Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restoring Win7 function after clearing virus infection


  • Please log in to reply
9 replies to this topic

#1 xucam

xucam

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 14 August 2012 - 11:12 AM

Running Windows 7 professional 32-bit, SP-1, auto-updates running (before this issue).

I booted up my computer after two weeks away, and noticed URL redirects in firefox. I then tried a windows update, but found that service was not running. Ditto for windows firewall and other security functions, including my anti-virus, MS Security Essentials (MSSE).

Uninstalled and re-loaded MSSE, scan showed 'sirefef.AC' and other variants. Tried to delete, but got dialog saying 'windows detected an error, shutting down in 60 seconds. Subsequent reboots (into normal, safe, safe+networking, disable auto reboot, etc.) all got the same dialog + reboot right after starting - the virus fighting to stay alive, I suspect.

Moved HDD to another computer, scanned with Norton anti-virus, which found 'zero-access' and other infections in various files, including win/sys_32/services.exe, ~/downloads/clippy.exe (wtf?), firefox/extentions/xyz.xpi. Removed all infected files. Also reformatted an OEM disk partition (Dell) and another unused partition, to hopefully kill any malware stashed there.

Moved the disk back to the original machine, boot failed so used 'computer recovery', *not* to previous version (figuring that might have been corrupt). System now boots, restored services.exe is clean. Downloaded and re-installed MSSE, scans now come back clean. Ran sfc /scannow, system checks out as good. However, I cannot start MS update, nor start windows firewall, and probably other things as well. Ran a registry cleaner from CNET, which cleared some entries but didn't restore function.

Questions:

A. How can I restore system function without doing a clean install? Ideally, I'd like to go back to all the system defaults, and try from there. I do not currently have the media for this version of Win7, but will get it within a week.

B. Does the sfc verification mean that the system is truly intact, or does this just look at a small subset of files?

C. Maybe I am way off base in my analysis of things, any other suggestions?

Thanks for reading this, and any help you can provide would be appreciated.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:11 AM

Posted 18 August 2012 - 07:48 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 xucam

xucam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 19 August 2012 - 02:00 AM

Thanks for the reply. I've download the three scanners suggested, the tdskiller finished quickly and found nothing with the default settings, nor when I enabled 'scan loaded modules'. the other two take longer, and are running as I write - but neither has yet reported a threat. As I mentioned, I manually cleaned the HDD in another system, and already have two anti-virus programs saying it is virus-free. If either aswMBR or eset report an issue I will post that here.

What I'd really like to know is if there is a utility to restore Win7 file permissions and settings to their default values. As an example, the windows update service was not running, nor did it show up in the list of services to start. I ran a MS tool to fix this, and now the service runs as expected. I just can't actually get the updates, because the BITS service is similarly hosed - yet the sfc scannow says all the system files are intact.

Thanks again,

-Dave

TDSSkiller
aswMBR
ESET online scanner





#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:11 AM

Posted 19 August 2012 - 05:34 AM

I need to look at the logs before fixing the services :thumbup2: SFC /SCANNOW cannot fix missing registry keys

Edited by narenxp, 19 August 2012 - 05:35 AM.


#5 xucam

xucam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 19 August 2012 - 12:57 PM

Hi,

Below are TDSKill and AvastMBR logs, as well as list of eset found threats - which is null. None of them found contagion, and I can't see anything about missing registry keys in the logs - but I am a neophyte at looking at such things.

Thanks,

-Dave

TDSKill:
09:41:44.0252 1392 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
09:41:44.0864 1392 ============================================================
09:41:44.0864 1392 Current date / time: 2012/08/19 09:41:44.0864
09:41:44.0864 1392 SystemInfo:
09:41:44.0864 1392
09:41:44.0864 1392 OS Version: 6.1.7601 ServicePack: 1.0
09:41:44.0864 1392 Product type: Workstation
09:41:44.0864 1392 ComputerName: SANDIEGO
09:41:44.0864 1392 UserName: dcampbell
09:41:44.0864 1392 Windows directory: C:\Windows
09:41:44.0864 1392 System windows directory: C:\Windows
09:41:44.0864 1392 Processor architecture: Intel x86
09:41:44.0864 1392 Number of processors: 2
09:41:44.0864 1392 Page size: 0x1000
09:41:44.0864 1392 Boot type: Normal boot
09:41:44.0864 1392 ============================================================
09:41:45.0729 1392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x2A51C, SectorsPerTrack: 0x17, TracksPerCylinder: 0xF5, Type 'K0', Flags 0x00000050
09:41:45.0736 1392 ============================================================
09:41:45.0736 1392 \Device\Harddisk0\DR0:
09:41:45.0736 1392 MBR partitions:
09:41:45.0736 1392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x75000
09:41:45.0736 1392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x76000, BlocksNum 0x96000
09:41:45.0736 1392 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10C000, BlocksNum 0x2DF29800
09:41:45.0756 1392 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x2E036000, BlocksNum 0xC34F800
09:41:45.0756 1392 ============================================================
09:41:45.0798 1392 C: <-> \Device\Harddisk0\DR0\Partition3
09:41:45.0869 1392 E: <-> \Device\Harddisk0\DR0\Partition4
09:41:45.0897 1392 F: <-> \Device\Harddisk0\DR0\Partition1
09:41:45.0897 1392 ============================================================
09:41:45.0897 1392 Initialize success
09:41:45.0897 1392 ============================================================
09:41:48.0821 5972 ============================================================
09:41:48.0821 5972 Scan started
09:41:48.0821 5972 Mode: Manual;
09:41:48.0821 5972 ============================================================
09:41:49.0499 5972 ================ Scan services =============================
09:41:50.0669 5972 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:41:50.0671 5972 1394ohci - ok
09:41:50.0706 5972 [ f0e07d144c8685b8774bc32fc8da4df0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:41:50.0709 5972 ACPI - ok
09:41:50.0764 5972 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:41:50.0764 5972 AcpiPmi - ok
09:41:50.0933 5972 [ 45d8e2a2d8b9f33c32a7adb6900c6e04 ] acsock C:\Windows\system32\DRIVERS\acsock.sys
09:41:50.0934 5972 acsock - ok
09:41:51.0016 5972 [ 9ae87d8e973b18b0cda4a6ac69943ba5 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
09:41:51.0019 5972 ADIHdAudAddService - ok
09:41:51.0101 5972 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:41:51.0402 5972 adp94xx - ok
09:41:51.0446 5972 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:41:51.0449 5972 adpahci - ok
09:41:51.0518 5972 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:41:51.0519 5972 adpu320 - ok
09:41:51.0911 5972 [ 96d6cdd0b32846e8cfbe592f4f32e608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:41:51.0915 5972 AdvancedSystemCareService5 - ok
09:41:51.0951 5972 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:41:51.0952 5972 AeLookupSvc - ok
09:41:52.0070 5972 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:41:52.0073 5972 AFD - ok
09:41:52.0111 5972 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
09:41:52.0112 5972 agp440 - ok
09:41:52.0191 5972 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:41:52.0192 5972 aic78xx - ok
09:41:52.0325 5972 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
09:41:52.0326 5972 ALG - ok
09:41:52.0431 5972 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:41:52.0432 5972 aliide - ok
09:41:52.0494 5972 [ 1a7d7abf6eeebc1bfbfc1ba3afce01b1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:41:52.0495 5972 AMD External Events Utility - ok
09:41:52.0532 5972 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:41:52.0533 5972 amdagp - ok
09:41:52.0575 5972 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:41:52.0576 5972 amdide - ok
09:41:52.0639 5972 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:41:52.0640 5972 AmdK8 - ok
09:41:53.0301 5972 [ ea1b5c75adbf115a965d3ba42fc3b7d6 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
09:41:53.0382 5972 amdkmdag - ok
09:41:53.0456 5972 [ e2d34b1f337096ac35588d3be8012a98 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:41:53.0458 5972 amdkmdap - ok
09:41:53.0527 5972 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:41:53.0528 5972 AmdPPM - ok
09:41:53.0652 5972 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:41:53.0653 5972 amdsata - ok
09:41:53.0782 5972 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:41:53.0784 5972 amdsbs - ok
09:41:53.0805 5972 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:41:53.0806 5972 amdxata - ok
09:41:53.0920 5972 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
09:41:53.0921 5972 AppID - ok
09:41:53.0956 5972 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:41:53.0957 5972 AppIDSvc - ok
09:41:54.0093 5972 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
09:41:54.0094 5972 Appinfo - ok
09:41:54.0447 5972 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:41:54.0448 5972 Apple Mobile Device - ok
09:41:54.0500 5972 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
09:41:54.0502 5972 AppMgmt - ok
09:41:54.0590 5972 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:41:54.0591 5972 arc - ok
09:41:54.0627 5972 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:41:54.0628 5972 arcsas - ok
09:41:54.0856 5972 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:41:54.0909 5972 aspnet_state - ok
09:41:55.0003 5972 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:41:55.0004 5972 AsyncMac - ok
09:41:55.0108 5972 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
09:41:55.0109 5972 atapi - ok
09:41:55.0274 5972 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:41:55.0278 5972 AudioEndpointBuilder - ok
09:41:55.0285 5972 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:41:55.0287 5972 Audiosrv - ok
09:41:55.0314 5972 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:41:55.0315 5972 AxInstSV - ok
09:41:55.0417 5972 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:41:55.0421 5972 b06bdrv - ok
09:41:55.0496 5972 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:41:55.0499 5972 b57nd60x - ok
09:41:55.0529 5972 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:41:55.0530 5972 BDESVC - ok
09:41:55.0580 5972 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:41:55.0581 5972 Beep - ok
09:41:55.0868 5972 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
09:41:55.0872 5972 BFE - ok
09:41:55.0924 5972 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:41:55.0925 5972 blbdrive - ok
09:41:56.0085 5972 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:41:56.0089 5972 Bonjour Service - ok
09:41:56.0123 5972 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:41:56.0124 5972 bowser - ok
09:41:56.0164 5972 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:41:56.0165 5972 BrFiltLo - ok
09:41:56.0187 5972 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:41:56.0188 5972 BrFiltUp - ok
09:41:56.0248 5972 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
09:41:56.0250 5972 Browser - ok
09:41:56.0304 5972 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:41:56.0307 5972 Brserid - ok
09:41:56.0310 5972 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:41:56.0311 5972 BrSerWdm - ok
09:41:56.0333 5972 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:41:56.0334 5972 BrUsbMdm - ok
09:41:56.0357 5972 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:41:56.0358 5972 BrUsbSer - ok
09:41:56.0392 5972 BTCFilterService - ok
09:41:56.0444 5972 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:41:56.0445 5972 BTHMODEM - ok
09:41:56.0596 5972 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
09:41:56.0602 5972 bthserv - ok
09:41:56.0665 5972 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:41:56.0666 5972 cdfs - ok
09:41:56.0780 5972 [ ba6e70aa0e6091bc39de29477d866a77 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:41:56.0782 5972 cdrom - ok
09:41:56.0953 5972 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
09:41:56.0974 5972 CertPropSvc - ok
09:41:57.0037 5972 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:41:57.0038 5972 circlass - ok
09:41:57.0088 5972 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
09:41:57.0090 5972 CLFS - ok
09:41:57.0229 5972 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:41:57.0231 5972 clr_optimization_v2.0.50727_32 - ok
09:41:57.0339 5972 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:41:57.0907 5972 clr_optimization_v4.0.30319_32 - ok
09:41:57.0951 5972 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:41:57.0951 5972 CmBatt - ok
09:41:57.0974 5972 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:41:57.0975 5972 cmdide - ok
09:41:58.0067 5972 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
09:41:58.0071 5972 CNG - ok
09:41:58.0089 5972 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:41:58.0091 5972 Compbatt - ok
09:41:58.0146 5972 [ f1724ba27e97d627f808fb0ba77a28a6 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:41:58.0147 5972 CompositeBus - ok
09:41:58.0193 5972 COMSysApp - ok
09:41:58.0227 5972 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:41:58.0228 5972 crcdisk - ok
09:41:58.0329 5972 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:41:58.0331 5972 CryptSvc - ok
09:41:58.0411 5972 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys
09:41:58.0414 5972 CSC - ok
09:41:58.0482 5972 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll
09:41:58.0487 5972 CscService - ok
09:41:58.0556 5972 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
09:41:58.0561 5972 DcomLaunch - ok
09:41:58.0627 5972 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:41:58.0630 5972 defragsvc - ok
09:41:58.0808 5972 [ 893a82d118833a850459dd470ffa48d9 ] DeviceMonitorService C:\Program Files\Motorola Media Link\NServiceEntry.exe
09:41:58.0883 5972 DeviceMonitorService - ok
09:41:58.0971 5972 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:41:58.0972 5972 DfsC - ok
09:41:59.0065 5972 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:41:59.0068 5972 Dhcp - ok
09:41:59.0118 5972 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
09:41:59.0119 5972 discache - ok
09:41:59.0190 5972 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:41:59.0191 5972 Disk - ok
09:41:59.0258 5972 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:41:59.0260 5972 Dnscache - ok
09:41:59.0336 5972 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:41:59.0338 5972 dot3svc - ok
09:41:59.0394 5972 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
09:41:59.0396 5972 DPS - ok
09:41:59.0488 5972 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:41:59.0489 5972 drmkaud - ok
09:41:59.0667 5972 [ bc9c2ef22ee0320c079e3ff9b4d29951 ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
09:41:59.0668 5972 DSI_SiUSBXp_3_1 - ok
09:41:59.0825 5972 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:41:59.0831 5972 DXGKrnl - ok
09:41:59.0980 5972 [ cf0a6015f437161698c5b2a0a12cf052 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
09:41:59.0983 5972 e1express - ok
09:42:00.0114 5972 [ 19e30c3c80d8ce29944b3f30ff9c8b76 ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
09:42:00.0116 5972 e1kexpress - ok
09:42:00.0169 5972 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
09:42:00.0171 5972 EapHost - ok
09:42:00.0588 5972 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:42:00.0615 5972 ebdrv - ok
09:42:00.0688 5972 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
09:42:00.0689 5972 EFS - ok
09:42:00.0907 5972 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:42:00.0911 5972 ehRecvr - ok
09:42:00.0956 5972 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
09:42:00.0957 5972 ehSched - ok
09:42:01.0049 5972 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:42:01.0053 5972 elxstor - ok
09:42:01.0093 5972 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:42:01.0094 5972 ErrDev - ok
09:42:01.0194 5972 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
09:42:01.0197 5972 EventSystem - ok
09:42:01.0252 5972 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
09:42:01.0253 5972 exfat - ok
09:42:01.0313 5972 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:42:01.0315 5972 fastfat - ok
09:42:01.0517 5972 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
09:42:01.0522 5972 Fax - ok
09:42:01.0563 5972 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:42:01.0564 5972 fdc - ok
09:42:01.0661 5972 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
09:42:01.0662 5972 fdPHost - ok
09:42:01.0699 5972 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
09:42:01.0700 5972 FDResPub - ok
09:42:01.0735 5972 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:42:01.0736 5972 FileInfo - ok
09:42:01.0748 5972 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:42:01.0749 5972 Filetrace - ok
09:42:01.0789 5972 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:42:01.0790 5972 flpydisk - ok
09:42:01.0870 5972 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:42:01.0872 5972 FltMgr - ok
09:42:02.0063 5972 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
09:42:02.0070 5972 FontCache - ok
09:42:02.0187 5972 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:42:02.0188 5972 FontCache3.0.0.0 - ok
09:42:02.0224 5972 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:42:02.0225 5972 FsDepends - ok
09:42:02.0288 5972 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:42:02.0289 5972 Fs_Rec - ok
09:42:02.0367 5972 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:42:02.0369 5972 fvevol - ok
09:42:02.0462 5972 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:42:02.0464 5972 gagp30kx - ok
09:42:02.0519 5972 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:42:02.0520 5972 GEARAspiWDM - ok
09:42:02.0815 5972 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:42:02.0816 5972 GoogleDesktopManager-051210-111108 - ok
09:42:02.0951 5972 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:42:02.0957 5972 gpsvc - ok
09:42:03.0088 5972 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:42:03.0088 5972 gupdate - ok
09:42:03.0203 5972 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:42:03.0204 5972 gupdatem - ok
09:42:03.0267 5972 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:42:03.0268 5972 gusvc - ok
09:42:03.0416 5972 [ 51fa91bb463b15fd8eacd5045c3f2fa6 ] hcmon C:\Windows\system32\drivers\hcmon.sys
09:42:03.0417 5972 hcmon - ok
09:42:03.0473 5972 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:42:03.0474 5972 hcw85cir - ok
09:42:03.0682 5972 [ 3530cad25deba7dc7de8bb51632cbc5f ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:42:03.0684 5972 HdAudAddService - ok
09:42:03.0740 5972 [ 717a2207fd6f13ad3e664c7d5a43c7bf ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:42:03.0741 5972 HDAudBus - ok
09:42:03.0763 5972 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:42:03.0764 5972 HidBatt - ok
09:42:03.0792 5972 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:42:03.0794 5972 HidBth - ok
09:42:03.0839 5972 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:42:03.0840 5972 HidIr - ok
09:42:03.0874 5972 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\system32\hidserv.dll
09:42:03.0876 5972 hidserv - ok
09:42:03.0983 5972 [ 25072fb35ac90b25f9e4e3bacf774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:42:03.0984 5972 HidUsb - ok
09:42:04.0020 5972 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:42:04.0021 5972 hkmsvc - ok
09:42:04.0104 5972 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:42:04.0107 5972 HomeGroupListener - ok
09:42:04.0176 5972 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:42:04.0179 5972 HomeGroupProvider - ok
09:42:04.0250 5972 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:42:04.0251 5972 HpSAMD - ok
09:42:04.0379 5972 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:42:04.0384 5972 HTTP - ok
09:42:04.0418 5972 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:42:04.0419 5972 hwpolicy - ok
09:42:04.0497 5972 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:42:04.0499 5972 i8042prt - ok
09:42:04.0573 5972 [ d483687eace0c065ee772481a96e05f5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:42:04.0575 5972 iaStor - ok
09:42:04.0680 5972 [ 934af4d7c5f457b9f0743f4299b77b67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:42:04.0683 5972 iaStorV - ok
09:42:04.0867 5972 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:42:04.0875 5972 idsvc - ok
09:42:05.0854 5972 [ ad626f6964f4d364d226c39e06872dd3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:42:05.0925 5972 igfx - ok
09:42:06.0017 5972 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:42:06.0018 5972 iirsp - ok
09:42:06.0198 5972 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:42:06.0204 5972 IKEEXT - ok
09:42:06.0274 5972 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:42:06.0275 5972 intelide - ok
09:42:06.0308 5972 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:42:06.0310 5972 intelppm - ok
09:42:06.0369 5972 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:42:06.0371 5972 IPBusEnum - ok
09:42:06.0410 5972 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:42:06.0411 5972 IpFilterDriver - ok
09:42:06.0483 5972 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:42:06.0484 5972 IPMIDRV - ok
09:42:06.0504 5972 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:42:06.0505 5972 IPNAT - ok
09:42:06.0812 5972 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:42:06.0815 5972 iPod Service - ok
09:42:06.0919 5972 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:42:06.0920 5972 IRENUM - ok
09:42:06.0957 5972 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:42:06.0958 5972 isapnp - ok
09:42:07.0022 5972 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:42:07.0024 5972 iScsiPrt - ok
09:42:07.0056 5972 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:42:07.0057 5972 kbdclass - ok
09:42:07.0114 5972 [ 3d9f0ebf350edcfd6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:42:07.0115 5972 kbdhid - ok
09:42:07.0147 5972 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
09:42:07.0148 5972 KeyIso - ok
09:42:07.0339 5972 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:42:07.0340 5972 KSecDD - ok
09:42:07.0364 5972 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:42:07.0366 5972 KSecPkg - ok
09:42:07.0483 5972 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
09:42:07.0486 5972 KtmRm - ok
09:42:07.0783 5972 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\system32\srvsvc.dll
09:42:07.0786 5972 LanmanServer - ok
09:42:08.0002 5972 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:42:08.0005 5972 LanmanWorkstation - ok
09:42:08.0116 5972 [ cb5d13966f74d7f000724a907f614193 ] libusb0 C:\Windows\system32\drivers\libusb0.sys
09:42:08.0117 5972 libusb0 - ok
09:42:08.0217 5972 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:42:08.0218 5972 lltdio - ok
09:42:08.0289 5972 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:42:08.0292 5972 lltdsvc - ok
09:42:08.0347 5972 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
09:42:08.0348 5972 lmhosts - ok
09:42:08.0384 5972 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:42:08.0386 5972 LSI_FC - ok
09:42:08.0425 5972 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:42:08.0427 5972 LSI_SAS - ok
09:42:08.0528 5972 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:42:08.0529 5972 LSI_SAS2 - ok
09:42:08.0546 5972 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:42:08.0548 5972 LSI_SCSI - ok
09:42:08.0587 5972 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
09:42:08.0588 5972 luafv - ok
09:42:08.0794 5972 [ 8be71d7edb8c7494913722059f760dd0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
09:42:08.0795 5972 LVPr2Mon - ok
09:42:09.0077 5972 [ ed643e777ba3f7151ef3f0fb6be4f7f0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
09:42:09.0175 5972 LVRS - ok
09:42:10.0140 5972 [ 37e57c48af530df01cdd4e8a2ad77b51 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
09:42:10.0215 5972 LVUVC - ok
09:42:10.0768 5972 [ 6311f8863d898ce60c048779f9d86e74 ] lxecCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
09:42:10.0803 5972 lxecCATSCustConnectService - ok
09:42:10.0870 5972 lxec_device - ok
09:42:10.0951 5972 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:42:10.0953 5972 Mcx2Svc - ok
09:42:10.0989 5972 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:42:10.0990 5972 megasas - ok
09:42:11.0227 5972 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:42:11.0229 5972 MegaSR - ok
09:42:11.0275 5972 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
09:42:11.0276 5972 MMCSS - ok
09:42:11.0300 5972 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:42:11.0301 5972 Modem - ok
09:42:11.0482 5972 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:42:11.0483 5972 monitor - ok
09:42:11.0571 5972 [ 0a43169e115b5e9346a4ba1effcb04cb ] motandroidusb C:\Windows\system32\Drivers\motoandroid.sys
09:42:11.0572 5972 motandroidusb - ok
09:42:11.0627 5972 motccgp - ok
09:42:11.0661 5972 motccgpfl - ok
09:42:11.0704 5972 motmodem - ok
09:42:11.0912 5972 [ 9dfd34e6841c460b5d992a1c5327ae69 ] MotoHelper C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
09:42:11.0914 5972 MotoHelper - ok
09:42:12.0062 5972 [ 2708dfe5e9adfc94e56daea76dde614d ] MotoHelper.exe C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe
09:42:12.0063 5972 MotoHelper.exe - ok
09:42:12.0065 5972 MotoSwitchService - ok
09:42:12.0094 5972 Motousbnet - ok
09:42:12.0125 5972 motusbdevice - ok
09:42:12.0171 5972 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:42:12.0172 5972 mouclass - ok
09:42:12.0211 5972 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:42:12.0212 5972 mouhid - ok
09:42:12.0298 5972 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:42:12.0300 5972 mountmgr - ok
09:42:12.0524 5972 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:42:12.0526 5972 MozillaMaintenance - ok
09:42:12.0643 5972 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
09:42:12.0644 5972 MpFilter - ok
09:42:12.0691 5972 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:42:12.0693 5972 mpio - ok
09:42:12.0974 5972 [ a69630d039c38018689190234f866d77 ] MpKsl11dfdcff c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF5E7425-6FBE-4F30-AC21-3CC0B8D36C56}\MpKsl11dfdcff.sys
09:42:12.0975 5972 MpKsl11dfdcff - ok
09:42:13.0131 5972 [ a69630d039c38018689190234f866d77 ] MpKsl6a6cf4da c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF5E7425-6FBE-4F30-AC21-3CC0B8D36C56}\MpKsl6a6cf4da.sys
09:42:13.0132 5972 MpKsl6a6cf4da - ok
09:42:13.0218 5972 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:42:13.0220 5972 mpsdrv - ok
09:42:13.0417 5972 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:42:13.0422 5972 MpsSvc - ok
09:42:13.0491 5972 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:42:13.0493 5972 MRxDAV - ok
09:42:13.0550 5972 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:42:13.0551 5972 mrxsmb - ok
09:42:13.0654 5972 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:42:13.0656 5972 mrxsmb10 - ok
09:42:13.0682 5972 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:42:13.0684 5972 mrxsmb20 - ok
09:42:13.0760 5972 [ 4326d168944123f38dd3b2d9c37a0b12 ] msahci C:\Windows\system32\drivers\msahci.sys
09:42:13.0761 5972 msahci - ok
09:42:13.0793 5972 [ 455029c7174a2dbb03dba8a0d8bddd9a ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:42:13.0795 5972 msdsm - ok
09:42:13.0854 5972 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
09:42:13.0857 5972 MSDTC - ok
09:42:13.0914 5972 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:42:13.0915 5972 Msfs - ok
09:42:13.0940 5972 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:42:13.0941 5972 mshidkmdf - ok
09:42:14.0013 5972 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:42:14.0014 5972 msisadrv - ok
09:42:14.0121 5972 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:42:14.0123 5972 MSiSCSI - ok
09:42:14.0126 5972 msiserver - ok
09:42:14.0214 5972 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:42:14.0215 5972 MSKSSRV - ok
09:42:14.0428 5972 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:42:14.0429 5972 MsMpSvc - ok
09:42:14.0496 5972 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:42:14.0497 5972 MSPCLOCK - ok
09:42:14.0596 5972 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:42:14.0624 5972 MSPQM - ok
09:42:14.0711 5972 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:42:14.0713 5972 MsRPC - ok
09:42:14.0761 5972 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:42:14.0762 5972 mssmbios - ok
09:42:14.0873 5972 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:42:14.0876 5972 MSTEE - ok
09:42:14.0898 5972 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:42:14.0899 5972 MTConfig - ok
09:42:14.0940 5972 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:42:14.0941 5972 Mup - ok
09:42:15.0042 5972 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
09:42:15.0046 5972 napagent - ok
09:42:15.0146 5972 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:42:15.0149 5972 NativeWifiP - ok
09:42:15.0329 5972 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:42:15.0335 5972 NDIS - ok
09:42:15.0414 5972 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:15.0415 5972 NdisCap - ok
09:42:15.0479 5972 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:15.0480 5972 NdisTapi - ok
09:42:15.0558 5972 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:15.0559 5972 Ndisuio - ok
09:42:15.0623 5972 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:15.0624 5972 NdisWan - ok
09:42:15.0655 5972 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:42:15.0656 5972 NDProxy - ok
09:42:15.0731 5972 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:42:15.0732 5972 NetBIOS - ok
09:42:15.0806 5972 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:42:15.0831 5972 NetBT - ok
09:42:15.0854 5972 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
09:42:15.0855 5972 Netlogon - ok
09:42:16.0001 5972 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
09:42:16.0004 5972 Netman - ok
09:42:16.0124 5972 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:42:16.0164 5972 NetMsmqActivator - ok
09:42:16.0235 5972 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:42:16.0236 5972 NetPipeActivator - ok
09:42:16.0333 5972 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
09:42:16.0339 5972 netprofm - ok
09:42:16.0363 5972 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:42:16.0364 5972 NetTcpActivator - ok
09:42:16.0367 5972 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:42:16.0367 5972 NetTcpPortSharing - ok
09:42:16.0443 5972 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:42:16.0444 5972 nfrd960 - ok
09:42:16.0481 5972 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:42:16.0482 5972 NisDrv - ok
09:42:16.0689 5972 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
09:42:16.0691 5972 NisSrv - ok
09:42:16.0792 5972 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:42:16.0795 5972 NlaSvc - ok
09:42:16.0857 5972 [ b1ef4686961986dffb7fe8f18e6fcb5b ] nlsX86cc C:\Windows\system32\nlssrv32.exe
09:42:16.0859 5972 nlsX86cc - ok
09:42:17.0005 5972 [ 02e96113511171ba7559386d10d3daea ] nmwcdnsu C:\Windows\system32\drivers\nmwcdnsu.sys
09:42:17.0007 5972 nmwcdnsu - ok
09:42:17.0070 5972 [ fb09150cfc7a499a53c308d04841a3bd ] nmwcdnsuc C:\Windows\system32\drivers\nmwcdnsuc.sys
09:42:17.0070 5972 nmwcdnsuc - ok
09:42:17.0141 5972 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:42:17.0142 5972 Npfs - ok
09:42:17.0187 5972 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
09:42:17.0189 5972 nsi - ok
09:42:17.0247 5972 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:42:17.0248 5972 nsiproxy - ok
09:42:17.0420 5972 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:42:17.0430 5972 Ntfs - ok
09:42:17.0464 5972 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
09:42:17.0465 5972 Null - ok
09:42:17.0512 5972 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:42:17.0513 5972 nvraid - ok
09:42:17.0575 5972 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:42:17.0577 5972 nvstor - ok
09:42:17.0633 5972 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:42:17.0634 5972 nv_agp - ok
09:42:17.0681 5972 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:42:17.0682 5972 ohci1394 - ok
09:42:17.0853 5972 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:42:17.0855 5972 ose - ok
09:42:18.0823 5972 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:42:18.0896 5972 osppsvc - ok
09:42:19.0019 5972 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:42:19.0022 5972 p2pimsvc - ok
09:42:19.0140 5972 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:42:19.0144 5972 p2psvc - ok
09:42:19.0197 5972 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:42:19.0198 5972 Parport - ok
09:42:19.0263 5972 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:42:19.0264 5972 partmgr - ok
09:42:19.0288 5972 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:42:19.0289 5972 Parvdm - ok
09:42:19.0345 5972 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:42:19.0347 5972 PcaSvc - ok
09:42:19.0408 5972 [ c858cb77c577780ecc456a892e7e7d0f ] pci C:\Windows\system32\drivers\pci.sys
09:42:19.0410 5972 pci - ok
09:42:19.0515 5972 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
09:42:19.0516 5972 pciide - ok
09:42:19.0581 5972 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:42:19.0583 5972 pcmcia - ok
09:42:19.0630 5972 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
09:42:19.0631 5972 pcw - ok
09:42:19.0761 5972 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:42:19.0766 5972 PEAUTH - ok
09:42:19.0977 5972 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:42:19.0986 5972 PeerDistSvc - ok
09:42:20.0320 5972 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
09:42:20.0334 5972 pla - ok
09:42:20.0481 5972 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:42:20.0485 5972 PlugPlay - ok
09:42:20.0535 5972 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:42:20.0537 5972 PNRPAutoReg - ok
09:42:20.0611 5972 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:42:20.0614 5972 PNRPsvc - ok
09:42:20.0763 5972 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:42:20.0767 5972 PolicyAgent - ok
09:42:20.0816 5972 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
09:42:20.0819 5972 Power - ok
09:42:20.0897 5972 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:42:20.0906 5972 PptpMiniport - ok
09:42:20.0922 5972 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:42:20.0931 5972 Processor - ok
09:42:21.0053 5972 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
09:42:21.0056 5972 ProfSvc - ok
09:42:21.0096 5972 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:42:21.0097 5972 ProtectedStorage - ok
09:42:21.0204 5972 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:42:21.0205 5972 Psched - ok
09:42:21.0324 5972 [ e42e3433dbb4cffe8fdd91eab29aea8e ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:42:21.0325 5972 PxHelp20 - ok
09:42:21.0454 5972 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:42:21.0466 5972 ql2300 - ok
09:42:21.0521 5972 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:42:21.0522 5972 ql40xx - ok
09:42:21.0575 5972 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
09:42:21.0578 5972 QWAVE - ok
09:42:21.0606 5972 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:42:21.0607 5972 QWAVEdrv - ok
09:42:21.0654 5972 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:42:21.0655 5972 RasAcd - ok
09:42:21.0750 5972 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:42:21.0751 5972 RasAgileVpn - ok
09:42:21.0829 5972 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
09:42:21.0832 5972 RasAuto - ok
09:42:21.0899 5972 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:42:21.0900 5972 Rasl2tp - ok
09:42:22.0023 5972 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
09:42:22.0027 5972 RasMan - ok
09:42:22.0075 5972 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:42:22.0076 5972 RasPppoe - ok
09:42:22.0137 5972 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:42:22.0139 5972 RasSstp - ok
09:42:22.0219 5972 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:42:22.0221 5972 rdbss - ok
09:42:22.0263 5972 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:42:22.0264 5972 rdpbus - ok
09:42:22.0303 5972 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:42:22.0304 5972 RDPCDD - ok
09:42:22.0393 5972 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:42:22.0395 5972 RDPDR - ok
09:42:22.0493 5972 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:42:22.0494 5972 RDPENCDD - ok
09:42:22.0520 5972 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:42:22.0521 5972 RDPREFMP - ok
09:42:22.0598 5972 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:42:22.0628 5972 RDPWD - ok
09:42:22.0748 5972 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:42:22.0750 5972 rdyboost - ok
09:42:22.0787 5972 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
09:42:22.0789 5972 RemoteAccess - ok
09:42:22.0824 5972 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:42:22.0826 5972 RemoteRegistry - ok
09:42:22.0921 5972 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:42:22.0922 5972 RpcEptMapper - ok
09:42:22.0943 5972 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
09:42:22.0945 5972 RpcLocator - ok
09:42:23.0022 5972 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
09:42:23.0025 5972 RpcSs - ok
09:42:23.0107 5972 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:42:23.0108 5972 rspndr - ok
09:42:23.0163 5972 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:42:23.0164 5972 s3cap - ok
09:42:23.0225 5972 [ ef4b5a8d53f15cb269469dd4e4bb0109 ] s616bus C:\Windows\system32\DRIVERS\s616bus.sys
09:42:23.0227 5972 s616bus - ok
09:42:23.0297 5972 [ 96187731eefcf83e844bc1ce6617aaeb ] s616mdfl C:\Windows\system32\DRIVERS\s616mdfl.sys
09:42:23.0298 5972 s616mdfl - ok
09:42:23.0386 5972 [ d2dd87368bfecfa099e50dc120f3f513 ] s616mdm C:\Windows\system32\DRIVERS\s616mdm.sys
09:42:23.0388 5972 s616mdm - ok
09:42:23.0518 5972 [ 5f0be24e4d4fa134b0b2fef35d3a9d90 ] s616mgmt C:\Windows\system32\DRIVERS\s616mgmt.sys
09:42:23.0519 5972 s616mgmt - ok
09:42:23.0601 5972 [ b9b507fcc67e204ef38e05ffd4176345 ] s616nd5 C:\Windows\system32\DRIVERS\s616nd5.sys
09:42:23.0602 5972 s616nd5 - ok
09:42:23.0727 5972 [ f123a1f2a04a0e8dba80b64f0072475a ] s616obex C:\Windows\system32\DRIVERS\s616obex.sys
09:42:23.0728 5972 s616obex - ok
09:42:23.0754 5972 [ e7e55048ebd5c17bfa791b4a6ec3d54b ] s616unic C:\Windows\system32\DRIVERS\s616unic.sys
09:42:23.0755 5972 s616unic - ok
09:42:23.0779 5972 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
09:42:23.0780 5972 SamSs - ok
09:42:23.0863 5972 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:42:23.0864 5972 sbp2port - ok
09:42:23.0921 5972 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:42:23.0924 5972 SCardSvr - ok
09:42:23.0953 5972 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:42:23.0954 5972 scfilter - ok
09:42:24.0090 5972 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
09:42:24.0097 5972 Schedule - ok
09:42:24.0153 5972 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
09:42:24.0153 5972 SCPolicySvc - ok
09:42:24.0201 5972 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:42:24.0204 5972 SDRSVC - ok
09:42:24.0266 5972 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:42:24.0267 5972 secdrv - ok
09:42:24.0309 5972 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
09:42:24.0310 5972 seclogon - ok
09:42:24.0353 5972 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\System32\sens.dll
09:42:24.0355 5972 SENS - ok
09:42:24.0409 5972 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:42:24.0411 5972 SensrSvc - ok
09:42:24.0449 5972 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:42:24.0450 5972 Serenum - ok
09:42:24.0500 5972 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:42:24.0502 5972 Serial - ok
09:42:24.0527 5972 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:42:24.0528 5972 sermouse - ok
09:42:24.0581 5972 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:42:24.0584 5972 SessionEnv - ok
09:42:24.0644 5972 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:42:24.0645 5972 sffdisk - ok
09:42:24.0662 5972 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:42:24.0663 5972 sffp_mmc - ok
09:42:24.0683 5972 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:42:24.0684 5972 sffp_sd - ok
09:42:24.0704 5972 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:42:24.0705 5972 sfloppy - ok
09:42:24.0809 5972 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:42:24.0813 5972 ShellHWDetection - ok
09:42:24.0865 5972 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:42:24.0867 5972 sisagp - ok
09:42:24.0905 5972 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:42:24.0906 5972 SiSRaid2 - ok
09:42:24.0951 5972 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:42:24.0953 5972 SiSRaid4 - ok
09:42:25.0139 5972 [ c70aebd3608ed9fcea2a1bae83567ffc ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:42:25.0141 5972 SkypeUpdate - ok
09:42:25.0234 5972 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:42:25.0235 5972 Smb - ok
09:42:25.0308 5972 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:42:25.0310 5972 SNMPTRAP - ok
09:42:25.0372 5972 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:42:25.0373 5972 spldr - ok
09:42:25.0544 5972 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
09:42:25.0548 5972 Spooler - ok
09:42:26.0082 5972 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:42:26.0130 5972 sppsvc - ok
09:42:26.0162 5972 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:42:26.0165 5972 sppuinotify - ok
09:42:26.0249 5972 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:42:26.0253 5972 srv - ok
09:42:26.0338 5972 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:42:26.0341 5972 srv2 - ok
09:42:26.0373 5972 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:42:26.0375 5972 srvnet - ok
09:42:26.0418 5972 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:42:26.0422 5972 SSDPSRV - ok
09:42:26.0467 5972 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:42:26.0469 5972 SstpSvc - ok
09:42:26.0498 5972 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:42:26.0499 5972 stexstor - ok
09:42:26.0653 5972 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:42:26.0658 5972 StiSvc - ok
09:42:26.0719 5972 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:42:26.0720 5972 storflt - ok
09:42:26.0803 5972 [ 0bf669f0a910beda4a32258d363af2a5 ] StorSvc C:\Windows\system32\storsvc.dll
09:42:26.0805 5972 StorSvc - ok
09:42:26.0874 5972 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:42:26.0875 5972 storvsc - ok
09:42:26.0939 5972 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:42:26.0940 5972 swenum - ok
09:42:27.0052 5972 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
09:42:27.0057 5972 swprv - ok
09:42:27.0276 5972 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
09:42:27.0287 5972 SysMain - ok
09:42:27.0356 5972 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:42:27.0358 5972 TabletInputService - ok
09:42:27.0453 5972 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
09:42:27.0457 5972 TapiSrv - ok
09:42:27.0494 5972 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
09:42:27.0496 5972 TBS - ok
09:42:27.0530 5972 [ 5150fb0f8dfe5353b15fd7d017112a4e ] tcm C:\Windows\system32\DRIVERS\tcm.sys
09:42:27.0531 5972 tcm - ok
09:42:27.0818 5972 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:42:27.0830 5972 Tcpip - ok
09:42:27.0860 5972 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:42:27.0866 5972 TCPIP6 - ok
09:42:27.0924 5972 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:42:27.0925 5972 tcpipreg - ok
09:42:27.0974 5972 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:42:27.0975 5972 TDPIPE - ok
09:42:28.0017 5972 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:42:28.0018 5972 TDTCP - ok
09:42:28.0075 5972 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:42:28.0077 5972 tdx - ok
09:42:28.0102 5972 [ c36f41ee20e6999dbf4b0425963268a5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:42:28.0103 5972 TermDD - ok
09:42:28.0203 5972 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
09:42:28.0209 5972 TermService - ok
09:42:28.0248 5972 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
09:42:28.0250 5972 Themes - ok
09:42:28.0266 5972 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
09:42:28.0267 5972 THREADORDER - ok
09:42:28.0306 5972 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
09:42:28.0308 5972 TrkWks - ok
09:42:28.0504 5972 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:42:28.0506 5972 TrustedInstaller - ok
09:42:28.0573 5972 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:42:28.0574 5972 tssecsrv - ok
09:42:28.0691 5972 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:42:28.0692 5972 TsUsbFlt - ok
09:42:28.0796 5972 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:42:28.0797 5972 tunnel - ok
09:42:28.0831 5972 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:42:28.0832 5972 uagp35 - ok
09:42:28.0887 5972 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:42:28.0889 5972 udfs - ok
09:42:29.0324 5972 [ 215462ae7e6a897d675e84dd1e3b3b56 ] ufad-ws60 C:\Program Files\VMware\VMware Player\vmware-ufad.exe
09:42:29.0327 5972 ufad-ws60 - ok
09:42:29.0384 5972 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:42:29.0387 5972 UI0Detect - ok
09:42:29.0476 5972 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:42:29.0477 5972 uliagpkx - ok
09:42:29.0515 5972 [ 049b3a50b3d646baeeee9eec9b0668dc ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:42:29.0516 5972 umbus - ok
09:42:29.0533 5972 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:42:29.0534 5972 UmPass - ok
09:42:29.0602 5972 [ 409994a8eaceee4e328749c0353527a0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:42:29.0605 5972 UmRdpService - ok
09:42:29.0944 5972 [ 927754abf077aeb5504be4e0f2c60c1b ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:42:29.0948 5972 UMVPFSrv - ok
09:42:30.0034 5972 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
09:42:30.0038 5972 upnphost - ok
09:42:30.0150 5972 [ 83cafcb53201bbac04d822f32438e244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:42:30.0151 5972 USBAAPL - ok
09:42:30.0207 5972 [ 1d9f2bd026e8e2d45033a4df3f16b78c ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:42:30.0208 5972 usbaudio - ok
09:42:30.0261 5972 [ 8455c4ed038efd09e99327f9d2d48ffa ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:42:30.0262 5972 usbccgp - ok
09:42:30.0319 5972 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:42:30.0320 5972 usbcir - ok
09:42:30.0374 5972 [ 1c333bfd60f2fed2c7ad5daf533cb742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:42:30.0382 5972 usbehci - ok
09:42:30.0486 5972 [ ee6ef93ccfa94fae8c6ab298273d8ae2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:42:30.0488 5972 usbhub - ok
09:42:30.0540 5972 [ a6fb7957ea7afb1165991e54ce934b74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:42:30.0541 5972 usbohci - ok
09:42:30.0577 5972 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:42:30.0578 5972 usbprint - ok
09:42:30.0664 5972 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:42:30.0665 5972 usbscan - ok
09:42:30.0714 5972 [ d8889d56e0d27e57ed4591837fe71d27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:42:30.0715 5972 USBSTOR - ok
09:42:30.0762 5972 [ 78780c3ebce17405b1ccd07a3a8a7d72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:42:30.0763 5972 usbuhci - ok
09:42:30.0826 5972 [ 45f4e7bf43db40a6c6b4d92c76cbc3f2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:42:30.0829 5972 usbvideo - ok
09:42:30.0902 5972 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
09:42:30.0904 5972 UxSms - ok
09:42:30.0937 5972 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
09:42:30.0938 5972 VaultSvc - ok
09:42:30.0984 5972 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:42:30.0985 5972 vdrvroot - ok
09:42:31.0113 5972 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
09:42:31.0137 5972 vds - ok
09:42:31.0191 5972 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:42:31.0192 5972 vga - ok
09:42:31.0262 5972 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:42:31.0263 5972 VgaSave - ok
09:42:31.0318 5972 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:42:31.0320 5972 vhdmp - ok
09:42:31.0375 5972 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:42:31.0376 5972 viaagp - ok
09:42:31.0402 5972 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:42:31.0403 5972 ViaC7 - ok
09:42:31.0452 5972 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
09:42:31.0453 5972 viaide - ok
09:42:31.0551 5972 [ 11dcd7a2a0b1f8532b80f5aa98f9903e ] VMAuthdService C:\Program Files\VMware\VMware Player\vmware-authd.exe
09:42:31.0553 5972 VMAuthdService - ok
09:42:31.0613 5972 [ c2f2911156fdc7817c52829c86da494e ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:42:31.0615 5972 vmbus - ok
09:42:31.0655 5972 [ d4d77455211e204f370d08f4963063ce ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:42:31.0656 5972 VMBusHID - ok
09:42:31.0790 5972 [ 6f5d703bf312cb6cda78948763cb1e0d ] vmci C:\Windows\system32\Drivers\vmci.sys
09:42:31.0792 5972 vmci - ok
09:42:31.0966 5972 [ 27df4aece721961f9c9064a31790f2ea ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
09:42:31.0967 5972 vmkbd - ok
09:42:32.0033 5972 [ e41704d8149992107b333cc7a52c07cc ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
09:42:32.0034 5972 VMnetAdapter - ok
09:42:32.0289 5972 [ 462f2a31ea8b87a28962aca998df1869 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
09:42:32.0290 5972 VMnetBridge - ok
09:42:32.0477 5972 [ b823d0dedc66ef6e7d1e8984539a5249 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
09:42:32.0481 5972 VMnetDHCP - ok
09:42:32.0576 5972 [ ea10f0c9333388d2ecc4068efb8c366d ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
09:42:32.0577 5972 VMnetuserif - ok
09:42:32.0761 5972 [ 311e4d0703f53faf7e7a5b3a2641d4fa ] VMparport C:\Windows\system32\Drivers\VMparport.sys
09:42:32.0762 5972 VMparport - ok
09:42:33.0150 5972 [ 19368f7c4dc6ef444b826249fc8a0e30 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
09:42:33.0154 5972 VMUSBArbService - ok
09:42:33.0335 5972 [ a89db7acf2175b677de750470cd72228 ] VMware NAT Service C:\Windows\system32\vmnat.exe
09:42:33.0340 5972 VMware NAT Service - ok
09:42:33.0574 5972 [ 35dc7079a413484423750db5d40b8ea6 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
09:42:33.0582 5972 vmx86 - ok
09:42:33.0613 5972 [ 384e5a2aa49934295171e499f86ba6f3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:42:33.0615 5972 volmgr - ok
09:42:33.0694 5972 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:42:33.0697 5972 volmgrx - ok
09:42:33.0776 5972 [ 58df9d2481a56edde167e51b334d44fd ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:42:33.0779 5972 volsnap - ok
09:42:34.0051 5972 [ 18507bdc6c15bd464de9ab18b6af1c23 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
09:42:34.0055 5972 vpnagent - ok
09:42:34.0145 5972 [ fddafa1c89b0b07494af5879f7ece857 ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
09:42:34.0146 5972 vpnva - ok
09:42:34.0243 5972 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:42:34.0244 5972 vsmraid - ok
09:42:34.0482 5972 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
09:42:34.0492 5972 VSS - ok
09:42:34.0673 5972 [ 98929c5c5314c4c048e2f60492c26723 ] vstor2-ws60 C:\Program Files\VMware\VMware Player\vstor2-ws60.sys
09:42:34.0674 5972 vstor2-ws60 - ok
09:42:34.0723 5972 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:42:34.0724 5972 vwifibus - ok
09:42:34.0804 5972 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
09:42:34.0808 5972 W32Time - ok
09:42:34.0851 5972 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:42:34.0852 5972 WacomPen - ok
09:42:34.0904 5972 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:42:34.0905 5972 WANARP - ok
09:42:34.0907 5972 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:42:34.0908 5972 Wanarpv6 - ok
09:42:35.0175 5972 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:42:35.0186 5972 WatAdminSvc - ok
09:42:35.0365 5972 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
09:42:35.0378 5972 wbengine - ok
09:42:35.0499 5972 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:42:35.0502 5972 WbioSrvc - ok
09:42:35.0630 5972 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:42:35.0634 5972 wcncsvc - ok
09:42:35.0676 5972 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:42:35.0678 5972 WcsPlugInService - ok
09:42:35.0696 5972 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:42:35.0697 5972 Wd - ok
09:42:35.0800 5972 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:42:35.0804 5972 Wdf01000 - ok
09:42:35.0835 5972 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:42:35.0837 5972 WdiServiceHost - ok
09:42:35.0843 5972 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:42:35.0845 5972 WdiSystemHost - ok
09:42:35.0877 5972 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
09:42:35.0880 5972 WebClient - ok
09:42:35.0938 5972 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:42:35.0941 5972 Wecsvc - ok
09:42:35.0966 5972 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:42:35.0969 5972 wercplsupport - ok
09:42:36.0072 5972 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:42:36.0075 5972 WerSvc - ok
09:42:36.0196 5972 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:42:36.0207 5972 WfpLwf - ok
09:42:36.0255 5972 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:42:36.0256 5972 WIMMount - ok
09:42:36.0261 5972 WinHttpAutoProxySvc - ok
09:42:36.0683 5972 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:42:36.0685 5972 Winmgmt - ok
09:42:36.0904 5972 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
09:42:36.0915 5972 WinRM - ok
09:42:36.0986 5972 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:42:36.0987 5972 WinUsb - ok
09:42:37.0170 5972 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:42:37.0178 5972 Wlansvc - ok
09:42:37.0236 5972 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:42:37.0237 5972 WmiAcpi - ok
09:42:37.0301 5972 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:42:37.0302 5972 wmiApSrv - ok
09:42:37.0622 5972 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:42:37.0631 5972 WMPNetworkSvc - ok
09:42:37.0718 5972 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:42:37.0720 5972 WPCSvc - ok
09:42:37.0797 5972 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:42:37.0800 5972 WPDBusEnum - ok
09:42:37.0852 5972 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:42:37.0853 5972 ws2ifsl - ok
09:42:37.0912 5972 [ 553f6ccd7c58eb98d4a8fbdaf283d7a9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:42:37.0913 5972 WSDPrintDevice - ok
09:42:37.0918 5972 WSearch - ok
09:42:38.0346 5972 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
09:42:38.0371 5972 wuauserv - ok
09:42:38.0401 5972 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:42:38.0403 5972 WudfPf - ok
09:42:38.0509 5972 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:42:38.0511 5972 WUDFRd - ok
09:42:38.0560 5972 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:42:38.0563 5972 wudfsvc - ok
09:42:38.0686 5972 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:42:38.0690 5972 WwanSvc - ok
09:42:38.0931 5972 [ dd0042f0c3b606a6a8b92d49afb18ad6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:42:38.0937 5972 YahooAUService - ok
09:42:39.0068 5972 ================ Scan global ===============================
09:42:39.0134 5972 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
09:42:39.0267 5972 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
09:42:39.0275 5972 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
09:42:39.0316 5972 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
09:42:39.0382 5972 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
09:42:39.0386 5972 [Global] - ok
09:42:39.0386 5972 ================ Scan MBR ==================================
09:42:39.0485 5972 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:42:39.0933 5972 \Device\Harddisk0\DR0 - ok
09:42:39.0933 5972 ================ Scan VBR ==================================
09:42:39.0951 5972 Boot (0x1200) (3fc18f42d83a2565e64300dbc7917a0f) \Device\Harddisk0\DR0\Partition1
09:42:39.0953 5972 \Device\Harddisk0\DR0\Partition1 - ok
09:42:39.0956 5972 Boot (0x1200) (0608dfaa8d41377945571f11c5a345e9) \Device\Harddisk0\DR0\Partition2
09:42:39.0957 5972 \Device\Harddisk0\DR0\Partition2 - ok
09:42:40.0003 5972 Boot (0x1200) (c2f890b961ae374f4390faf5d2cafb64) \Device\Harddisk0\DR0\Partition3
09:42:40.0005 5972 \Device\Harddisk0\DR0\Partition3 - ok
09:42:40.0057 5972 Boot (0x1200) (92ec7bfe561953d361c5b69532bab7e3) \Device\Harddisk0\DR0\Partition4
09:42:40.0058 5972 \Device\Harddisk0\DR0\Partition4 - ok
09:42:40.0060 5972 ============================================================
09:42:40.0060 5972 Scan finished
09:42:40.0060 5972 ============================================================
09:42:40.0067 5432 Detected object count: 0
09:42:40.0067 5432 Actual detected object count: 0

AVAST! MBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-19 09:23:26
-----------------------------
09:23:26.517 OS Version: Windows 6.1.7601 Service Pack 1
09:23:26.517 Number of processors: 2 586 0x170A
09:23:26.518 ComputerName: SANDIEGO UserName:
09:23:27.988 Initialize success
09:23:35.390 AVAST engine defs: 12081801
09:24:08.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:08.025 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
09:24:08.034 Disk 0 MBR read successfully
09:24:08.036 Disk 0 MBR scan
09:24:08.039 Disk 0 Windows 7 default MBR code
09:24:08.041 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 234 MB offset 2048
09:24:08.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 483328
09:24:08.102 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376403 MB offset 1097728
09:24:08.128 Disk 0 Partition - 00 0F Extended LBA 100000 MB offset 771971072
09:24:08.155 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 99999 MB offset 771973120
09:24:08.201 Disk 0 scanning sectors +976771072
09:24:08.284 Disk 0 scanning C:\Windows\system32\drivers
09:24:22.396 Service scanning
09:24:37.725 Service MpKsl6a6cf4da c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF5E7425-6FBE-4F30-AC21-3CC0B8D36C56}\MpKsl6a6cf4da.sys **LOCKED** 32
09:24:55.922 Modules scanning
09:25:09.425 Disk 0 trace - called modules:
09:25:09.440 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
09:25:09.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870815c0]
09:25:09.447 3 CLASSPNP.SYS[8cbb659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86249028]
09:25:10.425 AVAST engine scan C:\Windows
09:25:13.606 AVAST engine scan C:\Windows\system32
09:30:38.635 AVAST engine scan C:\Windows\system32\drivers
09:31:06.742 AVAST engine scan C:\Users\dcampbell
10:02:22.194 AVAST engine scan C:\ProgramData
10:04:24.491 Scan finished successfully
10:45:59.799 Disk 0 MBR has been saved successfully to "C:\Users\dcampbell\Desktop\MBR.dat"
10:45:59.867 The log file has been saved successfully to "C:\Users\dcampbell\Desktop\aswMBR.txt"

ESET found threats: none

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:11 AM

Posted 19 August 2012 - 09:53 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 19 August 2012 - 09:53 PM.


#7 xucam

xucam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 20 August 2012 - 01:45 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Done. First scan found two bogus registry keys, subsequent scans were clean.


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.


Done:

MiniToolBox by Farbar Version: 23-07-2012
Ran by dcampbell (administrator) on 20-08-2012 at 09:07:35
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "87.117.199.126"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® 82567LM-3 Gigabit Network Connection = Local Area Connection (Connected)
Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows = Local Area Connection 2 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection 2" forwarding=enabled advertise=enabled metric=1 nud=enabled
add address name="VMware Network Adapter VMnet1" address=192.168.88.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.192.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : sandiego
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82567LM-3 Gigabit Network Connection
Physical Address. . . . . . . . . : B8-AC-6F-4B-B4-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6419:b3a:dfc3:5e8%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, August 19, 2012 9:19:17 AM
Lease Expires . . . . . . . . . . : Tuesday, August 21, 2012 7:50:32 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 297315439
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-92-F6-CC-00-25-64-99-64-71
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{F4F393DD-D2E2-46CA-8697-0BD2083611E0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: unknown
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:4007:800::1007
74.125.239.3
74.125.239.1
74.125.239.0
74.125.239.14
74.125.239.6
74.125.239.8
74.125.239.2
74.125.239.4
74.125.239.9
74.125.239.5
74.125.239.7


Pinging google.com [74.125.239.7] with 32 bytes of data:
Reply from 74.125.239.7: bytes=32 time=13ms TTL=54
Reply from 74.125.239.7: bytes=32 time=12ms TTL=54

Ping statistics for 74.125.239.7:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms
Server: unknown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=627ms TTL=46
Reply from 98.139.183.24: bytes=32 time=634ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 627ms, Maximum = 634ms, Average = 630ms
Server: unknown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...b8 ac 6f 4b b4 c8 ......Intel® 82567LM-3 Gigabit Network Connection
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.146 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.146 276
192.168.1.146 255.255.255.255 On-link 192.168.1.146 276
192.168.1.255 255.255.255.255 On-link 192.168.1.146 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.146 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.146 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 276 fe80::/64 On-link
13 276 fe80::6419:b3a:dfc3:5e8/128
On-link
1 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Program Files\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 12 C:\Program Files\VMware\VMware Player\vsocklib.dll [346736] (VMware, Inc.)
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()
Catalog9 38 mswsock.dll [File Not found] ()
Catalog9 39 mswsock.dll [File Not found] ()
Catalog9 40 mswsock.dll [File Not found] ()
Catalog9 41 mswsock.dll [File Not found] ()
Catalog9 42 mswsock.dll [File Not found] ()
Catalog9 43 mswsock.dll [File Not found] ()
Catalog9 44 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/20/2012 00:40:56 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/19/2012 01:07:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/18/2012 11:13:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/16/2012 10:13:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/15/2012 04:28:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: ANT Agent.exe, version: 2.3.3.0, time stamp: 0x4f6cf3f8
Faulting module name: ANT Agent.exe, version: 2.3.3.0, time stamp: 0x4f6cf3f8
Exception code: 0xc0000417
Fault offset: 0x0002a380
Faulting process id: 0xf50
Faulting application start time: 0xANT Agent.exe0
Faulting application path: ANT Agent.exe1
Faulting module path: ANT Agent.exe2
Report Id: ANT Agent.exe3

Error: (08/15/2012 10:53:17 AM) (Source: Application Hang) (User: )
Description: The program msseces.exe version 4.0.1526.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1034

Start Time: 01cd7b0e2ea027d7

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (08/15/2012 10:48:30 AM) (Source: Application Hang) (User: )
Description: The program msseces.exe version 4.0.1526.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f1c

Start Time: 01cd7a30283802c6

Termination Time: 0

Application Path: C:\Program Files\Microsoft Security Client\msseces.exe

Report Id:

Error: (08/15/2012 00:38:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/14/2012 11:56:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.6117.5003, time stamp: 0x4f622ef8
Faulting module name: EXCEL.EXE, version: 14.0.6117.5003, time stamp: 0x4f622ef8
Exception code: 0xc0000005
Fault offset: 0x007e39b8
Faulting process id: 0x16e8
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

Error: (08/14/2012 10:57:16 AM) (Source: Bonjour Service) (User: )
Description: Local Hostname sandiego.local already in use; will try sandiego-2.local instead


System errors:
=============
Error: (08/19/2012 09:36:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1989.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/19/2012 09:36:49 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1989.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/19/2012 09:19:54 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/19/2012 09:19:54 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (08/19/2012 09:19:21 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (08/19/2012 09:19:17 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (08/19/2012 09:19:16 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:18:33 AM on ?8/?19/?2012 was unexpected.

Error: (08/19/2012 02:05:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1989.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/19/2012 02:05:17 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1989.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/18/2012 11:26:04 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.1989.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (08/20/2012 00:40:56 AM) (Source: SideBySide)(User: )
Description: NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest

Error: (08/19/2012 01:07:44 AM) (Source: SideBySide)(User: )
Description: NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest

Error: (08/18/2012 11:13:45 PM) (Source: SideBySide)(User: )
Description: NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest

Error: (08/16/2012 10:13:38 AM) (Source: SideBySide)(User: )
Description: NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest

Error: (08/15/2012 04:28:26 PM) (Source: Application Error)(User: )
Description: ANT Agent.exe2.3.3.04f6cf3f8ANT Agent.exe2.3.3.04f6cf3f8c00004170002a380f5001cd7b3da88aad5fC:\Program Files\Garmin\ANT Agent\ANT Agent.exeC:\Program Files\Garmin\ANT Agent\ANT Agent.exee94a86df-e730-11e1-830d-b8ac6f4bb4c8

Error: (08/15/2012 10:53:17 AM) (Source: Application Hang)(User: )
Description: msseces.exe4.0.1526.0103401cd7b0e2ea027d70C:\Program Files\Microsoft Security Client\msseces.exe

Error: (08/15/2012 10:48:30 AM) (Source: Application Hang)(User: )
Description: msseces.exe4.0.1526.0f1c01cd7a30283802c60C:\Program Files\Microsoft Security Client\msseces.exe

Error: (08/15/2012 00:38:28 AM) (Source: SideBySide)(User: )
Description: NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"C:\Program Files\Motorola Media Link\NMDllHost.exe.Manifest

Error: (08/14/2012 11:56:15 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.6117.50034f622ef8EXCEL.EXE14.0.6117.50034f622ef8c0000005007e39b816e801cd7a3b33f80690C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXEC:\PROGRA~1\MICROS~1\Office14\EXCEL.EXEb8bd10bc-e641-11e1-b72f-b8ac6f4bb4c8

Error: (08/14/2012 10:57:16 AM) (Source: Bonjour Service)(User: )
Description: Local Hostname sandiego.local already in use; will try sandiego-2.local instead


=========================== Installed Programs ============================

??????? 2.6
7-Zip 4.65
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
ActivePerl 5.10.1 Build 1007 (Version: 5.10.1007)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 9.5.2 (Version: 9.5.2)
Adobe Shockwave Player 11.5 (Version: 11.5.7.609)
Advanced SystemCare 5 (Version: 5.4.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Application Verifier (Version: 4.1.1078)
AVM Converter v1.0 (Version: 1.0.0.0)
Belarc Advisor 8.2 (Version: 8.2.7.6)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.30.1395.0)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.08057)
ConvertHelper 2.2
DebugBar v5.4.1 for Internet Explorer (remove only) (Version: 5.4.1)
Debugging Tools for Windows (x86) (Version: 6.12.2.633)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 2.1.0.0)
Dropbox (Version: 1.4.7)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
Flickr Uploadr 3.2.1
FLV Player (Version: 2.0.25)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.0.0202
FlyBase Genetic Interactions
Free Video Converter V 2.92 (Version: 2.92.0.0)
Gaggle Boss (04-2007)
Garmin ANT Agent (Version: 2.3.3)
Garmin USB Drivers (Version: 2.3.0.0)
GIMP 2.6.11 (Version: 2.6.11)
Google Apps (Version: 1.2.279.2381)
Google Chrome (Version: 21.0.1180.79)
Google Chrome Frame (Version: 21.0.1180.79)
Google Desktop (Version: 5.9.1005.12335)
Google Earth (Version: 6.1.0.5001)
Google Quick Search Box (Version: 1.2.1151.245)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
Google Updater (Version: 2.4.2166.3772)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
iCloud (Version: 1.1.0.40)
IETester v0.4.11 (remove only) (Version: 0.4.11)
ISB MeV
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 31 (Version: 6.0.310)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark Pro800-Pro900 Series
LifeSize Desktop 2.0 (Version: 2.0.2)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Maemo Flasher 3.5 (Version: 2.5.2.2)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK .NET Framework Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514) (Version: 7.1.30514)
Microsoft Windows SDK MSHelp (30514) (Version: 7.1.30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514) (Version: 7.1.30514)
MobileMe Control Panel (Version: 3.1.8.0)
Moto Helper Service (Version: 5.5)
MotoHelper 2.1.32 Driver 5.4.0 (Version: 2.1.32)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.2.8200.9)
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0)
Mototools Software Update (Version: 3.4.7)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mozilla Thunderbird (3.1.1) (Version: 3.1.1 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nokia Connectivity Cable Driver (Version: 7.1.16.0)
Octoshape add-in for Adobe Flash Player
PeptideAtlas GetProtein to Cytoscape
Picasa 3 (Version: 3.8)
PNY Movie Player
QuickTime (Version: 7.72.80.56)
R for Windows 2.15.0 (Version: 2.15.0)
Replay Converter 4 (Version: 4.07)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Safari (Version: 5.34.57.2)
ShoreTel Call Manager (Version: 14.41.4603.0)
Skyline (Version: 0.7.0.2556)
Skype Click to Call (Version: 5.9.9216)
Skype™ 5.9 (Version: 5.9.123)
SoundMAX (Version: 6.10.1.7260)
Spotify (Version: 0.8.4.93.gd9f49c35)
Tanbee Video to AMV Converter 3.8.90 (Version: 3.8.90)
tools-linux (Version: 8.4.6.16648)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
View phosphopeptides in Cytoscape
VMware Player (Version: 3.1.4.16648)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows SDK IntellisenseNFX (Version: 7.1.30514)
WinSCP 4.2.8 (Version: 4.2.8)
Xming-fonts 7.5.0.22 (Version: 7.5.0.22)
Xming 6.9.0.31 (Version: 6.9.0.31)
Yahoo! Detect
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 3581.61 MB
Available physical RAM: 2355.5 MB
Total Pagefile: 7161.5 MB
Available Pagefile: 5700.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.41 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:367.58 GB) (Free:253.15 GB) NTFS
2 Drive d: (INTEGRATED_CHINESE_LEVEL1_P) (CDROM) (Total:0.98 GB) (Free:0 GB) UDF
3 Drive e: (New Volume) (Fixed) (Total:97.66 GB) (Free:97.56 GB) NTFS
4 Drive f: (New Volume) (Fixed) (Total:0.23 GB) (Free:0.21 GB) NTFS

========================= Users: ========================================

User accounts for \\SANDIEGO

__vmware_user__ Administrator dcampbell
Guest repairman


**** End of log ****









Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Eureka! Shows issues with several security-related registry keys.

Farbar Service Scanner Version: 06-08-2012
Ran by dcampbell (administrator) on 20-08-2012 at 11:35:10
Running from "C:\Users\dcampbell\Desktop\SanDiegoHack"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




Download

adware cleaner

Launch it click on Delete

post the generated log


Done, not much here:

# AdwCleaner v1.801 - Logfile created 08/20/2012 at 09:17:37
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : dcampbell - SANDIEGO
# Boot Mode : Normal
# Running from : C:\Users\dcampbell\Desktop\Current\SanDiegoHack\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\dcampbell\AppData\Roaming\Mozilla\Firefox\Profiles\7l7a655b.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox|hxxps://mail.g[...]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\dcampbell\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "name": "Winamp Application Detector",
Found : "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [1222 octets] - [20/08/2012 09:15:55]
AdwCleaner[R2].txt - [1153 octets] - [20/08/2012 09:17:37]

########## EOF - C:\AdwCleaner[R2].txt - [1281 octets] ##########



Thanks again for your help.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:11 AM

Posted 20 August 2012 - 08:26 PM

Download

wscsvc
defender
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Edited by narenxp, 20 August 2012 - 08:29 PM.


#9 xucam

xucam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 August 2012 - 12:02 PM

I thought I posted this last night, guess I did preview post and neglected to submit.

Download

wscsvc
defender
BITS
Sharedaccess

Launch them ,click YES when you get UAC prompt

restart the PC


Done, although I have to run MSSE by policy and I think that means WinDefender won't run.

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Reset registry permissions
reset file permissions
Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair


Done, although I had a hard time figuring out just what I was supposed to download from the overly busy site.



Post the new FSS log


Looks clean, w00t:

Farbar Service Scanner Version: 06-08-2012
Ran by dcampbell (administrator) on 21-08-2012 at 00:46:15
Running from "C:\Users\dcampbell\Desktop\SanDiegoHack"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Likewise:

Rkill 2.2.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2012 12:49:22 AM in x86 mode.
Windows Version: Windows 7 Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* No issues found.

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]
* atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/21/2012 12:49:27 AM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)


Overall looks great, thanks for all your help.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:11 AM

Posted 21 August 2012 - 02:09 PM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users