08:50.0018 6484 secdrv - ok
20:08:50.0033 6484 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:08:50.0049 6484 seclogon - ok
20:08:50.0096 6484 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:08:50.0096 6484 SENS - ok
20:08:50.0111 6484 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:08:50.0111 6484 SensrSvc - ok
20:08:50.0142 6484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
20:08:50.0142 6484 Serenum - ok
20:08:50.0158 6484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
20:08:50.0174 6484 Serial - ok
20:08:50.0205 6484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
20:08:50.0236 6484 sermouse - ok
20:08:50.0267 6484 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:08:50.0267 6484 SessionEnv - ok
20:08:50.0283 6484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:08:50.0298 6484 sffdisk - ok
20:08:50.0298 6484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:08:50.0314 6484 sffp_mmc - ok
20:08:50.0314 6484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:08:50.0330 6484 sffp_sd - ok
20:08:50.0330 6484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
20:08:50.0345 6484 sfloppy - ok
20:08:50.0454 6484 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:08:50.0470 6484 Sftfs - ok
20:08:50.0579 6484 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:08:50.0595 6484 sftlist - ok
20:08:50.0626 6484 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:08:50.0626 6484 Sftplay - ok
20:08:50.0657 6484 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:08:50.0657 6484 Sftredir - ok
20:08:50.0829 6484 SftService (74ec60e20516aaa573be74f31175270f) c:\program files (x86)\dell datasafe local backup\sftservice.EXE
20:08:50.0844 6484 SftService - ok
20:08:50.0954 6484 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:08:50.0954 6484 Sftvol - ok
20:08:51.0032 6484 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:08:51.0032 6484 sftvsa - ok
20:08:51.0125 6484 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:08:51.0125 6484 SharedAccess - ok
20:08:51.0188 6484 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:08:51.0203 6484 ShellHWDetection - ok
20:08:51.0266 6484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
20:08:51.0297 6484 SiSRaid2 - ok
20:08:51.0312 6484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
20:08:51.0328 6484 SiSRaid4 - ok
20:08:51.0390 6484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:08:51.0390 6484 Smb - ok
20:08:51.0453 6484 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:08:51.0453 6484 SNMPTRAP - ok
20:08:51.0562 6484 Sophos AutoUpdate Service (7acb40f3c5f229964a4c143b0bcddbe9) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
20:08:51.0578 6484 Sophos AutoUpdate Service - ok
20:08:51.0640 6484 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\windows\system32\DRIVERS\SophosBootDriver.sys
20:08:51.0640 6484 SophosBootDriver - ok
20:08:51.0671 6484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:08:51.0671 6484 spldr - ok
20:08:51.0734 6484 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:08:51.0749 6484 Spooler - ok
20:08:51.0983 6484 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:08:51.0999 6484 sppsvc - ok
20:08:52.0124 6484 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:08:52.0124 6484 sppuinotify - ok
20:08:52.0217 6484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:08:52.0217 6484 srv - ok
20:08:52.0264 6484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:08:52.0280 6484 srv2 - ok
20:08:52.0311 6484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:08:52.0311 6484 srvnet - ok
20:08:52.0389 6484 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:08:52.0389 6484 SSDPSRV - ok
20:08:52.0420 6484 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:08:52.0420 6484 SstpSvc - ok
20:08:52.0576 6484 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
20:08:52.0576 6484 STacSV - ok
20:08:52.0607 6484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
20:08:52.0638 6484 stexstor - ok
20:08:52.0732 6484 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
20:08:52.0748 6484 STHDA - ok
20:08:52.0841 6484 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:08:52.0857 6484 stisvc - ok
20:08:52.0950 6484 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:08:52.0950 6484 stllssvr - ok
20:08:52.0966 6484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
20:08:52.0982 6484 swenum - ok
20:08:53.0294 6484 swi_service (ed7595b4c895f951ac115d598acec07f) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
20:08:53.0325 6484 swi_service - ok
20:08:53.0621 6484 swi_update_64 (2eb57d57c3380dbbd3735a76b3f95bab) C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
20:08:53.0668 6484 swi_update_64 - ok
20:08:53.0824 6484 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:08:53.0824 6484 swprv - ok
20:08:53.0980 6484 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:08:54.0011 6484 SysMain - ok
20:08:54.0074 6484 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:08:54.0089 6484 TabletInputService - ok
20:08:54.0120 6484 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:08:54.0136 6484 TapiSrv - ok
20:08:54.0167 6484 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:08:54.0167 6484 TBS - ok
20:08:54.0354 6484 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:08:54.0386 6484 Tcpip - ok
20:08:54.0651 6484 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:08:54.0651 6484 TCPIP6 - ok
20:08:54.0760 6484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:08:54.0760 6484 tcpipreg - ok
20:08:54.0776 6484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:08:54.0776 6484 TDPIPE - ok
20:08:54.0807 6484 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:08:54.0807 6484 TDTCP - ok
20:08:54.0838 6484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:08:54.0838 6484 tdx - ok
20:08:54.0885 6484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
20:08:54.0885 6484 TermDD - ok
20:08:54.0978 6484 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:08:54.0994 6484 TermService - ok
20:08:55.0010 6484 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:08:55.0010 6484 Themes - ok
20:08:55.0041 6484 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:08:55.0056 6484 THREADORDER - ok
20:08:55.0072 6484 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:08:55.0088 6484 TrkWks - ok
20:08:55.0150 6484 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:08:55.0150 6484 TrustedInstaller - ok
20:08:55.0181 6484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:08:55.0181 6484 tssecsrv - ok
20:08:55.0244 6484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:08:55.0244 6484 TsUsbFlt - ok
20:08:55.0275 6484 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
20:08:55.0306 6484 TsUsbGD - ok
20:08:55.0384 6484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:08:55.0384 6484 tunnel - ok
20:08:55.0400 6484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
20:08:55.0431 6484 uagp35 - ok
20:08:55.0462 6484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:08:55.0462 6484 udfs - ok
20:08:55.0493 6484 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:08:55.0493 6484 UI0Detect - ok
20:08:55.0556 6484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:08:55.0587 6484 uliagpkx - ok
20:08:55.0634 6484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
20:08:55.0634 6484 umbus - ok
20:08:55.0680 6484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
20:08:55.0712 6484 UmPass - ok
20:08:56.0039 6484 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:08:56.0055 6484 UNS - ok
20:08:56.0258 6484 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:08:56.0273 6484 upnphost - ok
20:08:56.0351 6484 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
20:08:56.0351 6484 usbccgp - ok
20:08:56.0414 6484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:08:56.0460 6484 usbcir - ok
20:08:56.0492 6484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:08:56.0492 6484 usbehci - ok
20:08:56.0585 6484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:08:56.0585 6484 usbhub - ok
20:08:56.0601 6484 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
20:08:56.0648 6484 usbohci - ok
20:08:56.0710 6484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:08:56.0710 6484 usbprint - ok
20:08:56.0772 6484 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:08:56.0772 6484 usbscan - ok
20:08:56.0819 6484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:08:56.0819 6484 USBSTOR - ok
20:08:56.0835 6484 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
20:08:56.0850 6484 usbuhci - ok
20:08:56.0913 6484 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
20:08:56.0913 6484 usbvideo - ok
20:08:56.0960 6484 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:08:56.0960 6484 UxSms - ok
20:08:56.0991 6484 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:08:57.0006 6484 VaultSvc - ok
20:08:57.0053 6484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:08:57.0053 6484 vdrvroot - ok
20:08:57.0116 6484 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:08:57.0131 6484 vds - ok
20:08:57.0147 6484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:08:57.0147 6484 vga - ok
20:08:57.0162 6484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:08:57.0178 6484 VgaSave - ok
20:08:57.0194 6484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:08:57.0225 6484 vhdmp - ok
20:08:57.0225 6484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:08:57.0240 6484 viaide - ok
20:08:57.0256 6484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:08:57.0256 6484 volmgr - ok
20:08:57.0287 6484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:08:57.0303 6484 volmgrx - ok
20:08:57.0334 6484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:08:57.0334 6484 volsnap - ok
20:08:57.0396 6484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
20:08:57.0428 6484 vsmraid - ok
20:08:57.0568 6484 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:08:57.0599 6484 VSS - ok
20:08:57.0708 6484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:08:57.0708 6484 vwifibus - ok
20:08:57.0771 6484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:08:57.0786 6484 vwififlt - ok
20:08:57.0833 6484 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:08:57.0833 6484 vwifimp - ok
20:08:57.0927 6484 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:08:57.0927 6484 W32Time - ok
20:08:57.0958 6484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
20:08:57.0974 6484 WacomPen - ok
20:08:58.0020 6484 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:08:58.0020 6484 WANARP - ok
20:08:58.0036 6484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:08:58.0036 6484 Wanarpv6 - ok
20:08:58.0208 6484 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
20:08:58.0223 6484 WatAdminSvc - ok
20:08:58.0364 6484 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:08:58.0395 6484 wbengine - ok
20:08:58.0520 6484 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:08:58.0520 6484 WbioSrvc - ok
20:08:58.0566 6484 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:08:58.0582 6484 wcncsvc - ok
20:08:58.0613 6484 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:08:58.0613 6484 WcsPlugInService - ok
20:08:58.0660 6484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
20:08:58.0676 6484 Wd - ok
20:08:58.0738 6484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:08:58.0754 6484 Wdf01000 - ok
20:08:58.0769 6484 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:08:58.0769 6484 WdiServiceHost - ok
20:08:58.0785 6484 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:08:58.0785 6484 WdiSystemHost - ok
20:08:58.0832 6484 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:08:58.0832 6484 WebClient - ok
20:08:58.0863 6484 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:08:58.0863 6484 Wecsvc - ok
20:08:58.0894 6484 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:08:58.0894 6484 wercplsupport - ok
20:08:58.0956 6484 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:08:58.0956 6484 WerSvc - ok
20:08:59.0050 6484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:08:59.0050 6484 WfpLwf - ok
20:08:59.0112 6484 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:08:59.0128 6484 WimFltr - ok
20:08:59.0144 6484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:08:59.0144 6484 WIMMount - ok
20:08:59.0175 6484 WinDefend - ok
20:08:59.0175 6484 WinHttpAutoProxySvc - ok
20:08:59.0237 6484 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:08:59.0253 6484 Winmgmt - ok
20:08:59.0424 6484 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:08:59.0471 6484 WinRM - ok
20:08:59.0643 6484 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:08:59.0658 6484 WinUsb - ok
20:08:59.0752 6484 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:08:59.0768 6484 Wlansvc - ok
20:08:59.0861 6484 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:08:59.0861 6484 wlcrasvc - ok
20:09:00.0095 6484 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:00.0111 6484 wlidsvc - ok
20:09:00.0282 6484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
20:09:00.0282 6484 WmiAcpi - ok
20:09:00.0376 6484 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:09:00.0376 6484 wmiApSrv - ok
20:09:00.0407 6484 WMPNetworkSvc - ok
20:09:00.0438 6484 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:09:00.0438 6484 WPCSvc - ok
20:09:00.0470 6484 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:09:00.0470 6484 WPDBusEnum - ok
20:09:00.0501 6484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:09:00.0532 6484 ws2ifsl - ok
20:09:00.0548 6484 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
20:09:00.0548 6484 wscsvc - ok
20:09:00.0563 6484 WSearch - ok
20:09:00.0750 6484 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
20:09:00.0813 6484 wuauserv - ok
20:09:00.0953 6484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:09:00.0953 6484 WudfPf - ok
20:09:01.0031 6484 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:09:01.0031 6484 WUDFRd - ok
20:09:01.0062 6484 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:09:01.0078 6484 wudfsvc - ok
20:09:01.0109 6484 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:09:01.0125 6484 WwanSvc - ok
20:09:01.0156 6484 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:09:01.0218 6484 \Device\Harddisk0\DR0 - ok
20:09:01.0218 6484 Boot (0x1200) (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
20:09:01.0234 6484 \Device\Harddisk0\DR0\Partition0 - ok
20:09:01.0250 6484 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
20:09:01.0250 6484 \Device\Harddisk0\DR0\Partition1 - ok
20:09:01.0250 6484 ============================================================
20:09:01.0250 6484 Scan finished
20:09:01.0250 6484 ============================================================
20:09:01.0281 6476 Detected object count: 0
20:09:01.0281 6476 Actual detected object count: 0

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 25 April 2012 - 02:17 PM

Hello, I will wait on the other logs but I see he\re ...
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u3-windows-i586.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 25 April 2012 - 04:24 PM

Hi Boopme, Sorry for delay in replying. Eset scan took a long time.

ESET LOG FILE.

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined


Thanks for the Java Advice. Will sort that tomorrow...........Very late and up early!!
Hope all i've done is ok, and what you need.

Trevrev.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 25 April 2012 - 07:39 PM

Hey Trevrev
Good tging we ran yjay... You had infection in the backups.

Looks good now..

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 26 April 2012 - 12:42 AM

Thanks for all your help Boopme.
Apart from a new restore point and Java update,is there anything else i need to do? More logs?
Or are we ok?
Is it worth me doing a weekly scan with Eset online scanner?
Sorry for all the questions, but i try so hard to keep my PC clean. I can't understand how it all gets through!

Trevrev

Edited by Trevrev, 26 April 2012 - 01:12 AM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 26 April 2012 - 10:37 AM

This looks good now.. Just some flyby crap,peobably from games.. I would keep windows,Java and Adobe updated,

Scan with MBAM and SAS weekly( they'll run quick scans quicker) as they are often.
Run your AV monthly and ESET every other..

When installing apps or games use the NOT recommended install.. This way you can watch for things like extra toolbars or new default home page and/or search bars and not install those.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 26 April 2012 - 01:32 PM

Hello again Boopme,
Done everything as required, just done a quick scan with MBAM and picked up all this!
See log below!!

Is this dangerous?

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jenny Day :: JENNYDAY-PC [administrator]

26/04/2012 19:09:45
mbam-log-2012-04-26 (19-09-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203915
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 29
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 11
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\AppData\Local\Temp\50or.exe (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\Jenny Day\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> Quarantined and deleted successfully.

(end)

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 26 April 2012 - 03:01 PM

Hi the info I find on the I Wanthis adware is vague at best. It may just be adware from a game.. But as you had the injector it may be more that we cannot see.. Start a topic on I found an Injector.
Include a link io this toptc.

We need a deeper look. Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 26 April 2012 - 03:35 PM

Ah! A gaming site. My son went on one today. My zonealarm firewall prompted him on what he wanted to do.
I told him to block it, maybe he went against my advice.

Thanks Boopme,

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:07 AM

Posted 26 April 2012 - 06:27 PM

In the future ,, save the game to the desktop. Scan it with your A/V and MBAM before you open it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Trevrev

Trevrev
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:07 AM

Posted 27 April 2012 - 12:53 AM

Sound Advice! Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users