Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Recommended for You" pop-up


  • Please log in to reply
15 replies to this topic

#1 Mobico R

Mobico R

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 24 May 2012 - 10:17 AM

It looks like I have some sort of spyware or web-tracking software on my machine.

There are two problems:
- I often (but not always) get a pop-up in the lower right corner of the browser screen with random advertising messages. When dismissed it sometimes shows "Recommended for You"
- Also, when I click a normal link in a website I am sometimes sent to a completely unexpected page (and sometimes it is detected as a malicious site by Avast).

I am running Win7 (Home Premium SP1), the Chrome browser (v19.0.1084.46 m) and avast! (v7.0.1426).

Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 24 May 2012 - 10:23 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 24 May 2012 - 10:23 AM.


#3 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 24 May 2012 - 04:48 PM

Thank you for the prompt response.
The avast program found 2 items that my avast! Antivirus (already installed on my machine) did not find.
The final program (ESET) took quite a while to complete, here are the logs:

TDSSkiller
09:00:25.0659 10888 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
09:00:26.0373 10888 ============================================================
09:00:26.0373 10888 Current date / time: 2012/05/24 09:00:26.0373
09:00:26.0373 10888 SystemInfo:
09:00:26.0373 10888
09:00:26.0373 10888 OS Version: 6.1.7601 ServicePack: 1.0
09:00:26.0373 10888 Product type: Workstation
09:00:26.0373 10888 ComputerName: HORATIO
09:00:26.0374 10888 UserName: Jennifer
09:00:26.0374 10888 Windows directory: C:\Windows
09:00:26.0374 10888 System windows directory: C:\Windows
09:00:26.0374 10888 Running under WOW64
09:00:26.0374 10888 Processor architecture: Intel x64
09:00:26.0374 10888 Number of processors: 4
09:00:26.0374 10888 Page size: 0x1000
09:00:26.0374 10888 Boot type: Normal boot
09:00:26.0374 10888 ============================================================
09:00:28.0063 10888 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:00:28.0094 10888 Drive \Device\Harddisk3\DR3 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:00:28.0113 10888 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:00:28.0130 10888 ============================================================
09:00:28.0130 10888 \Device\Harddisk0\DR0:
09:00:28.0130 10888 MBR partitions:
09:00:28.0130 10888 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14FC800, BlocksNum 0x32000
09:00:28.0130 10888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x152E800, BlocksNum 0x38E57030
09:00:28.0130 10888 \Device\Harddisk3\DR3:
09:00:28.0131 10888 MBR partitions:
09:00:28.0131 10888 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2BAA0A20
09:00:28.0131 10888 \Device\Harddisk4\DR4:
09:00:28.0132 10888 MBR partitions:
09:00:28.0132 10888 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
09:00:28.0132 10888 ============================================================
09:00:28.0170 10888 C: <-> \Device\Harddisk0\DR0\Partition1
09:00:28.0258 10888 G: <-> \Device\Harddisk4\DR4\Partition0
09:00:28.0298 10888 I: <-> \Device\Harddisk3\DR3\Partition0
09:00:28.0361 10888 ============================================================
09:00:28.0361 10888 Initialize success
09:00:28.0361 10888 ============================================================
09:06:38.0342 8332 ============================================================
09:06:38.0342 8332 Scan started
09:06:38.0342 8332 Mode: Manual;
09:06:38.0342 8332 ============================================================
09:06:42.0023 8332 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:06:42.0030 8332 1394ohci - ok
09:06:42.0086 8332 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
09:06:42.0089 8332 61883 - ok
09:06:42.0311 8332 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:06:42.0334 8332 ACDaemon - ok
09:06:42.0398 8332 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:06:42.0405 8332 ACPI - ok
09:06:42.0449 8332 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:06:42.0451 8332 AcpiPmi - ok
09:06:42.0550 8332 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:06:42.0556 8332 AdobeARMservice - ok
09:06:42.0685 8332 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:06:42.0687 8332 AdobeFlashPlayerUpdateSvc - ok
09:06:42.0740 8332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:06:42.0754 8332 adp94xx - ok
09:06:42.0801 8332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:06:42.0821 8332 adpahci - ok
09:06:42.0836 8332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:06:42.0849 8332 adpu320 - ok
09:06:42.0873 8332 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:06:42.0876 8332 AeLookupSvc - ok
09:06:42.0944 8332 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:06:42.0965 8332 AFD - ok
09:06:43.0026 8332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:06:43.0031 8332 agp440 - ok
09:06:43.0052 8332 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:06:43.0055 8332 ALG - ok
09:06:43.0085 8332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:06:43.0089 8332 aliide - ok
09:06:43.0101 8332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:06:43.0105 8332 amdide - ok
09:06:43.0144 8332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:06:43.0147 8332 AmdK8 - ok
09:06:43.0163 8332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:06:43.0166 8332 AmdPPM - ok
09:06:43.0218 8332 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:06:43.0225 8332 amdsata - ok
09:06:43.0262 8332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:06:43.0275 8332 amdsbs - ok
09:06:43.0293 8332 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:06:43.0298 8332 amdxata - ok
09:06:43.0373 8332 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
09:06:43.0377 8332 AppHostSvc - ok
09:06:43.0428 8332 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:06:43.0432 8332 AppID - ok
09:06:43.0453 8332 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:06:43.0457 8332 AppIDSvc - ok
09:06:43.0501 8332 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:06:43.0504 8332 Appinfo - ok
09:06:43.0594 8332 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:06:43.0601 8332 Apple Mobile Device - ok
09:06:43.0638 8332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:06:43.0643 8332 arc - ok
09:06:43.0673 8332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:06:43.0678 8332 arcsas - ok
09:06:43.0697 8332 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
09:06:43.0701 8332 ArcSoftKsUFilter - ok
09:06:43.0749 8332 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
09:06:43.0753 8332 aswFsBlk - ok
09:06:43.0811 8332 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
09:06:43.0818 8332 aswMonFlt - ok
09:06:43.0877 8332 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
09:06:43.0882 8332 aswRdr - ok
09:06:43.0953 8332 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
09:06:43.0979 8332 aswSnx - ok
09:06:44.0212 8332 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
09:06:44.0231 8332 aswSP - ok
09:06:44.0312 8332 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
09:06:44.0317 8332 aswTdi - ok
09:06:44.0345 8332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:06:44.0348 8332 AsyncMac - ok
09:06:44.0388 8332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:06:44.0391 8332 atapi - ok
09:06:44.0550 8332 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
09:06:44.0588 8332 athr - ok
09:06:44.0831 8332 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:06:44.0841 8332 AudioEndpointBuilder - ok
09:06:44.0850 8332 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:06:44.0854 8332 AudioSrv - ok
09:06:44.0994 8332 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:06:45.0002 8332 avast! Antivirus - ok
09:06:45.0086 8332 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
09:06:45.0091 8332 Avc - ok
09:06:45.0199 8332 AVerAVF2 (59e75082dc7da252592ec3489a2cf4ea) C:\Windows\system32\DRIVERS\AVerAVF2.sys
09:06:45.0404 8332 AVerAVF2 - ok
09:06:45.0543 8332 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:06:45.0559 8332 AxInstSV - ok
09:06:45.0948 8332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:06:45.0992 8332 b06bdrv - ok
09:06:46.0865 8332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:06:46.0872 8332 b57nd60a - ok
09:06:47.0346 8332 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:06:47.0357 8332 BDESVC - ok
09:06:47.0373 8332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:06:47.0376 8332 Beep - ok
09:06:47.0457 8332 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:06:47.0473 8332 BITS - ok
09:06:47.0494 8332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:06:47.0498 8332 blbdrive - ok
09:06:47.0616 8332 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:06:47.0638 8332 Bonjour Service - ok
09:06:47.0734 8332 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:06:47.0738 8332 bowser - ok
09:06:47.0765 8332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:06:47.0769 8332 BrFiltLo - ok
09:06:47.0777 8332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:06:47.0780 8332 BrFiltUp - ok
09:06:47.0825 8332 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:06:47.0828 8332 Browser - ok
09:06:47.0864 8332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:06:47.0881 8332 Brserid - ok
09:06:47.0908 8332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:06:47.0911 8332 BrSerWdm - ok
09:06:47.0921 8332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:06:47.0923 8332 BrUsbMdm - ok
09:06:47.0935 8332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:06:47.0937 8332 BrUsbSer - ok
09:06:47.0991 8332 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\Windows\system32\DRIVERS\motfilt.sys
09:06:47.0993 8332 BTCFilterService - ok
09:06:48.0055 8332 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
09:06:48.0058 8332 BthEnum - ok
09:06:48.0075 8332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:06:48.0079 8332 BTHMODEM - ok
09:06:48.0101 8332 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
09:06:48.0104 8332 BthPan - ok
09:06:48.0180 8332 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
09:06:48.0191 8332 BTHPORT - ok
09:06:48.0224 8332 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:06:48.0228 8332 bthserv - ok
09:06:48.0283 8332 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
09:06:48.0285 8332 BTHUSB - ok
09:06:48.0315 8332 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
09:06:48.0320 8332 btwaudio - ok
09:06:48.0355 8332 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\drivers\btwavdt.sys
09:06:48.0370 8332 btwavdt - ok
09:06:49.0736 8332 btwdins (d65aa164acd0f6706dbcfbbcc9731584) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
09:06:49.0769 8332 btwdins - ok
09:06:49.0782 8332 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
09:06:49.0786 8332 btwl2cap - ok
09:06:49.0807 8332 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
09:06:49.0811 8332 btwrchid - ok
09:06:49.0840 8332 catchme - ok
09:06:49.0877 8332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:06:49.0881 8332 cdfs - ok
09:06:49.0939 8332 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:06:49.0953 8332 cdrom - ok
09:06:50.0007 8332 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:06:50.0010 8332 CertPropSvc - ok
09:06:50.0025 8332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:06:50.0029 8332 circlass - ok
09:06:50.0068 8332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:06:50.0084 8332 CLFS - ok
09:06:50.0158 8332 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:06:50.0175 8332 clr_optimization_v2.0.50727_32 - ok
09:06:50.0221 8332 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:06:50.0229 8332 clr_optimization_v2.0.50727_64 - ok
09:06:50.0324 8332 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:06:50.0381 8332 clr_optimization_v4.0.30319_32 - ok
09:06:50.0409 8332 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:06:50.0425 8332 clr_optimization_v4.0.30319_64 - ok
09:06:50.0468 8332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:06:50.0471 8332 CmBatt - ok
09:06:50.0520 8332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:06:50.0524 8332 cmdide - ok
09:06:50.0580 8332 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:06:50.0598 8332 CNG - ok
09:06:50.0625 8332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:06:50.0630 8332 Compbatt - ok
09:06:50.0675 8332 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:06:50.0678 8332 CompositeBus - ok
09:06:50.0694 8332 COMSysApp - ok
09:06:50.0713 8332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:06:50.0717 8332 crcdisk - ok
09:06:50.0771 8332 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:06:50.0784 8332 CryptSvc - ok
09:06:50.0861 8332 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:06:50.0867 8332 DcomLaunch - ok
09:06:50.0922 8332 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:06:50.0931 8332 defragsvc - ok
09:06:50.0987 8332 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:06:50.0991 8332 DfsC - ok
09:06:51.0048 8332 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:06:51.0065 8332 Dhcp - ok
09:06:51.0109 8332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:06:51.0112 8332 discache - ok
09:06:51.0149 8332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:06:51.0154 8332 Disk - ok
09:06:51.0205 8332 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:06:51.0216 8332 Dnscache - ok
09:06:51.0459 8332 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:06:51.0466 8332 dot3svc - ok
09:06:51.0507 8332 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:06:51.0511 8332 DPS - ok
09:06:51.0539 8332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:06:51.0541 8332 drmkaud - ok
09:06:51.0627 8332 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:06:51.0659 8332 DXGKrnl - ok
09:06:51.0696 8332 e1yexpress (761b9edd97a021aa1922501b7a056635) C:\Windows\system32\DRIVERS\e1y62x64.sys
09:06:51.0708 8332 e1yexpress - ok
09:06:51.0739 8332 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:06:51.0743 8332 EapHost - ok
09:06:51.0870 8332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:06:51.0943 8332 ebdrv - ok
09:06:52.0041 8332 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:06:52.0046 8332 EFS - ok
09:06:52.0145 8332 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:06:52.0161 8332 ehRecvr - ok
09:06:52.0191 8332 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:06:52.0197 8332 ehSched - ok
09:06:52.0262 8332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:06:52.0283 8332 elxstor - ok
09:06:52.0337 8332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:06:52.0339 8332 ErrDev - ok
09:06:52.0507 8332 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:06:52.0516 8332 EventSystem - ok
09:06:52.0544 8332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:06:52.0556 8332 exfat - ok
09:06:52.0774 8332 F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
09:06:52.0777 8332 F-Secure Gatekeeper - ok
09:06:52.0862 8332 F-Secure Gatekeeper Handler Starter (abf1bd70c5c182ad8ffea8e8e8253846) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fsgk32st.exe
09:06:52.0872 8332 F-Secure Gatekeeper Handler Starter - ok
09:06:52.0944 8332 F-Secure HIPS (40ac3b8a6b385e05ee011049a8bb64fd) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys
09:06:52.0946 8332 F-Secure HIPS - ok
09:06:52.0968 8332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:06:52.0980 8332 fastfat - ok
09:06:53.0065 8332 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:06:53.0083 8332 Fax - ok
09:06:53.0105 8332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:06:53.0109 8332 fdc - ok
09:06:53.0136 8332 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:06:53.0139 8332 fdPHost - ok
09:06:53.0148 8332 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:06:53.0151 8332 FDResPub - ok
09:06:53.0164 8332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:06:53.0169 8332 FileInfo - ok
09:06:53.0184 8332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:06:53.0187 8332 Filetrace - ok
09:06:53.0284 8332 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:06:53.0303 8332 FLEXnet Licensing Service - ok
09:06:53.0420 8332 FlipShare Service (7a7f1d1c598c5c8b21ceaaab892b9fb8) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
09:06:53.0472 8332 FlipShare Service - ok
09:06:53.0652 8332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:06:53.0655 8332 flpydisk - ok
09:06:53.0706 8332 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:06:53.0717 8332 FltMgr - ok
09:06:53.0729 8332 FNETDEVI - ok
09:06:53.0828 8332 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:06:53.0864 8332 FontCache - ok
09:06:53.0948 8332 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:06:53.0954 8332 FontCache3.0.0.0 - ok
09:06:53.0980 8332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:06:53.0985 8332 FsDepends - ok
09:06:54.0199 8332 FSMA (bc26a3854d265248d84c4c8507a81fc5) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE
09:06:54.0215 8332 FSMA - ok
09:06:54.0444 8332 fsvista (3ceca227cd1af6cdfbb6d64435920898) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
09:06:54.0469 8332 fsvista - ok
09:06:54.0557 8332 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:06:54.0561 8332 Fs_Rec - ok
09:06:54.0626 8332 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:06:54.0639 8332 fvevol - ok
09:06:54.0667 8332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:06:54.0671 8332 gagp30kx - ok
09:06:54.0720 8332 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:06:54.0725 8332 GEARAspiWDM - ok
09:06:54.0808 8332 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:06:54.0822 8332 gpsvc - ok
09:06:54.0881 8332 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:06:54.0883 8332 gupdate - ok
09:06:54.0896 8332 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:06:54.0897 8332 gupdatem - ok
09:06:54.0918 8332 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:06:54.0934 8332 gusvc - ok
09:06:54.0955 8332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:06:54.0958 8332 hcw85cir - ok
09:06:55.0025 8332 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:06:55.0041 8332 HdAudAddService - ok
09:06:55.0066 8332 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:06:55.0070 8332 HDAudBus - ok
09:06:55.0107 8332 HECIx64 (e91aff2610114ccaebb90d4d991bb6b2) C:\Windows\system32\DRIVERS\HECIx64.sys
09:06:55.0112 8332 HECIx64 - ok
09:06:55.0140 8332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:06:55.0143 8332 HidBatt - ok
09:06:55.0165 8332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:06:55.0169 8332 HidBth - ok
09:06:55.0196 8332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:06:55.0199 8332 HidIr - ok
09:06:55.0236 8332 hidkmdf (a583c01712238e45b17e355f5cd12e82) C:\Windows\system32\DRIVERS\hidkmdf.sys
09:06:55.0240 8332 hidkmdf - ok
09:06:55.0262 8332 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:06:55.0265 8332 hidserv - ok
09:06:55.0317 8332 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:06:55.0320 8332 HidUsb - ok
09:06:55.0358 8332 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:06:55.0373 8332 hkmsvc - ok
09:06:55.0417 8332 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:06:55.0429 8332 HomeGroupListener - ok
09:06:55.0481 8332 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:06:55.0490 8332 HomeGroupProvider - ok
09:06:55.0520 8332 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:06:55.0525 8332 HpSAMD - ok
09:06:55.0577 8332 htcusbnet (6b2a1b01b79036a265734964cba73aab) C:\Windows\system32\DRIVERS\htcusbnet.sys
09:06:55.0589 8332 htcusbnet - ok
09:06:55.0849 8332 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:06:55.0866 8332 HTTP - ok
09:06:55.0899 8332 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:06:55.0903 8332 hwpolicy - ok
09:06:55.0949 8332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
09:06:55.0956 8332 i8042prt - ok
09:06:56.0024 8332 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:06:56.0041 8332 iaStorV - ok
09:06:56.0146 8332 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:06:56.0169 8332 idsvc - ok
09:06:56.0250 8332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:06:56.0254 8332 iirsp - ok
09:06:56.0343 8332 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:06:56.0364 8332 IKEEXT - ok
09:06:56.0501 8332 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
09:06:56.0587 8332 IntcAzAudAddService - ok
09:06:56.0698 8332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:06:56.0703 8332 intelide - ok
09:06:56.0732 8332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:06:56.0735 8332 intelppm - ok
09:06:56.0843 8332 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:06:56.0848 8332 IntuitUpdateService - ok
09:06:56.0871 8332 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:06:56.0886 8332 IPBusEnum - ok
09:06:56.0924 8332 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:06:56.0928 8332 IpFilterDriver - ok
09:06:56.0974 8332 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:06:56.0977 8332 IPMIDRV - ok
09:06:57.0022 8332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:06:57.0028 8332 IPNAT - ok
09:06:57.0148 8332 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
09:06:57.0177 8332 iPod Service - ok
09:06:57.0206 8332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:06:57.0209 8332 IRENUM - ok
09:06:57.0244 8332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:06:57.0248 8332 isapnp - ok
09:06:57.0294 8332 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:06:57.0306 8332 iScsiPrt - ok
09:06:57.0385 8332 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:06:57.0394 8332 IviRegMgr - ok
09:06:57.0408 8332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:06:57.0413 8332 kbdclass - ok
09:06:57.0436 8332 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:06:57.0439 8332 kbdhid - ok
09:06:57.0474 8332 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:06:57.0477 8332 KeyIso - ok
09:06:57.0505 8332 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:06:57.0510 8332 KSecDD - ok
09:06:57.0551 8332 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:06:57.0566 8332 KSecPkg - ok
09:06:57.0584 8332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:06:57.0586 8332 ksthunk - ok
09:06:57.0628 8332 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:06:57.0644 8332 KtmRm - ok
09:06:57.0700 8332 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:06:57.0708 8332 LanmanServer - ok
09:06:57.0762 8332 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:06:57.0777 8332 LanmanWorkstation - ok
09:06:57.0807 8332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:06:57.0810 8332 lltdio - ok
09:06:58.0017 8332 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:06:58.0034 8332 lltdsvc - ok
09:06:58.0051 8332 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:06:58.0054 8332 lmhosts - ok
09:06:58.0091 8332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:06:58.0098 8332 LSI_FC - ok
09:06:58.0120 8332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:06:58.0128 8332 LSI_SAS - ok
09:06:58.0158 8332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:06:58.0162 8332 LSI_SAS2 - ok
09:06:58.0192 8332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:06:58.0199 8332 LSI_SCSI - ok
09:06:58.0221 8332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:06:58.0224 8332 luafv - ok
09:06:58.0289 8332 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
09:06:58.0311 8332 MarvinBus - ok
09:06:58.0366 8332 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
09:06:58.0394 8332 mcdbus - ok
09:06:58.0421 8332 MCSTRM - ok
09:06:58.0466 8332 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:06:58.0473 8332 Mcx2Svc - ok
09:06:58.0500 8332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:06:58.0504 8332 megasas - ok
09:06:58.0534 8332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:06:58.0546 8332 MegaSR - ok
09:06:58.0625 8332 MemeoBackgroundService (fceacfd52ae96537a110fa4a98a475cd) C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
09:06:58.0635 8332 MemeoBackgroundService - ok
09:06:58.0701 8332 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:06:58.0707 8332 Microsoft Office Groove Audit Service - ok
09:06:58.0741 8332 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:06:58.0746 8332 MMCSS - ok
09:06:58.0778 8332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:06:58.0782 8332 Modem - ok
09:06:58.0808 8332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:06:58.0810 8332 monitor - ok
09:06:58.0856 8332 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
09:06:58.0859 8332 motandroidusb - ok
09:06:58.0912 8332 motccgp (93f5adcad940111f6d4d71ae1d9ec7f6) C:\Windows\system32\DRIVERS\motccgp.sys
09:06:58.0915 8332 motccgp - ok
09:06:58.0926 8332 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\Windows\system32\DRIVERS\motccgpfl.sys
09:06:58.0929 8332 motccgpfl - ok
09:06:58.0960 8332 motmodem (db83dc223b9133da3e41afcbdecc46b5) C:\Windows\system32\DRIVERS\motmodem.sys
09:06:58.0963 8332 motmodem - ok
09:06:59.0062 8332 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
09:06:59.0067 8332 MotoConnect Service - ok
09:06:59.0081 8332 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\Windows\system32\DRIVERS\motswch.sys
09:06:59.0084 8332 MotoSwitchService - ok
09:06:59.0110 8332 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\Windows\system32\DRIVERS\Motousbnet.sys
09:06:59.0114 8332 Motousbnet - ok
09:06:59.0163 8332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
09:06:59.0168 8332 mouclass - ok
09:06:59.0199 8332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:06:59.0202 8332 mouhid - ok
09:06:59.0238 8332 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:06:59.0243 8332 mountmgr - ok
09:06:59.0293 8332 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:06:59.0308 8332 mpio - ok
09:06:59.0332 8332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:06:59.0335 8332 mpsdrv - ok
09:06:59.0376 8332 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:06:59.0390 8332 MRxDAV - ok
09:06:59.0435 8332 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:06:59.0448 8332 mrxsmb - ok
09:06:59.0499 8332 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:06:59.0508 8332 mrxsmb10 - ok
09:06:59.0530 8332 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:06:59.0543 8332 mrxsmb20 - ok
09:06:59.0587 8332 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:06:59.0592 8332 msahci - ok
09:06:59.0613 8332 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:06:59.0628 8332 msdsm - ok
09:06:59.0657 8332 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:06:59.0670 8332 MSDTC - ok
09:06:59.0726 8332 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
09:06:59.0729 8332 MSDV - ok
09:06:59.0755 8332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:06:59.0758 8332 Msfs - ok
09:06:59.0769 8332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:06:59.0772 8332 mshidkmdf - ok
09:06:59.0807 8332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:06:59.0812 8332 msisadrv - ok
09:06:59.0848 8332 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:06:59.0861 8332 MSiSCSI - ok
09:06:59.0866 8332 msiserver - ok
09:06:59.0891 8332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:06:59.0894 8332 MSKSSRV - ok
09:06:59.0924 8332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:06:59.0926 8332 MSPCLOCK - ok
09:06:59.0942 8332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:06:59.0945 8332 MSPQM - ok
09:07:00.0000 8332 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:07:00.0018 8332 MsRPC - ok
09:07:00.0250 8332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:07:00.0254 8332 mssmbios - ok
09:07:00.0264 8332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:07:00.0267 8332 MSTEE - ok
09:07:00.0297 8332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:07:00.0300 8332 MTConfig - ok
09:07:00.0324 8332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:07:00.0328 8332 Mup - ok
09:07:00.0386 8332 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:07:00.0407 8332 napagent - ok
09:07:00.0447 8332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:07:00.0464 8332 NativeWifiP - ok
09:07:00.0533 8332 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:07:00.0547 8332 NDIS - ok
09:07:00.0560 8332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:07:00.0564 8332 NdisCap - ok
09:07:00.0586 8332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:07:00.0588 8332 NdisTapi - ok
09:07:00.0627 8332 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:07:00.0631 8332 Ndisuio - ok
09:07:00.0676 8332 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:07:00.0689 8332 NdisWan - ok
09:07:00.0732 8332 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:07:00.0736 8332 NDProxy - ok
09:07:00.0744 8332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:07:00.0747 8332 NetBIOS - ok
09:07:00.0798 8332 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:07:00.0809 8332 NetBT - ok
09:07:00.0849 8332 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:07:00.0852 8332 Netlogon - ok
09:07:00.0898 8332 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:07:00.0907 8332 Netman - ok
09:07:00.0939 8332 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:07:00.0949 8332 netprofm - ok
09:07:01.0002 8332 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:07:01.0017 8332 NetTcpPortSharing - ok
09:07:01.0049 8332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:07:01.0054 8332 nfrd960 - ok
09:07:01.0116 8332 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:07:01.0134 8332 NlaSvc - ok
09:07:01.0244 8332 nlsX86cc (9a5f53b55e09ecc2dab8c74e4dd18b8d) C:\Windows\SysWOW64\NLSSRV32.EXE
09:07:01.0251 8332 nlsX86cc - ok
09:07:01.0316 8332 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
09:07:01.0321 8332 NPF - ok
09:07:01.0347 8332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:07:01.0350 8332 Npfs - ok
09:07:01.0379 8332 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:07:01.0383 8332 nsi - ok
09:07:01.0395 8332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:07:01.0398 8332 nsiproxy - ok
09:07:01.0520 8332 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:07:01.0556 8332 Ntfs - ok
09:07:01.0643 8332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:07:01.0645 8332 Null - ok
09:07:02.0221 8332 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:07:02.0583 8332 nvlddmkm - ok
09:07:02.0695 8332 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:07:02.0710 8332 nvraid - ok
09:07:02.0756 8332 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:07:02.0770 8332 nvstor - ok
09:07:02.0843 8332 nvsvc (c1668d58547dd0c4a0fbd6afa20d5890) C:\Windows\system32\nvvsvc.exe
09:07:02.0856 8332 nvsvc - ok
09:07:02.0900 8332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:07:02.0915 8332 nv_agp - ok
09:07:02.0964 8332 NW1950 (cbf3003049085d5987b2d28bd202b45f) C:\Windows\system32\DRIVERS\NW1950.sys
09:07:02.0969 8332 NW1950 - ok
09:07:03.0079 8332 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:07:03.0097 8332 odserv - ok
09:07:03.0138 8332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:07:03.0142 8332 ohci1394 - ok
09:07:03.0181 8332 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:07:03.0198 8332 ose - ok
09:07:03.0238 8332 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:07:03.0247 8332 p2pimsvc - ok
09:07:03.0278 8332 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:07:03.0291 8332 p2psvc - ok
09:07:03.0319 8332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:07:03.0325 8332 Parport - ok
09:07:03.0363 8332 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:07:03.0369 8332 partmgr - ok
09:07:03.0392 8332 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:07:03.0399 8332 PcaSvc - ok
09:07:03.0446 8332 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:07:03.0459 8332 pci - ok
09:07:03.0471 8332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:07:03.0475 8332 pciide - ok
09:07:03.0578 8332 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\SysWOW64\drivers\pclepci.sys
09:07:03.0599 8332 PCLEPCI - ok
09:07:03.0634 8332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:07:03.0646 8332 pcmcia - ok
09:07:03.0675 8332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:07:03.0680 8332 pcw - ok
09:07:03.0719 8332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:07:03.0737 8332 PEAUTH - ok
09:07:03.0801 8332 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:07:03.0806 8332 PerfHost - ok
09:07:03.0934 8332 PinnacleMarvinAVS (0050e6bec926c98ac6c16714ff1ad450) C:\Windows\system32\DRIVERS\MarvinAVS64.sys
09:07:03.0971 8332 PinnacleMarvinAVS - ok
09:07:04.0075 8332 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:07:04.0104 8332 pla - ok
09:07:04.0170 8332 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:07:04.0180 8332 PlugPlay - ok
09:07:04.0203 8332 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:07:04.0209 8332 PNRPAutoReg - ok
09:07:04.0230 8332 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:07:04.0235 8332 PNRPsvc - ok
09:07:04.0294 8332 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:07:04.0306 8332 PolicyAgent - ok
09:07:04.0345 8332 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:07:04.0352 8332 Power - ok
09:07:04.0424 8332 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:07:04.0439 8332 PptpMiniport - ok
09:07:04.0643 8332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:07:04.0646 8332 Processor - ok
09:07:04.0714 8332 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:07:04.0726 8332 ProfSvc - ok
09:07:04.0766 8332 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:07:04.0768 8332 ProtectedStorage - ok
09:07:04.0869 8332 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\SysWOW64\PSIService.exe
09:07:04.0877 8332 ProtexisLicensing - ok
09:07:04.0929 8332 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:07:04.0932 8332 Psched - ok
09:07:05.0008 8332 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:07:05.0015 8332 PSI_SVC_2 - ok
09:07:05.0038 8332 PxHlpa64 (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
09:07:05.0043 8332 PxHlpa64 - ok
09:07:05.0145 8332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:07:05.0181 8332 ql2300 - ok
09:07:05.0293 8332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:07:05.0308 8332 ql40xx - ok
09:07:05.0340 8332 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:07:05.0351 8332 QWAVE - ok
09:07:05.0378 8332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:07:05.0381 8332 QWAVEdrv - ok
09:07:05.0398 8332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:07:05.0401 8332 RasAcd - ok
09:07:05.0431 8332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:07:05.0434 8332 RasAgileVpn - ok
09:07:05.0452 8332 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:07:05.0466 8332 RasAuto - ok
09:07:05.0522 8332 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:07:05.0536 8332 Rasl2tp - ok
09:07:05.0589 8332 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:07:05.0598 8332 RasMan - ok
09:07:05.0614 8332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:07:05.0620 8332 RasPppoe - ok
09:07:05.0630 8332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:07:05.0634 8332 RasSstp - ok
09:07:05.0693 8332 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:07:05.0701 8332 rdbss - ok
09:07:05.0730 8332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:07:05.0733 8332 rdpbus - ok
09:07:05.0746 8332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:07:05.0749 8332 RDPCDD - ok
09:07:05.0774 8332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:07:05.0777 8332 RDPENCDD - ok
09:07:05.0794 8332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:07:05.0796 8332 RDPREFMP - ok
09:07:05.0840 8332 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:07:05.0851 8332 RDPWD - ok
09:07:05.0923 8332 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:07:05.0936 8332 rdyboost - ok
09:07:05.0969 8332 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
09:07:05.0972 8332 regi - ok
09:07:06.0005 8332 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:07:06.0019 8332 RemoteAccess - ok
09:07:06.0057 8332 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:07:06.0070 8332 RemoteRegistry - ok
09:07:06.0110 8332 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
09:07:06.0123 8332 RFCOMM - ok
09:07:06.0155 8332 rimspci (5767961268aa43d9f3fa6d59ec8b7b12) C:\Windows\system32\DRIVERS\rimssne64.sys
09:07:06.0159 8332 rimspci - ok
09:07:06.0197 8332 risdsnpe (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\DRIVERS\risdsne64.sys
09:07:06.0201 8332 risdsnpe - ok
09:07:06.0279 8332 Roxio UPnP Renderer 10 (d02e5a46f77c182ca1964080bcd586f7) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
09:07:06.0299 8332 Roxio UPnP Renderer 10 - ok
09:07:06.0331 8332 Roxio Upnp Server 10 (e5809597278802d09273ee07b5fc56e1) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
09:07:06.0349 8332 Roxio Upnp Server 10 - ok
09:07:06.0434 8332 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files (x86)\WinPcap\rpcapd.exe
09:07:06.0446 8332 rpcapd - ok
09:07:06.0470 8332 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:07:06.0486 8332 RpcEptMapper - ok
09:07:06.0513 8332 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:07:06.0518 8332 RpcLocator - ok
09:07:06.0577 8332 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:07:06.0584 8332 RpcSs - ok
09:07:06.0813 8332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:07:06.0824 8332 rspndr - ok
09:07:06.0890 8332 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:07:06.0893 8332 SamSs - ok
09:07:07.0111 8332 savt (b99b0af9f1464935688a0c200b46b4f8) C:\Windows\system32\DRIVERS\savt.sys
09:07:07.0185 8332 savt - ok
09:07:07.0311 8332 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:07:07.0316 8332 sbp2port - ok
09:07:07.0351 8332 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:07:07.0364 8332 SCardSvr - ok
09:07:07.0399 8332 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:07:07.0403 8332 scfilter - ok
09:07:07.0506 8332 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:07:07.0528 8332 Schedule - ok
09:07:07.0573 8332 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:07:07.0575 8332 SCPolicySvc - ok
09:07:07.0628 8332 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:07:07.0635 8332 sdbus - ok
09:07:07.0684 8332 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:07:07.0697 8332 SDRSVC - ok
09:07:07.0814 8332 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
09:07:07.0842 8332 SeagateDashboardService - ok
09:07:07.0872 8332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:07:07.0875 8332 secdrv - ok
09:07:07.0909 8332 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:07:07.0914 8332 seclogon - ok
09:07:07.0940 8332 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:07:07.0945 8332 SENS - ok
09:07:07.0955 8332 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:07:07.0960 8332 SensrSvc - ok
09:07:07.0975 8332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:07:07.0980 8332 Serenum - ok
09:07:07.0998 8332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:07:08.0003 8332 Serial - ok
09:07:08.0041 8332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:07:08.0044 8332 sermouse - ok
09:07:08.0102 8332 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:07:08.0110 8332 SessionEnv - ok
09:07:08.0137 8332 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
09:07:08.0140 8332 SFEP - ok
09:07:08.0183 8332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:07:08.0186 8332 sffdisk - ok
09:07:08.0194 8332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:07:08.0197 8332 sffp_mmc - ok
09:07:08.0208 8332 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:07:08.0210 8332 sffp_sd - ok
09:07:08.0218 8332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:07:08.0221 8332 sfloppy - ok
09:07:08.0279 8332 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:07:08.0294 8332 SharedAccess - ok
09:07:08.0346 8332 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:07:08.0354 8332 ShellHWDetection - ok
09:07:08.0384 8332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:07:08.0389 8332 SiSRaid2 - ok
09:07:08.0413 8332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:07:08.0418 8332 SiSRaid4 - ok
09:07:08.0441 8332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:07:08.0445 8332 Smb - ok
09:07:08.0491 8332 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:07:08.0495 8332 SNMPTRAP - ok
09:07:08.0558 8332 SOHCImp (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
09:07:08.0565 8332 SOHCImp - ok
09:07:08.0585 8332 SOHDBSvr (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
09:07:08.0590 8332 SOHDBSvr - ok
09:07:08.0628 8332 SOHDms (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
09:07:08.0644 8332 SOHDms - ok
09:07:08.0657 8332 SOHDs (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
09:07:08.0662 8332 SOHDs - ok
09:07:08.0683 8332 SOHPlMgr (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
09:07:08.0689 8332 SOHPlMgr - ok
09:07:08.0714 8332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:07:08.0718 8332 spldr - ok
09:07:08.0781 8332 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:07:08.0793 8332 Spooler - ok
09:07:09.0163 8332 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:07:09.0185 8332 sppsvc - ok
09:07:09.0274 8332 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:07:09.0290 8332 sppuinotify - ok
09:07:09.0378 8332 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:07:09.0390 8332 srv - ok
09:07:09.0420 8332 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:07:09.0434 8332 srv2 - ok
09:07:09.0456 8332 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:07:09.0469 8332 srvnet - ok
09:07:09.0508 8332 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:07:09.0520 8332 SSDPSRV - ok
09:07:09.0534 8332 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:07:09.0549 8332 SstpSvc - ok
09:07:09.0575 8332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:07:09.0579 8332 stexstor - ok
09:07:09.0629 8332 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
09:07:09.0632 8332 StillCam - ok
09:07:09.0697 8332 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:07:09.0716 8332 stisvc - ok
09:07:09.0755 8332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:07:09.0760 8332 swenum - ok
09:07:09.0792 8332 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:07:09.0815 8332 swprv - ok
09:07:09.0947 8332 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:07:09.0972 8332 SysMain - ok
09:07:10.0083 8332 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:07:10.0089 8332 TabletInputService - ok
09:07:10.0142 8332 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:07:10.0165 8332 TapiSrv - ok
09:07:10.0200 8332 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:07:10.0206 8332 TBS - ok
09:07:10.0353 8332 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:07:10.0401 8332 Tcpip - ok
09:07:10.0594 8332 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:07:10.0605 8332 TCPIP6 - ok
09:07:10.0694 8332 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:07:10.0698 8332 tcpipreg - ok
09:07:10.0787 8332 tcpredir (6e3e48d45f7528e68123de24c1c19f7f) C:\Program Files (x86)\iPig\Client\tcpredir.sys
09:07:10.0812 8332 tcpredir - ok
09:07:10.0830 8332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:07:10.0833 8332 TDPIPE - ok
09:07:10.0875 8332 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:07:10.0878 8332 TDTCP - ok
09:07:10.0937 8332 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:07:10.0951 8332 tdx - ok
09:07:11.0319 8332 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:07:11.0372 8332 TeamViewer7 - ok
09:07:11.0486 8332 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:07:11.0492 8332 TermDD - ok
09:07:11.0578 8332 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:07:11.0595 8332 TermService - ok
09:07:11.0618 8332 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:07:11.0623 8332 Themes - ok
09:07:11.0649 8332 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:07:11.0651 8332 THREADORDER - ok
09:07:11.0674 8332 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:07:11.0679 8332 TrkWks - ok
09:07:11.0728 8332 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:07:11.0740 8332 TrustedInstaller - ok
09:07:11.0790 8332 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:11.0793 8332 tssecsrv - ok
09:07:11.0857 8332 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:07:11.0860 8332 TsUsbFlt - ok
09:07:11.0922 8332 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:07:11.0936 8332 tunnel - ok
09:07:11.0968 8332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:07:11.0974 8332 uagp35 - ok
09:07:12.0034 8332 uCamMonitor (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
09:07:12.0041 8332 uCamMonitor - ok
09:07:12.0107 8332 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:07:12.0125 8332 udfs - ok
09:07:12.0159 8332 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:07:12.0166 8332 UI0Detect - ok
09:07:12.0204 8332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:07:12.0210 8332 uliagpkx - ok
09:07:12.0262 8332 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:07:12.0266 8332 umbus - ok
09:07:12.0292 8332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:07:12.0295 8332 UmPass - ok
09:07:12.0327 8332 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:07:12.0336 8332 upnphost - ok
09:07:12.0386 8332 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:07:12.0390 8332 USBAAPL64 - ok
09:07:12.0436 8332 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
09:07:12.0439 8332 usbbus - ok
09:07:12.0457 8332 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:12.0463 8332 usbccgp - ok
09:07:12.0528 8332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:07:12.0535 8332 usbcir - ok
09:07:12.0557 8332 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
09:07:12.0562 8332 UsbDiag - ok
09:07:12.0576 8332 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:07:12.0579 8332 usbehci - ok
09:07:12.0620 8332 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:07:12.0635 8332 usbhub - ok
09:07:12.0683 8332 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
09:07:12.0686 8332 USBModem - ok
09:07:12.0694 8332 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:07:12.0697 8332 usbohci - ok
09:07:12.0723 8332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:07:12.0726 8332 usbprint - ok
09:07:12.0766 8332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:07:12.0769 8332 usbscan - ok
09:07:12.0786 8332 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:12.0789 8332 USBSTOR - ok
09:07:12.0798 8332 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
09:07:12.0801 8332 usbuhci - ok
09:07:12.0856 8332 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:07:12.0869 8332 usbvideo - ok
09:07:12.0897 8332 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:07:12.0902 8332 UxSms - ok
09:07:12.0978 8332 VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
09:07:13.0008 8332 VAIO Entertainment TV Device Arbitration Service - ok
09:07:13.0072 8332 VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
09:07:13.0087 8332 VAIO Event Service - ok
09:07:13.0188 8332 VAIO Power Management (2d6605c1f0bbd0f71a4cb3a5b1e07240) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
09:07:13.0205 8332 VAIO Power Management - ok
09:07:13.0508 8332 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:07:13.0511 8332 VaultSvc - ok
09:07:13.0723 8332 VCFw (06fe5beddadb158d84e6de33cbe19f3e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
09:07:13.0790 8332 VCFw - ok
09:07:13.0892 8332 VcmIAlzMgr (34063c0b842e73662067f9b03947c55c) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
09:07:13.0924 8332 VcmIAlzMgr - ok
09:07:13.0989 8332 VcmINSMgr (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
09:07:14.0004 8332 VcmINSMgr - ok
09:07:14.0062 8332 VcmXmlIfHelper (db544b487f360128dc1c383e0a6fcc2f) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
09:07:14.0092 8332 VcmXmlIfHelper - ok
09:07:14.0145 8332 VCService (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
09:07:14.0161 8332 VCService - ok
09:07:14.0191 8332 Vcsw - ok
09:07:14.0330 8332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:07:14.0334 8332 vdrvroot - ok
09:07:14.0393 8332 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:07:14.0432 8332 vds - ok
09:07:14.0460 8332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:14.0463 8332 vga - ok
09:07:14.0476 8332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:07:14.0479 8332 VgaSave - ok
09:07:14.0526 8332 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:07:14.0555 8332 vhdmp - ok
09:07:14.0597 8332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:07:14.0602 8332 viaide - ok
09:07:14.0622 8332 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:07:14.0627 8332 volmgr - ok
09:07:14.0692 8332 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:07:14.0742 8332 volmgrx - ok
09:07:14.0812 8332 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:07:14.0857 8332 volsnap - ok
09:07:14.0957 8332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:07:14.0972 8332 vsmraid - ok
09:07:16.0187 8332 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:07:16.0217 8332 VSS - ok
09:07:16.0409 8332 VUAgent (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
09:07:16.0418 8332 VUAgent - ok
09:07:16.0514 8332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:07:16.0517 8332 vwifibus - ok
09:07:16.0540 8332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:07:16.0544 8332 vwififlt - ok
09:07:16.0564 8332 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:07:16.0566 8332 vwifimp - ok
09:07:16.0644 8332 VzCdbSvc (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
09:07:16.0680 8332 VzCdbSvc - ok
09:07:16.0738 8332 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:07:16.0769 8332 W32Time - ok
09:07:16.0881 8332 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:07:16.0895 8332 W3SVC - ok
09:07:16.0917 8332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:07:16.0920 8332 WacomPen - ok
09:07:16.0976 8332 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:16.0980 8332 WANARP - ok
09:07:16.0990 8332 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:16.0993 8332 Wanarpv6 - ok
09:07:17.0000 8332 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:07:17.0003 8332 WAS - ok
09:07:17.0119 8332 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:07:17.0159 8332 WatAdminSvc - ok
09:07:17.0274 8332 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:07:17.0312 8332 wbengine - ok
09:07:17.0401 8332 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:07:17.0413 8332 WbioSrvc - ok
09:07:17.0482 8332 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:07:17.0498 8332 wcncsvc - ok
09:07:17.0510 8332 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:07:17.0518 8332 WcsPlugInService - ok
09:07:17.0554 8332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:07:17.0559 8332 Wd - ok
09:07:17.0605 8332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:07:17.0625 8332 Wdf01000 - ok
09:07:17.0644 8332 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:07:17.0651 8332 WdiServiceHost - ok
09:07:17.0655 8332 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:07:17.0660 8332 WdiSystemHost - ok
09:07:17.0714 8332 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:07:17.0733 8332 WebClient - ok
09:07:17.0933 8332 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:07:17.0943 8332 Wecsvc - ok
09:07:17.0955 8332 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:07:17.0970 8332 wercplsupport - ok
09:07:17.0993 8332 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:07:17.0999 8332 WerSvc - ok
09:07:18.0048 8332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:07:18.0051 8332 WfpLwf - ok
09:07:18.0067 8332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:07:18.0072 8332 WIMMount - ok
09:07:18.0078 8332 WinHttpAutoProxySvc - ok
09:07:18.0141 8332 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:07:18.0146 8332 Winmgmt - ok
09:07:18.0299 8332 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:07:18.0370 8332 WinRM - ok
09:07:18.0512 8332 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:07:18.0516 8332 WinUsb - ok
09:07:18.0580 8332 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:07:18.0598 8332 Wlansvc - ok
09:07:18.0803 8332 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:07:18.0897 8332 wlidsvc - ok
09:07:19.0020 8332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:07:19.0022 8332 WmiAcpi - ok
09:07:19.0077 8332 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:07:19.0081 8332 wmiApSrv - ok
09:07:19.0116 8332 WMPNetworkSvc - ok
09:07:19.0146 8332 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:07:19.0153 8332 WPCSvc - ok
09:07:19.0204 8332 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:07:19.0211 8332 WPDBusEnum - ok
09:07:19.0234 8332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:07:19.0237 8332 ws2ifsl - ok
09:07:19.0273 8332 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:07:19.0288 8332 wscsvc - ok
09:07:19.0293 8332 WSearch - ok
09:07:19.0458 8332 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:07:19.0494 8332 wuauserv - ok
09:07:19.0604 8332 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:07:19.0610 8332 WudfPf - ok
09:07:19.0635 8332 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:19.0648 8332 WUDFRd - ok
09:07:19.0689 8332 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:07:19.0695 8332 wudfsvc - ok
09:07:19.0729 8332 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:07:19.0749 8332 WwanSvc - ok
09:07:19.0808 8332 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:07:20.0180 8332 \Device\Harddisk0\DR0 - ok
09:07:20.0454 8332 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
09:07:20.0457 8332 \Device\Harddisk3\DR3 - ok
09:07:20.0462 8332 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
09:07:20.0466 8332 \Device\Harddisk4\DR4 - ok
09:07:20.0470 8332 Boot (0x1200) (a7865d20b307dbf125dff7f5e9d21c9b) \Device\Harddisk0\DR0\Partition0
09:07:20.0472 8332 \Device\Harddisk0\DR0\Partition0 - ok
09:07:20.0489 8332 Boot (0x1200) (8c7824f965c9c79bb18eb07868424ba8) \Device\Harddisk0\DR0\Partition1
09:07:20.0491 8332 \Device\Harddisk0\DR0\Partition1 - ok
09:07:20.0495 8332 Boot (0x1200) (75afb9dd45b54900dd1143cbd7b55e30) \Device\Harddisk3\DR3\Partition0
09:07:20.0498 8332 \Device\Harddisk3\DR3\Partition0 - ok
09:07:20.0502 8332 Boot (0x1200) (08526fbb9413ddd45c53d484e3bacd2f) \Device\Harddisk4\DR4\Partition0
09:07:20.0505 8332 \Device\Harddisk4\DR4\Partition0 - ok
09:07:20.0506 8332 ============================================================
09:07:20.0506 8332 Scan finished
09:07:20.0506 8332 ============================================================
09:07:20.0523 6148 Detected object count: 0
09:07:20.0523 6148 Actual detected object count: 0
09:08:01.0388 10084 Deinitialize success



aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 09:09:23
-----------------------------
09:09:23.769 OS Version: Windows x64 6.1.7601 Service Pack 1
09:09:23.769 Number of processors: 4 586 0x170A
09:09:23.771 ComputerName: HORATIO UserName:
09:09:25.733 Initialize success
09:09:25.969 AVAST engine defs: 12052401
09:11:51.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:11:51.654 Disk 0 Vendor: WDC_WD5000AAJS-55A8B2 01.03B01 Size: 476940MB BusType: 3
09:11:51.657 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000070
09:11:51.660 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
09:11:51.664 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000071
09:11:51.668 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
09:11:51.683 Disk 0 MBR read successfully
09:11:51.686 Disk 0 MBR scan
09:11:51.690 Disk 0 Windows 7 default MBR code
09:11:51.700 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10744 MB offset 2048
09:11:51.714 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22005760
09:11:51.729 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466094 MB offset 22210560
09:11:51.746 Disk 0 scanning C:\Windows\system32\drivers
09:12:02.059 Service scanning
09:12:27.275 Modules scanning
09:12:27.282 Disk 0 trace - called modules:
09:12:27.296 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:12:27.301 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006494060]
09:12:27.307 3 CLASSPNP.SYS[fffff8800194d43f] -> nt!IofCallDriver -> [0xfffffa8005e00520]
09:12:27.313 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005df9060]
09:12:28.469 AVAST engine scan C:\Windows
09:12:34.452 AVAST engine scan C:\Windows\system32
09:14:29.843 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
09:14:34.695 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win64:Sirefef-C [Drp]
09:18:28.758 AVAST engine scan C:\Windows\system32\drivers
09:18:48.435 AVAST engine scan C:\Users\Jennifer
09:21:49.907 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
09:21:49.921 The log file has been saved successfully to "C:\aswMBR.txt"


ESET
C:\$RECYCLE.BIN\S-1-5-21-981400461-4034615235-502667543-1000\$R6K65UJ.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-981400461-4034615235-502667543-1000\$RKHX1XP.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-981400461-4034615235-502667543-1000\$ROBQDT0.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-981400461-4034615235-502667543-1000\$ROBVL78.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RFYAN1J7\mx_mainxu[1].txt HTML/Iframe.B.Gen virus deleted - quarantined
G:\Archive - Downloads\Bearshare - Gnutella\BearInst.exe Win32/Adware.OnFlow.AA application deleted - quarantined
G:\Archive - Downloads\__Media Tools\Mobile Media Converter - milksoft.net\MMCsetup v1.7.0.exe Win32/Somoto application deleted - quarantined
G:\Archive - Downloads\__Media Tools\youtubedownload.com - save videos\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\Archive - Downloads\__Media Tools\youtubedownload.com - save videos\YouTubeDownloaderSetup272.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\Archive - Downloads\__Media Tools\youtubedownload.com - save videos\YouTubeDownloaderSetup32.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
G:\Archive - Downloads\__System Tools\freefileviewer_730.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
G:\Kim - 150\FinalTorrent2011Setup.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 24 May 2012 - 09:55 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

Rogue killer

RIght click on it and run as administrator,click on HOSTS FIX option on right side

A log should get generated after the fix ,post the log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#5 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 25 May 2012 - 02:49 PM

1. Malwarebytes ran ok and I deleted the items.


2. RogueKiller log is below. It only seems to have checked one of the two external USB drives (the WD is the internal Win7 boot drive).
Also - it asked me if I wanted to delete anything before I exited - I didn't delete anything.

RogueKiller V7.5.0 [05/24/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Jennifer [Admin rights]
Mode: Scan -- Date: 05/25/2012 12:30:42

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver: [NOT LOADED]

Infection :

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD5000AAJS-55A8B2 ATA Device +++++
--- User ---
[MBR] b6fa368eed07dfd4925af6ffbb8aa535
[BSP] 6d2e89cfb1035fd5783da801393f4c28 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10744 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 22005760 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22210560 | Size: 466094 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 603c2317f4e1fb39a277a7453e99bf94
[BSP] 3cb3b15ee62e1c87f993473e8e95e497 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


3. mini toolbox
I sent the MiniToolBox log to you via PM on this site. (it had a lot of MAC and IP address info in it)

Thanks for all your help.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 25 May 2012 - 05:28 PM

Malwarebytes ran ok and I deleted the items.

Please post the clean log

Click on startmenu and type

cmd

right click on it and select run as administrator and run these commands

cd c:\windows\assembly
attrib -s -h -r desktop.ini
ren desktop.ini desktop.ini.old


Now launch malwarebytes,click on MORE TOOLS

Click on RUN TOOL

Browse to C:\windows\assembly\GAC_32 & C:\windows\assembly\GAC_64

delete the desktop.ini files ,re run aswmbr and post the new log

Edited by narenxp, 25 May 2012 - 05:29 PM.


#7 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 26 May 2012 - 09:02 AM

Sorry...

1. Clean Malwarebytes log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.25.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jennifer :: HORATIO [administrator]

Protection: Enabled

25-May-2012 11:37:50 PM
mbam-log-2012-05-25 (23-37-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1203086
Time elapsed: 3 hour(s), 49 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. aswMBR scan log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-26 06:48:27
-----------------------------
06:48:27.290 OS Version: Windows x64 6.1.7601 Service Pack 1
06:48:27.291 Number of processors: 4 586 0x170A
06:48:27.292 ComputerName: HORATIO UserName:
06:48:31.121 Initialize success
06:48:31.404 AVAST engine defs: 12052600
06:49:19.042 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:49:19.044 Disk 0 Vendor: WDC_WD5000AAJS-55A8B2 01.03B01 Size: 476940MB BusType: 3
06:49:19.047 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006d
06:49:19.050 Disk 1 Vendor: RICOH 02 Size: 476940MB BusType: 0
06:49:19.054 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
06:49:19.057 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
06:49:19.073 Disk 0 MBR read successfully
06:49:19.076 Disk 0 MBR scan
06:49:19.080 Disk 0 Windows 7 default MBR code
06:49:19.090 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10744 MB offset 2048
06:49:19.104 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 22005760
06:49:19.111 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 466094 MB offset 22210560
06:49:19.129 Disk 0 scanning C:\Windows\system32\drivers
06:49:30.538 Service scanning
06:49:55.093 Modules scanning
06:49:55.100 Disk 0 trace - called modules:
06:49:55.121 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
06:49:55.127 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80060d1060]
06:49:55.133 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8005df4580]
06:49:55.138 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005df6060]
06:49:55.900 AVAST engine scan C:\Windows
06:50:01.202 AVAST engine scan C:\Windows\system32
06:54:44.223 AVAST engine scan C:\Windows\system32\drivers
06:55:15.845 AVAST engine scan C:\Users\Jennifer
07:00:42.509 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
07:00:42.509 The log file has been saved successfully to "C:\aswMBR.txt"

Many thanks!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 26 May 2012 - 10:39 AM

Download

Farbar Service Scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#9 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 26 May 2012 - 06:08 PM

1. Farbar Service Scanner log:

Farbar Service Scanner Version: 25-05-2012
Ran by Jennifer (administrator) on 26-05-2012 at 09:49:57
Running from "G:\Archive - Downloads\__VIRUS Tools\bleepingcomputer.com"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 26 May 2012 - 06:28 PM

Download

http://www.snapfiles.com/get/erunt.html

Install it and backup your registry to C:/Windows/erdnt

Now Download the registry files

windows firewall

base filtering engine

windows defender

Download three files

Launch them one by one,click YES when you get a prompt


Restart your PC

Now,Press WIndows+R key and type

regedit and click ok

go to

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE

Right click on it-permissions

Click on ADD and type

Everyone and click ok

Now Click on Everyone

Below you have permission for users

Select full control and click ok


Press WIndows+R key and type

services.msc and click ok

start base filtering engine service and then windows firewall service

Post new FSS log

Edited by narenxp, 26 May 2012 - 06:29 PM.


#11 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 26 May 2012 - 08:49 PM

All done.

1. New FSS log:

Farbar Service Scanner Version: 25-05-2012
Ran by Jennifer (administrator) on 26-05-2012 at 18:45:23
Running from "G:\Archive - Downloads\__VIRUS Tools\bleepingcomputer.com"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 26 May 2012 - 08:56 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 26 May 2012 - 09:53 PM

I tried to download TFC: Avast claimed that TC is infected with "Win32:Malware-gen"

?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:41 AM

Posted 26 May 2012 - 09:55 PM

Ignore the warning,its a false positive :thumbup2:

#15 Mobico R

Mobico R
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 27 May 2012 - 11:54 PM

Thank you - all done and all seems to be running ok.

As a result of the false positive on TFC (from Avast) Avast wanted the system to be rebooted and then it ran a full scan in command line mode BEFORE Windows started - but my system then went into a black screen of death. I rebooted and some Windows Startup Repair screens futzed me about for a good 30 minutes. Eventually I got back to a 'normal' Windows logon screen and all seems ok.

I created the restore point. I updated Java.

I have learned a lot. I appreciate your help very much. Do you accept donations?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users