Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection - Help required :-)


  • Please log in to reply
4 replies to this topic

#1 mcvpjd3

mcvpjd3

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 14 August 2012 - 06:25 PM

OK - My MSE stopped, my Windows firewall is disabled and I was getting the 60 second reboot issue.

I've managed to do a system restore to a few days ago (Thanks you windows update for doing System Restore points!!!)

After that MSE started working and picked up the Sirefef, and I managed to tell it to delete them.

So I've run the apps that I've seen people asked to run on other posts and here are the logs... any help appreciated.

TDS:

21:52:19.0595 2460 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:52:19.0848 2460 ============================================================
21:52:19.0848 2460 Current date / time: 2012/08/14 21:52:19.0848
21:52:19.0848 2460 SystemInfo:
21:52:19.0848 2460
21:52:19.0848 2460 OS Version: 6.1.7601 ServicePack: 1.0
21:52:19.0848 2460 Product type: Workstation
21:52:19.0848 2460 ComputerName: PATRICK3D
21:52:19.0848 2460 UserName: Patrick Doherty
21:52:19.0848 2460 Windows directory: C:\Windows
21:52:19.0848 2460 System windows directory: C:\Windows
21:52:19.0848 2460 Processor architecture: Intel x86
21:52:19.0848 2460 Number of processors: 4
21:52:19.0848 2460 Page size: 0x1000
21:52:19.0848 2460 Boot type: Normal boot
21:52:19.0848 2460 ============================================================
21:52:20.0924 2460 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:20.0939 2460 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:20.0954 2460 Drive \Device\Harddisk6\DR6 - Size: 0x3BBA00000 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:52:20.0956 2460 ============================================================
21:52:20.0956 2460 \Device\Harddisk0\DR0:
21:52:20.0956 2460 MBR partitions:
21:52:20.0956 2460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:52:20.0956 2460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
21:52:20.0956 2460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x5C066000
21:52:20.0956 2460 \Device\Harddisk1\DR1:
21:52:20.0956 2460 MBR partitions:
21:52:20.0956 2460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12C88461
21:52:20.0956 2460 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12C884A0, BlocksNum 0x61A7D521
21:52:20.0956 2460 \Device\Harddisk6\DR6:
21:52:20.0957 2460 MBR partitions:
21:52:20.0957 2460 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x978, BlocksNum 0x1DDC688
21:52:20.0957 2460 ============================================================
21:52:20.0990 2460 C: <-> \Device\Harddisk0\DR0\Partition2
21:52:21.0022 2460 D: <-> \Device\Harddisk0\DR0\Partition3
21:52:21.0032 2460 E: <-> \Device\Harddisk1\DR1\Partition1
21:52:21.0092 2460 F: <-> \Device\Harddisk1\DR1\Partition2
21:52:21.0092 2460 ============================================================
21:52:21.0092 2460 Initialize success
21:52:21.0092 2460 ============================================================
21:52:48.0018 2576 ============================================================
21:52:48.0018 2576 Scan started
21:52:48.0018 2576 Mode: Manual; TDLFS;
21:52:48.0018 2576 ============================================================
21:52:49.0086 2576 ================ Scan services =============================
21:52:49.0213 2576 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:52:49.0215 2576 1394ohci - ok
21:52:49.0230 2576 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:52:49.0233 2576 ACPI - ok
21:52:49.0250 2576 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:52:49.0251 2576 AcpiPmi - ok
21:52:49.0342 2576 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:49.0343 2576 AdobeARMservice - ok
21:52:49.0369 2576 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:52:49.0373 2576 adp94xx - ok
21:52:49.0386 2576 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:52:49.0389 2576 adpahci - ok
21:52:49.0400 2576 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:52:49.0402 2576 adpu320 - ok
21:52:49.0418 2576 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:52:49.0419 2576 AeLookupSvc - ok
21:52:49.0470 2576 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:52:49.0473 2576 AFD - ok
21:52:49.0482 2576 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
21:52:49.0483 2576 agp440 - ok
21:52:49.0495 2576 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:52:49.0496 2576 aic78xx - ok
21:52:49.0506 2576 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
21:52:49.0507 2576 ALG - ok
21:52:49.0510 2576 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:52:49.0511 2576 aliide - ok
21:52:49.0573 2576 ALSysIO - ok
21:52:49.0584 2576 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:52:49.0585 2576 amdagp - ok
21:52:49.0607 2576 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:52:49.0608 2576 amdide - ok
21:52:49.0629 2576 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:52:49.0630 2576 AmdK8 - ok
21:52:49.0649 2576 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:52:49.0650 2576 AmdPPM - ok
21:52:49.0662 2576 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:52:49.0663 2576 amdsata - ok
21:52:49.0692 2576 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:52:49.0694 2576 amdsbs - ok
21:52:49.0712 2576 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:52:49.0712 2576 amdxata - ok
21:52:49.0738 2576 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
21:52:49.0751 2576 AppID - ok
21:52:49.0768 2576 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:52:49.0769 2576 AppIDSvc - ok
21:52:49.0793 2576 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
21:52:49.0795 2576 Appinfo - ok
21:52:49.0837 2576 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:52:49.0838 2576 Apple Mobile Device - ok
21:52:49.0861 2576 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
21:52:49.0863 2576 AppMgmt - ok
21:52:49.0873 2576 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:52:49.0874 2576 arc - ok
21:52:49.0877 2576 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:52:49.0879 2576 arcsas - ok
21:52:49.0914 2576 [ 9d8cb58b9a9e177ddd599791a58a654d ] AsIO C:\Windows\system32\drivers\AsIO.sys
21:52:49.0915 2576 AsIO - ok
21:52:50.0011 2576 [ 776acefa0ca9df0faa51a5fb2f435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:52:50.0020 2576 aspnet_state - ok
21:52:50.0042 2576 [ 798a87b2d7ad73b16b7cd968c5d1f18f ] AsSysCtrlService C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
21:52:50.0043 2576 AsSysCtrlService - ok
21:52:50.0079 2576 [ e67493490466b5f04b58c22d2590e8ca ] AsUpIO C:\Windows\system32\drivers\AsUpIO.sys
21:52:50.0079 2576 AsUpIO - ok
21:52:50.0094 2576 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:50.0095 2576 AsyncMac - ok
21:52:50.0098 2576 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
21:52:50.0098 2576 atapi - ok
21:52:50.0127 2576 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:52:50.0131 2576 AudioEndpointBuilder - ok
21:52:50.0137 2576 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:52:50.0139 2576 Audiosrv - ok
21:52:50.0152 2576 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:52:50.0153 2576 AxInstSV - ok
21:52:50.0171 2576 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:52:50.0175 2576 b06bdrv - ok
21:52:50.0190 2576 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:52:50.0192 2576 b57nd60x - ok
21:52:50.0208 2576 bauyytsz - ok
21:52:50.0212 2576 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:52:50.0214 2576 BDESVC - ok
21:52:50.0232 2576 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:52:50.0233 2576 Beep - ok
21:52:50.0261 2576 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
21:52:50.0266 2576 BFE - ok
21:52:50.0307 2576 [ e585445d5021971fae10393f0f1c3961 ] BITS C:\Windows\System32\qmgr.dll
21:52:50.0319 2576 BITS - ok
21:52:50.0327 2576 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:52:50.0328 2576 blbdrive - ok
21:52:50.0351 2576 [ f2060a34c8a75bc24a9222eb4f8c07bd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:52:50.0354 2576 Bonjour Service - ok
21:52:50.0377 2576 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:52:50.0378 2576 bowser - ok
21:52:50.0382 2576 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:52:50.0383 2576 BrFiltLo - ok
21:52:50.0391 2576 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:52:50.0392 2576 BrFiltUp - ok
21:52:50.0421 2576 [ 6e11f33d14d020f58d5e02e4d67dfa19 ] Browser C:\Windows\System32\browser.dll
21:52:50.0423 2576 Browser - ok
21:52:50.0442 2576 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:52:50.0445 2576 Brserid - ok
21:52:50.0466 2576 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:52:50.0467 2576 BrSerWdm - ok
21:52:50.0475 2576 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:52:50.0476 2576 BrUsbMdm - ok
21:52:50.0482 2576 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:52:50.0483 2576 BrUsbSer - ok
21:52:50.0496 2576 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:52:50.0497 2576 BTHMODEM - ok
21:52:50.0519 2576 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
21:52:50.0520 2576 bthserv - ok
21:52:50.0534 2576 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:52:50.0553 2576 cdfs - ok
21:52:50.0578 2576 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:52:50.0579 2576 cdrom - ok
21:52:50.0593 2576 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
21:52:50.0594 2576 CertPropSvc - ok
21:52:50.0618 2576 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:52:50.0619 2576 circlass - ok
21:52:50.0637 2576 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
21:52:50.0640 2576 CLFS - ok
21:52:50.0669 2576 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:50.0671 2576 clr_optimization_v2.0.50727_32 - ok
21:52:50.0694 2576 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:50.0735 2576 clr_optimization_v4.0.30319_32 - ok
21:52:50.0749 2576 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:50.0750 2576 CmBatt - ok
21:52:50.0766 2576 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:52:50.0767 2576 cmdide - ok
21:52:50.0798 2576 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
21:52:50.0801 2576 CNG - ok
21:52:50.0809 2576 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:52:50.0810 2576 Compbatt - ok
21:52:50.0825 2576 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:52:50.0826 2576 CompositeBus - ok
21:52:50.0829 2576 COMSysApp - ok
21:52:50.0857 2576 [ c2eb4539a4f6ab6edd01bdc191619975 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
21:52:50.0857 2576 cpuz135 - ok
21:52:50.0861 2576 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:52:50.0862 2576 crcdisk - ok
21:52:50.0893 2576 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:52:50.0897 2576 CryptSvc - ok
21:52:50.0907 2576 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys
21:52:50.0910 2576 CSC - ok
21:52:50.0942 2576 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll
21:52:50.0948 2576 CscService - ok
21:52:50.0960 2576 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
21:52:50.0971 2576 DcomLaunch - ok
21:52:51.0001 2576 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:52:51.0005 2576 defragsvc - ok
21:52:51.0031 2576 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:52:51.0032 2576 DfsC - ok
21:52:51.0062 2576 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:52:51.0066 2576 Dhcp - ok
21:52:51.0074 2576 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
21:52:51.0075 2576 discache - ok
21:52:51.0081 2576 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:52:51.0082 2576 Disk - ok
21:52:51.0099 2576 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:52:51.0103 2576 Dnscache - ok
21:52:51.0131 2576 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:52:51.0135 2576 dot3svc - ok
21:52:51.0178 2576 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
21:52:51.0182 2576 DPS - ok
21:52:51.0194 2576 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:52:51.0195 2576 drmkaud - ok
21:52:51.0220 2576 [ 555e54ac2f601a8821cef58961653991 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:52:51.0221 2576 dtsoftbus01 - ok
21:52:51.0264 2576 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:52:51.0267 2576 DXGKrnl - ok
21:52:51.0313 2576 [ c3cdc19b715514200f5cec8be5b9c9a8 ] Dyn Updater C:\Program Files\Dyn Updater\DynUpSvc.exe
21:52:51.0315 2576 Dyn Updater - ok
21:52:51.0320 2576 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
21:52:51.0340 2576 EapHost - ok
21:52:51.0716 2576 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:52:51.0744 2576 ebdrv - ok
21:52:51.0768 2576 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
21:52:51.0777 2576 EFS - ok
21:52:51.0828 2576 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:52:51.0834 2576 ehRecvr - ok
21:52:51.0846 2576 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
21:52:51.0848 2576 ehSched - ok
21:52:51.0864 2576 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:52:51.0868 2576 elxstor - ok
21:52:51.0915 2576 [ abdd5ad016affd34ad40e944ce94bf59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
21:52:51.0916 2576 EpsonBidirectionalService - ok
21:52:51.0925 2576 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:52:51.0926 2576 ErrDev - ok
21:52:51.0953 2576 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
21:52:51.0958 2576 EventSystem - ok
21:52:51.0991 2576 [ 82e7eb9f12321052cd9a904b13724ee2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:52:51.0993 2576 ewusbnet - ok
21:52:52.0008 2576 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
21:52:52.0009 2576 exfat - ok
21:52:52.0024 2576 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:52:52.0026 2576 fastfat - ok
21:52:52.0061 2576 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
21:52:52.0068 2576 Fax - ok
21:52:52.0082 2576 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:52:52.0083 2576 fdc - ok
21:52:52.0104 2576 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
21:52:52.0108 2576 fdPHost - ok
21:52:52.0120 2576 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
21:52:52.0124 2576 FDResPub - ok
21:52:52.0137 2576 fgmkfozj - ok
21:52:52.0141 2576 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:52:52.0142 2576 FileInfo - ok
21:52:52.0163 2576 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:52:52.0175 2576 Filetrace - ok
21:52:52.0178 2576 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:52.0179 2576 flpydisk - ok
21:52:52.0190 2576 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:52:52.0192 2576 FltMgr - ok
21:52:52.0195 2576 fombacxk - ok
21:52:52.0212 2576 [ b3a5ec6b6b6673db7e87c2bcdbddc074 ] FontCache C:\Windows\system32\FntCache.dll
21:52:52.0244 2576 FontCache - ok
21:52:52.0268 2576 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:52.0269 2576 FontCache3.0.0.0 - ok
21:52:52.0283 2576 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:52:52.0284 2576 FsDepends - ok
21:52:52.0314 2576 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:52:52.0315 2576 Fs_Rec - ok
21:52:52.0327 2576 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:52:52.0328 2576 fvevol - ok
21:52:52.0346 2576 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:52:52.0348 2576 gagp30kx - ok
21:52:52.0350 2576 gdrv - ok
21:52:52.0380 2576 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:52:52.0381 2576 GEARAspiWDM - ok
21:52:52.0383 2576 GMSIPCI - ok
21:52:52.0408 2576 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:52:52.0420 2576 gpsvc - ok
21:52:52.0459 2576 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:52.0461 2576 gupdate - ok
21:52:52.0464 2576 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:52.0465 2576 gupdatem - ok
21:52:52.0499 2576 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:52:52.0501 2576 gusvc - ok
21:52:52.0504 2576 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:52:52.0505 2576 hcw85cir - ok
21:52:52.0553 2576 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:52:52.0559 2576 HdAudAddService - ok
21:52:52.0569 2576 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:52:52.0570 2576 HDAudBus - ok
21:52:52.0573 2576 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:52:52.0575 2576 HidBatt - ok
21:52:52.0578 2576 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:52:52.0580 2576 HidBth - ok
21:52:52.0583 2576 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:52:52.0584 2576 HidIr - ok
21:52:52.0588 2576 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\system32\hidserv.dll
21:52:52.0592 2576 hidserv - ok
21:52:52.0628 2576 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:52:52.0629 2576 HidUsb - ok
21:52:52.0645 2576 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:52:52.0651 2576 hkmsvc - ok
21:52:52.0703 2576 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:52:52.0709 2576 HomeGroupListener - ok
21:52:52.0751 2576 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:52:52.0761 2576 HomeGroupProvider - ok
21:52:52.0782 2576 [ 4bab16afc2b0029e09c67daa8ec722a2 ] hotcore3 C:\Windows\system32\drivers\hotcore3.sys
21:52:52.0783 2576 hotcore3 - ok
21:52:52.0799 2576 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:52:52.0801 2576 HpSAMD - ok
21:52:52.0880 2576 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:52:52.0890 2576 HTTP - ok
21:52:52.0936 2576 [ 348c3a9d01e68a0222a246346924aa55 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:52:52.0937 2576 hwdatacard - ok
21:52:52.0971 2576 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:52:52.0972 2576 hwpolicy - ok
21:52:53.0005 2576 [ 460b1945c3e6b0419a76e1b507b90b71 ] hwusbdev C:\Windows\system32\DRIVERS\ewusbdev.sys
21:52:53.0007 2576 hwusbdev - ok
21:52:53.0036 2576 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:52:53.0037 2576 i8042prt - ok
21:52:53.0075 2576 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:52:53.0079 2576 iaStorV - ok
21:52:53.0098 2576 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:53.0106 2576 idsvc - ok
21:52:53.0123 2576 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:52:53.0124 2576 iirsp - ok
21:52:53.0140 2576 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:52:53.0149 2576 IKEEXT - ok
21:52:53.0156 2576 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:52:53.0157 2576 intelide - ok
21:52:53.0169 2576 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:52:53.0170 2576 intelppm - ok
21:52:53.0187 2576 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:52:53.0192 2576 IPBusEnum - ok
21:52:53.0204 2576 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:53.0205 2576 IpFilterDriver - ok
21:52:53.0223 2576 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:52:53.0231 2576 iphlpsvc - ok
21:52:53.0250 2576 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:52:53.0252 2576 IPMIDRV - ok
21:52:53.0264 2576 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:52:53.0265 2576 IPNAT - ok
21:52:53.0321 2576 [ ca9d4b998bff311a539604ed87318fa0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:52:53.0328 2576 iPod Service - ok
21:52:53.0342 2576 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:52:53.0343 2576 IRENUM - ok
21:52:53.0348 2576 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:52:53.0350 2576 isapnp - ok
21:52:53.0367 2576 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:52:53.0370 2576 iScsiPrt - ok
21:52:53.0410 2576 [ 8d80c3e70065c0b58fea94781f506cc7 ] IT9135BDA C:\Windows\system32\Drivers\IT9135BDA.sys
21:52:53.0423 2576 IT9135BDA - ok
21:52:53.0434 2576 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:52:53.0435 2576 kbdclass - ok
21:52:53.0442 2576 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:52:53.0443 2576 kbdhid - ok
21:52:53.0451 2576 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
21:52:53.0456 2576 KeyIso - ok
21:52:53.0478 2576 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:52:53.0486 2576 KSecDD - ok
21:52:53.0530 2576 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:52:53.0551 2576 KSecPkg - ok
21:52:53.0577 2576 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
21:52:53.0586 2576 KtmRm - ok
21:52:53.0630 2576 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\system32\srvsvc.dll
21:52:53.0640 2576 LanmanServer - ok
21:52:53.0652 2576 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:52:53.0663 2576 LanmanWorkstation - ok
21:52:53.0787 2576 [ 3c879d04bb6466e2853c3155b635cc45 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:52:53.0848 2576 LeapFrog Connect Device Service - ok
21:52:53.0882 2576 [ 5cffda921fe0c9e9ebde3150d3c81594 ] Leapfrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
21:52:53.0884 2576 Leapfrog-USBLAN - ok
21:52:53.0886 2576 lkyqsadw - ok
21:52:53.0911 2576 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:52:53.0912 2576 lltdio - ok
21:52:53.0934 2576 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:52:53.0940 2576 lltdsvc - ok
21:52:53.0955 2576 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
21:52:53.0960 2576 lmhosts - ok
21:52:54.0017 2576 [ 0064d169ebedb52df391e3345bfa4a43 ] LMIGuardianSvc C:\Program Files\LogMeIn Ignition\LMIGuardianSvc.exe
21:52:54.0025 2576 LMIGuardianSvc - ok
21:52:54.0072 2576 [ 4f69faaabb7db0d43e327c0b6aab40fc ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
21:52:54.0072 2576 LMIInfo - ok
21:52:54.0106 2576 [ 175f50f37eeaa1d4d744bcccbb7cf68c ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
21:52:54.0107 2576 LMIMaint - ok
21:52:54.0125 2576 [ 4477689e2d8ae6b78ba34c9af4cc1ed1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
21:52:54.0126 2576 lmimirr - ok
21:52:54.0128 2576 LMIRfsClientNP - ok
21:52:54.0163 2576 [ 3faa563ddf853320f90259d455a01d79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
21:52:54.0164 2576 LMIRfsDriver - ok
21:52:54.0181 2576 [ 432618fa75b61059d2c57d6a7e55147a ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
21:52:54.0183 2576 LogMeIn - ok
21:52:54.0186 2576 lqkgffsf - ok
21:52:54.0207 2576 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:52:54.0219 2576 LSI_FC - ok
21:52:54.0233 2576 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:52:54.0234 2576 LSI_SAS - ok
21:52:54.0245 2576 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:52:54.0246 2576 LSI_SAS2 - ok
21:52:54.0256 2576 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:52:54.0258 2576 LSI_SCSI - ok
21:52:54.0261 2576 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
21:52:54.0263 2576 luafv - ok
21:52:54.0303 2576 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:52:54.0304 2576 MBAMProtector - ok
21:52:54.0486 2576 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:54.0509 2576 MBAMService - ok
21:52:54.0558 2576 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:52:54.0602 2576 Mcx2Svc - ok
21:52:54.0632 2576 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:52:54.0647 2576 megasas - ok
21:52:54.0684 2576 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:52:54.0700 2576 MegaSR - ok
21:52:54.0727 2576 [ 6cb347607891bd10c396a63762b6c439 ] MFX C:\Windows\system32\drivers\MFX.sys
21:52:54.0728 2576 Suspicious file (Hidden): C:\Windows\system32\drivers\MFX.sys. md5: 6cb347607891bd10c396a63762b6c439
21:52:54.0729 2576 MFX ( HiddenFile.Multi.Generic ) - warning
21:52:54.0729 2576 MFX - detected HiddenFile.Multi.Generic (1)
21:52:54.0756 2576 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
21:52:54.0790 2576 MMCSS - ok
21:52:54.0802 2576 [ f001861e5700ee84e2d4e52c712f4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:52:54.0803 2576 Modem - ok
21:52:54.0813 2576 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:52:54.0814 2576 monitor - ok
21:52:54.0840 2576 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:52:54.0841 2576 mouclass - ok
21:52:54.0857 2576 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:52:54.0858 2576 mouhid - ok
21:52:54.0879 2576 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:52:54.0881 2576 mountmgr - ok
21:52:54.0914 2576 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:52:54.0916 2576 MpFilter - ok
21:52:54.0929 2576 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:52:54.0931 2576 mpio - ok
21:52:54.0945 2576 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:52:54.0947 2576 mpsdrv - ok
21:52:54.0978 2576 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:52:54.0988 2576 MpsSvc - ok
21:52:55.0014 2576 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:52:55.0017 2576 MRxDAV - ok
21:52:55.0042 2576 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:55.0044 2576 mrxsmb - ok
21:52:55.0072 2576 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:55.0075 2576 mrxsmb10 - ok
21:52:55.0082 2576 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:55.0083 2576 mrxsmb20 - ok
21:52:55.0092 2576 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
21:52:55.0093 2576 msahci - ok
21:52:55.0114 2576 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:52:55.0116 2576 msdsm - ok
21:52:55.0120 2576 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
21:52:55.0127 2576 MSDTC - ok
21:52:55.0144 2576 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:52:55.0145 2576 Msfs - ok
21:52:55.0172 2576 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:52:55.0173 2576 mshidkmdf - ok
21:52:55.0182 2576 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:52:55.0183 2576 msisadrv - ok
21:52:55.0200 2576 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:52:55.0205 2576 MSiSCSI - ok
21:52:55.0208 2576 msiserver - ok
21:52:55.0215 2576 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:52:55.0217 2576 MSKSSRV - ok
21:52:55.0274 2576 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:52:55.0275 2576 MsMpSvc - ok
21:52:55.0291 2576 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:55.0292 2576 MSPCLOCK - ok
21:52:55.0308 2576 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:52:55.0310 2576 MSPQM - ok
21:52:55.0334 2576 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:52:55.0336 2576 MsRPC - ok
21:52:55.0344 2576 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:52:55.0345 2576 mssmbios - ok
21:52:55.0355 2576 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:52:55.0357 2576 MSTEE - ok
21:52:55.0385 2576 [ 00c7b2306f1ca5389a1ac6d1df9c2e25 ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
21:52:55.0387 2576 msvad_simple - ok
21:52:55.0400 2576 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:52:55.0406 2576 MTConfig - ok
21:52:55.0431 2576 [ cbe71c122434805cb73ffb6619f60598 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:52:55.0432 2576 MTsensor - ok
21:52:55.0443 2576 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:52:55.0444 2576 Mup - ok
21:52:55.0454 2576 [ 797bddfb4388c89e513b495cdf11bef5 ] mv2 C:\Windows\system32\DRIVERS\mv2.sys
21:52:55.0455 2576 mv2 - ok
21:52:55.0488 2576 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
21:52:55.0497 2576 napagent - ok
21:52:55.0514 2576 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:52:55.0518 2576 NativeWifiP - ok
21:52:55.0572 2576 [ e7c54812a2aaf43316eb6930c1ffa108 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:52:55.0579 2576 NDIS - ok
21:52:55.0591 2576 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:55.0592 2576 NdisCap - ok
21:52:55.0595 2576 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:55.0597 2576 NdisTapi - ok
21:52:55.0627 2576 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:55.0629 2576 Ndisuio - ok
21:52:55.0651 2576 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:55.0653 2576 NdisWan - ok
21:52:55.0659 2576 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:52:55.0660 2576 NDProxy - ok
21:52:55.0671 2576 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:52:55.0673 2576 NetBIOS - ok
21:52:55.0699 2576 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:52:55.0701 2576 NetBT - ok
21:52:55.0709 2576 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
21:52:55.0714 2576 Netlogon - ok
21:52:55.0725 2576 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
21:52:55.0734 2576 Netman - ok
21:52:55.0767 2576 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:52:55.0770 2576 NetMsmqActivator - ok
21:52:55.0773 2576 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:52:55.0774 2576 NetPipeActivator - ok
21:52:55.0787 2576 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
21:52:55.0796 2576 netprofm - ok
21:52:55.0800 2576 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:52:55.0801 2576 NetTcpActivator - ok
21:52:55.0804 2576 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:52:55.0805 2576 NetTcpPortSharing - ok
21:52:55.0837 2576 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:52:55.0838 2576 nfrd960 - ok
21:52:55.0866 2576 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:52:55.0868 2576 NisDrv - ok
21:52:55.0881 2576 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
21:52:55.0883 2576 NisSrv - ok
21:52:55.0935 2576 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:52:55.0942 2576 NlaSvc - ok
21:52:56.0033 2576 [ 085440078813949c51c33589557bfd29 ] NovacomD c:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
21:52:56.0033 2576 NovacomD - ok
21:52:56.0045 2576 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:52:56.0047 2576 Npfs - ok
21:52:56.0050 2576 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
21:52:56.0057 2576 nsi - ok
21:52:56.0063 2576 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:52:56.0064 2576 nsiproxy - ok
21:52:56.0121 2576 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:52:56.0131 2576 Ntfs - ok
21:52:56.0158 2576 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
21:52:56.0160 2576 Null - ok
21:52:56.0183 2576 [ e079302fc304cc3f8d444d770c1275d9 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:52:56.0185 2576 nusb3hub - ok
21:52:56.0197 2576 [ 456f7262604f85746919823f592b303c ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:52:56.0199 2576 nusb3xhc - ok
21:52:56.0225 2576 [ b5e37e31c053bc9950455a257526514b ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
21:52:56.0229 2576 NVENETFD - ok
21:52:56.0265 2576 [ 93c0f383b39b1f5fe7203e3270d4cf52 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:52:56.0267 2576 NVHDA - ok
21:52:56.0523 2576 [ 66b4bf606fcc7f0622d4a21bb1461089 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:52:56.0566 2576 nvlddmkm - ok
21:52:56.0615 2576 [ 1de923088878b495cd4219e47ba34eb8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
21:52:56.0617 2576 NVNET - ok
21:52:56.0637 2576 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:52:56.0649 2576 nvraid - ok
21:52:56.0661 2576 [ 02a9f366bcb94b286e34825b2094cb38 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:52:56.0662 2576 nvsmu - ok
21:52:56.0700 2576 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:52:56.0703 2576 nvstor - ok
21:52:56.0719 2576 [ 7ed4bcb509100617e42fcfeb8bc84770 ] NvStUSB C:\Windows\system32\DRIVERS\nvstusb.sys
21:52:56.0721 2576 NvStUSB - ok
21:52:56.0804 2576 [ d122f7c5f79c68868f5dc28cefeb2ecf ] nvsvc C:\Windows\system32\nvvsvc.exe
21:52:56.0820 2576 nvsvc - ok
21:52:56.0881 2576 [ 003cb0a155568b4a53a301f07c734233 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:52:56.0900 2576 nvUpdatusService - ok
21:52:56.0928 2576 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:52:56.0930 2576 nv_agp - ok
21:52:56.0952 2576 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:52:56.0953 2576 ohci1394 - ok
21:52:56.0973 2576 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:52:56.0983 2576 p2pimsvc - ok
21:52:57.0006 2576 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:52:57.0015 2576 p2psvc - ok
21:52:57.0028 2576 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:52:57.0030 2576 Parport - ok
21:52:57.0055 2576 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:52:57.0057 2576 partmgr - ok
21:52:57.0066 2576 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:52:57.0069 2576 Parvdm - ok
21:52:57.0093 2576 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:52:57.0101 2576 PcaSvc - ok
21:52:57.0128 2576 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
21:52:57.0130 2576 pci - ok
21:52:57.0138 2576 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
21:52:57.0139 2576 pciide - ok
21:52:57.0150 2576 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:52:57.0152 2576 pcmcia - ok
21:52:57.0176 2576 [ 5b6c11de7e839c05248ced8825470fef ] Pcouffin C:\Windows\system32\Drivers\Pcouffin.sys
21:52:57.0178 2576 Pcouffin - ok
21:52:57.0183 2576 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
21:52:57.0184 2576 pcw - ok
21:52:57.0201 2576 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:52:57.0207 2576 PEAUTH - ok
21:52:57.0234 2576 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:52:57.0249 2576 PeerDistSvc - ok
21:52:57.0323 2576 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
21:52:57.0359 2576 pla - ok
21:52:57.0470 2576 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:52:57.0487 2576 PlugPlay - ok
21:52:57.0573 2576 [ 3a2bdd76e7d2a5f40a7174793d1ba794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
21:52:57.0624 2576 PnkBstrA - ok
21:52:57.0650 2576 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:52:57.0665 2576 PNRPAutoReg - ok
21:52:57.0671 2576 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:52:57.0679 2576 PNRPsvc - ok
21:52:57.0696 2576 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:52:57.0703 2576 PolicyAgent - ok
21:52:57.0740 2576 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
21:52:57.0750 2576 Power - ok
21:52:57.0763 2576 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:52:57.0764 2576 PptpMiniport - ok
21:52:57.0777 2576 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:52:57.0778 2576 Processor - ok
21:52:57.0820 2576 [ 43ca4ccc22d52fb58e8988f0198851d0 ] ProfSvc C:\Windows\system32\profsvc.dll
21:52:57.0835 2576 ProfSvc - ok
21:52:57.0851 2576 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:52:57.0855 2576 ProtectedStorage - ok
21:52:57.0864 2576 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:52:57.0866 2576 Psched - ok
21:52:57.0899 2576 [ 681ae4f1927fe0fdeee2863f1684088d ] pwdrvio C:\Windows\system32\pwdrvio.sys
21:52:57.0906 2576 pwdrvio - ok
21:52:57.0939 2576 [ bc60895ce021309ebd887d2f22055654 ] pwdspio C:\Windows\system32\pwdspio.sys
21:52:57.0947 2576 pwdspio - ok
21:52:58.0028 2576 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:52:58.0042 2576 ql2300 - ok
21:52:58.0066 2576 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:52:58.0081 2576 ql40xx - ok
21:52:58.0085 2576 qquikpaq - ok
21:52:58.0124 2576 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
21:52:58.0133 2576 QWAVE - ok
21:52:58.0142 2576 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:52:58.0144 2576 QWAVEdrv - ok
21:52:58.0166 2576 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:52:58.0167 2576 RasAcd - ok
21:52:58.0189 2576 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:52:58.0190 2576 RasAgileVpn - ok
21:52:58.0201 2576 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
21:52:58.0209 2576 RasAuto - ok
21:52:58.0217 2576 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:58.0219 2576 Rasl2tp - ok
21:52:58.0231 2576 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
21:52:58.0241 2576 RasMan - ok
21:52:58.0249 2576 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:58.0251 2576 RasPppoe - ok
21:52:58.0262 2576 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:52:58.0264 2576 RasSstp - ok
21:52:58.0273 2576 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:52:58.0276 2576 rdbss - ok
21:52:58.0281 2576 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:52:58.0282 2576 rdpbus - ok
21:52:58.0300 2576 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:58.0301 2576 RDPCDD - ok
21:52:58.0310 2576 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:52:58.0312 2576 RDPDR - ok
21:52:58.0318 2576 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:52:58.0319 2576 RDPENCDD - ok
21:52:58.0327 2576 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:52:58.0328 2576 RDPREFMP - ok
21:52:58.0365 2576 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:52:58.0370 2576 RDPWD - ok
21:52:58.0402 2576 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:52:58.0404 2576 rdyboost - ok
21:52:58.0418 2576 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
21:52:58.0424 2576 RemoteAccess - ok
21:52:58.0431 2576 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:52:58.0439 2576 RemoteRegistry - ok
21:52:58.0464 2576 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:52:58.0472 2576 RpcEptMapper - ok
21:52:58.0492 2576 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
21:52:58.0496 2576 RpcLocator - ok
21:52:58.0510 2576 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
21:52:58.0519 2576 RpcSs - ok
21:52:58.0564 2576 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:52:58.0566 2576 rspndr - ok
21:52:58.0590 2576 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:52:58.0592 2576 s3cap - ok
21:52:58.0595 2576 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
21:52:58.0600 2576 SamSs - ok
21:52:58.0604 2576 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:52:58.0606 2576 sbp2port - ok
21:52:58.0609 2576 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:52:58.0619 2576 SCardSvr - ok
21:52:58.0639 2576 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:52:58.0641 2576 scfilter - ok
21:52:58.0673 2576 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
21:52:58.0688 2576 Schedule - ok
21:52:58.0709 2576 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
21:52:58.0710 2576 SCPolicySvc - ok
21:52:58.0724 2576 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:52:58.0733 2576 SDRSVC - ok
21:52:58.0748 2576 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:52:58.0750 2576 secdrv - ok
21:52:58.0755 2576 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
21:52:58.0763 2576 seclogon - ok
21:52:58.0770 2576 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\System32\sens.dll
21:52:58.0778 2576 SENS - ok
21:52:58.0794 2576 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:52:58.0802 2576 SensrSvc - ok
21:52:58.0806 2576 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:52:58.0808 2576 Serenum - ok
21:52:58.0818 2576 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:52:58.0820 2576 Serial - ok
21:52:58.0833 2576 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:52:58.0835 2576 sermouse - ok
21:52:58.0865 2576 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:52:58.0883 2576 SessionEnv - ok
21:52:58.0890 2576 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:52:58.0892 2576 sffdisk - ok
21:52:58.0895 2576 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:52:58.0896 2576 sffp_mmc - ok
21:52:58.0906 2576 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:52:58.0908 2576 sffp_sd - ok
21:52:58.0920 2576 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:52:58.0922 2576 sfloppy - ok
21:52:58.0955 2576 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:52:58.0961 2576 SharedAccess - ok
21:52:58.0973 2576 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:52:58.0985 2576 ShellHWDetection - ok
21:52:58.0996 2576 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:52:58.0997 2576 sisagp - ok
21:52:59.0018 2576 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:52:59.0020 2576 SiSRaid2 - ok
21:52:59.0034 2576 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:52:59.0036 2576 SiSRaid4 - ok
21:52:59.0055 2576 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:52:59.0056 2576 Smb - ok
21:52:59.0093 2576 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:52:59.0107 2576 SNMPTRAP - ok
21:52:59.0122 2576 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:52:59.0123 2576 spldr - ok
21:52:59.0191 2576 [ 866a43013535dc8587c258e43579c764 ] Spooler C:\Windows\System32\spoolsv.exe
21:52:59.0244 2576 Spooler - ok
21:52:59.0299 2576 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:52:59.0351 2576 sppsvc - ok
21:52:59.0382 2576 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:52:59.0390 2576 sppuinotify - ok
21:52:59.0429 2576 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:52:59.0433 2576 srv - ok
21:52:59.0439 2576 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:52:59.0443 2576 srv2 - ok
21:52:59.0447 2576 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:52:59.0449 2576 srvnet - ok
21:52:59.0461 2576 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:52:59.0471 2576 SSDPSRV - ok
21:52:59.0480 2576 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:52:59.0489 2576 SstpSvc - ok
21:52:59.0517 2576 [ 773940b8d50439391ffa619b3eef01a3 ] StatusAgent4 C:\Windows\system32\SAgent4.exe
21:52:59.0526 2576 StatusAgent4 - ok
21:52:59.0546 2576 Steam Client Service - ok
21:52:59.0636 2576 [ 9e1222c417291bc836210743624a8e5e ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:52:59.0652 2576 Stereo Service - ok
21:52:59.0668 2576 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:52:59.0669 2576 stexstor - ok
21:52:59.0704 2576 [ edb05bd63148796f23ea78506404a538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:52:59.0705 2576 StillCam - ok
21:52:59.0725 2576 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:52:59.0739 2576 StiSvc - ok
21:52:59.0750 2576 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:52:59.0752 2576 storflt - ok
21:52:59.0787 2576 [ 0bf669f0a910beda4a32258d363af2a5 ] StorSvc C:\Windows\system32\storsvc.dll
21:52:59.0796 2576 StorSvc - ok
21:52:59.0803 2576 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:52:59.0804 2576 storvsc - ok
21:52:59.0817 2576 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:52:59.0818 2576 swenum - ok
21:52:59.0830 2576 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
21:52:59.0841 2576 swprv - ok
21:52:59.0895 2576 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
21:52:59.0913 2576 SysMain - ok
21:52:59.0945 2576 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:52:59.0956 2576 TabletInputService - ok
21:52:59.0980 2576 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
21:52:59.0991 2576 TapiSrv - ok
21:53:00.0012 2576 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
21:53:00.0022 2576 TBS - ok
21:53:00.0077 2576 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:53:00.0088 2576 Tcpip - ok
21:53:00.0102 2576 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:53:00.0108 2576 TCPIP6 - ok
21:53:00.0120 2576 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:53:00.0130 2576 tcpipreg - ok
21:53:00.0156 2576 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:53:00.0158 2576 TDPIPE - ok
21:53:00.0181 2576 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:53:00.0183 2576 TDTCP - ok
21:53:00.0201 2576 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:53:00.0203 2576 tdx - ok
21:53:00.0208 2576 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:53:00.0210 2576 TermDD - ok
21:53:00.0233 2576 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
21:53:00.0246 2576 TermService - ok
21:53:00.0251 2576 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
21:53:00.0260 2576 Themes - ok
21:53:00.0272 2576 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
21:53:00.0278 2576 THREADORDER - ok
21:53:00.0284 2576 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
21:53:00.0294 2576 TrkWks - ok
21:53:00.0324 2576 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:53:00.0326 2576 TrustedInstaller - ok
21:53:00.0343 2576 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:00.0344 2576 tssecsrv - ok
21:53:00.0361 2576 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:53:00.0388 2576 TsUsbFlt - ok
21:53:00.0418 2576 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:53:00.0420 2576 tunnel - ok
21:53:00.0435 2576 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:53:00.0437 2576 uagp35 - ok
21:53:00.0453 2576 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:53:00.0456 2576 udfs - ok
21:53:00.0471 2576 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:53:00.0480 2576 UI0Detect - ok
21:53:00.0494 2576 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:53:00.0507 2576 uliagpkx - ok
21:53:00.0516 2576 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:53:00.0518 2576 umbus - ok
21:53:00.0547 2576 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:53:00.0549 2576 UmPass - ok
21:53:00.0594 2576 [ 409994a8eaceee4e328749c0353527a0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:53:00.0616 2576 UmRdpService - ok
21:53:00.0637 2576 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
21:53:00.0648 2576 upnphost - ok
21:53:00.0652 2576 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:00.0654 2576 usbccgp - ok
21:53:00.0683 2576 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:53:00.0685 2576 usbcir - ok
21:53:00.0710 2576 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:53:00.0711 2576 usbehci - ok
21:53:00.0720 2576 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:53:00.0724 2576 usbhub - ok
21:53:00.0758 2576 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:53:00.0772 2576 usbohci - ok
21:53:00.0778 2576 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:53:00.0780 2576 usbprint - ok
21:53:00.0790 2576 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:00.0791 2576 USBSTOR - ok
21:53:00.0804 2576 [ 78780c3ebce17405b1ccd07a3a8a7d72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:53:00.0806 2576 usbuhci - ok
21:53:00.0878 2576 [ 50676f61c6a44a3b25fb29a18a7cba95 ] uvnc_service C:\Program Files\UltraVNC\WinVNC.exe
21:53:00.0901 2576 uvnc_service - ok
21:53:00.0905 2576 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
21:53:00.0914 2576 UxSms - ok
21:53:00.0918 2576 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
21:53:00.0923 2576 VaultSvc - ok
21:53:00.0930 2576 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:53:00.0933 2576 vdrvroot - ok
21:53:00.0963 2576 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
21:53:00.0976 2576 vds - ok
21:53:00.0979 2576 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:00.0981 2576 vga - ok
21:53:00.0993 2576 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:53:00.0994 2576 VgaSave - ok
21:53:01.0018 2576 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:53:01.0021 2576 vhdmp - ok
21:53:01.0033 2576 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:53:01.0035 2576 viaagp - ok
21:53:01.0039 2576 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:53:01.0050 2576 ViaC7 - ok
21:53:01.0129 2576 [ dc56a867a2d92e1c51cb6d3f9c540548 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:53:01.0139 2576 VIAHdAudAddService - ok
21:53:01.0146 2576 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
21:53:01.0148 2576 viaide - ok
21:53:01.0157 2576 [ c2f2911156fdc7817c52829c86da494e ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:53:01.0159 2576 vmbus - ok
21:53:01.0190 2576 [ d4d77455211e204f370d08f4963063ce ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:53:01.0279 2576 VMBusHID - ok
21:53:01.0323 2576 [ 817da66b1b889fad1dbf669e0e2f3228 ] vmm C:\Windows\system32\Drivers\vmm.sys
21:53:01.0325 2576 vmm - ok
21:53:01.0355 2576 [ 48007916b1d0dab3e6c0d701de7c4afb ] VNA C:\Windows\system32\DRIVERS\vna.sys
21:53:01.0358 2576 VNA - ok
21:53:01.0380 2576 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:53:01.0382 2576 volmgr - ok
21:53:01.0466 2576 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:53:01.0496 2576 volmgrx - ok
21:53:01.0510 2576 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:53:01.0513 2576 volsnap - ok
21:53:01.0571 2576 [ 2abe8281db609d8bb1bd1b2f93800d5f ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
21:53:01.0573 2576 VPCNetS2 - ok
21:53:01.0590 2576 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:53:01.0593 2576 vsmraid - ok
21:53:01.0630 2576 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
21:53:01.0715 2576 VSS - ok
21:53:01.0722 2576 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:53:01.0724 2576 vwifibus - ok
21:53:01.0726 2576 vxplfhqs - ok
21:53:01.0752 2576 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:53:01.0776 2576 WacomPen - ok
21:53:01.0799 2576 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:53:01.0808 2576 WANARP - ok
21:53:01.0815 2576 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:53:01.0817 2576 Wanarpv6 - ok
21:53:01.0842 2576 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:53:01.0855 2576 WatAdminSvc - ok
21:53:01.0879 2576 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
21:53:01.0893 2576 wbengine - ok
21:53:01.0923 2576 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:53:01.0936 2576 WbioSrvc - ok
21:53:01.0960 2576 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:53:01.0972 2576 wcncsvc - ok
21:53:01.0985 2576 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:53:01.0994 2576 WcsPlugInService - ok
21:53:02.0007 2576 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:53:02.0009 2576 Wd - ok
21:53:02.0021 2576 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:53:02.0026 2576 Wdf01000 - ok
21:53:02.0034 2576 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:53:02.0044 2576 WdiServiceHost - ok
21:53:02.0046 2576 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:53:02.0056 2576 WdiSystemHost - ok
21:53:02.0084 2576 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
21:53:02.0094 2576 WebClient - ok
21:53:02.0108 2576 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:53:02.0119 2576 Wecsvc - ok
21:53:02.0133 2576 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:53:02.0145 2576 wercplsupport - ok
21:53:02.0158 2576 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:53:02.0167 2576 WerSvc - ok
21:53:02.0175 2576 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:02.0176 2576 WfpLwf - ok
21:53:02.0196 2576 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:53:02.0198 2576 WIMMount - ok
21:53:02.0278 2576 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:53:02.0284 2576 WinDefend - ok
21:53:02.0301 2576 WinHttpAutoProxySvc - ok
21:53:02.0351 2576 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:53:02.0371 2576 Winmgmt - ok
21:53:02.0409 2576 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
21:53:02.0435 2576 WinRM - ok
21:53:02.0451 2576 [ a67e5f9a400f3bd1be3d80613b45f708 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
21:53:02.0453 2576 winusb - ok
21:53:02.0487 2576 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:53:02.0511 2576 Wlansvc - ok
21:53:02.0579 2576 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:02.0602 2576 wlidsvc - ok
21:53:02.0617 2576 [ 5d410936831f7fb58eff941eac3f6d3d ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
21:53:02.0619 2576 WmBEnum - ok
21:53:02.0629 2576 [ 7a13cfde92956ca61a0927d766c5ad4f ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
21:53:02.0630 2576 WmFilter - ok
21:53:02.0661 2576 [ 1f596392149cac51f7c095af7d533934 ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
21:53:02.0663 2576 WmHidLo - ok
21:53:02.0686 2576 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:53:02.0687 2576 WmiAcpi - ok
21:53:02.0710 2576 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:53:02.0713 2576 wmiApSrv - ok
21:53:02.0748 2576 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:53:02.0758 2576 WMPNetworkSvc - ok
21:53:02.0761 2576 [ 6f04646bc690f8bbfc344be32a60796d ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
21:53:02.0763 2576 WmVirHid - ok
21:53:02.0770 2576 [ 1d6ca43d562333f4dfb40bcef2453f3a ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
21:53:02.0771 2576 WmXlCore - ok
21:53:02.0858 2576 [ 017695393afffed8de58abd1b085be6d ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
21:53:02.0874 2576 WMZuneComm - ok
21:53:02.0892 2576 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:53:02.0903 2576 WPCSvc - ok
21:53:02.0930 2576 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:53:02.0944 2576 WPDBusEnum - ok
21:53:02.0947 2576 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:53:02.0950 2576 ws2ifsl - ok
21:53:02.0980 2576 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:53:02.0990 2576 wscsvc - ok
21:53:02.0993 2576 WSearch - ok
21:53:03.0104 2576 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
21:53:03.0138 2576 wuauserv - ok
21:53:03.0173 2576 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:53:03.0176 2576 WudfPf - ok
21:53:03.0202 2576 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:03.0204 2576 WUDFRd - ok
21:53:03.0214 2576 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:53:03.0225 2576 wudfsvc - ok
21:53:03.0254 2576 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:53:03.0266 2576 WwanSvc - ok
21:53:03.0754 2576 [ 1076df9ade4e13ea3bf39d2165aeb903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
21:53:03.0880 2576 ZuneNetworkSvc - ok
21:53:03.0938 2576 [ de1cdb333a402b279f04d627122fa08e ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
21:53:03.0943 2576 ZuneWlanCfgSvc - ok
21:53:03.0948 2576 ================ Scan global ===============================
21:53:03.0982 2576 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
21:53:04.0006 2576 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
21:53:04.0020 2576 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
21:53:04.0035 2576 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
21:53:04.0067 2576 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
21:53:04.0077 2576 [Global] - ok
21:53:04.0078 2576 ================ Scan MBR ==================================
21:53:04.0089 2576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:53:04.0634 2576 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:53:04.0635 2576 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:53:04.0637 2576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:53:04.0862 2576 \Device\Harddisk1\DR1 - ok
21:53:04.0868 2576 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk6\DR6
21:53:05.0060 2576 \Device\Harddisk6\DR6 - ok
21:53:05.0060 2576 ================ Scan VBR ==================================
21:53:05.0062 2576 Boot (0x1200) (bd81e3faf6879fdc01f0821d6f6e2553) \Device\Harddisk0\DR0\Partition1
21:53:05.0063 2576 \Device\Harddisk0\DR0\Partition1 - ok
21:53:05.0078 2576 Boot (0x1200) (d058cdec2647cc1ebae546fad7124550) \Device\Harddisk0\DR0\Partition2
21:53:05.0079 2576 \Device\Harddisk0\DR0\Partition2 - ok
21:53:05.0091 2576 Boot (0x1200) (700e88cee7c8f3cc9e148a0b64e956e5) \Device\Harddisk0\DR0\Partition3
21:53:05.0092 2576 \Device\Harddisk0\DR0\Partition3 - ok
21:53:05.0094 2576 Boot (0x1200) (3ed06c7d1bde60f37eaa5ad4c9ce9d26) \Device\Harddisk1\DR1\Partition1
21:53:05.0095 2576 \Device\Harddisk1\DR1\Partition1 - ok
21:53:05.0105 2576 Boot (0x1200) (0a691c35ab98bc5fa26cd8b76f2e5a74) \Device\Harddisk1\DR1\Partition2
21:53:05.0105 2576 \Device\Harddisk1\DR1\Partition2 - ok
21:53:05.0111 2576 Boot (0x1200) (eab9015edec9a6ffd1f958d5263ed8f7) \Device\Harddisk6\DR6\Partition1
21:53:05.0114 2576 \Device\Harddisk6\DR6\Partition1 - ok
21:53:05.0114 2576 ============================================================
21:53:05.0114 2576 Scan finished
21:53:05.0114 2576 ============================================================
21:53:05.0121 3932 Detected object count: 2
21:53:05.0121 3932 Actual detected object count: 2
21:53:26.0339 3932 MFX ( HiddenFile.Multi.Generic ) - skipped by user
21:53:26.0339 3932 MFX ( HiddenFile.Multi.Generic ) - User select action: Skip
21:53:26.0339 3932 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:53:26.0339 3932 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:53:51.0480 0172 Deinitialize success



aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 21:54:03
-----------------------------
21:54:03.189 OS Version: Windows 6.1.7601 Service Pack 1
21:54:03.189 Number of processors: 4 586 0x403
21:54:03.205 ComputerName: PATRICK3D UserName:
21:54:22.509 Initialize success
22:18:58.347 AVAST engine defs: 12081401
22:21:40.282 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
22:21:40.284 Disk 0 Vendor: WDC_WD10EALS-00Z8A0 05.01D05 Size: 953869MB BusType: 3
22:21:40.286 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-7
22:21:40.288 Disk 1 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
22:21:40.296 Disk 0 MBR read successfully
22:21:40.298 Disk 0 MBR scan
22:21:40.301 Disk 0 Windows 7 default MBR code
22:21:40.304 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:21:40.336 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 199899 MB offset 206848
22:21:40.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 753868 MB offset 409600000
22:21:40.398 Disk 0 scanning sectors +1953521664
22:21:40.511 Disk 0 scanning C:\Windows\system32\drivers
22:21:57.633 File: C:\Windows\system32\drivers\mfx.sys **HIDDEN**
22:21:57.963 Service scanning
22:22:32.873 Modules scanning
22:22:42.450 Disk 0 trace - called modules:
22:22:42.469 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
22:22:42.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87803648]
22:22:42.476 3 CLASSPNP.SYS[8cfad59e] -> nt!IofCallDriver -> [0x876ad7e0]
22:22:42.480 5 ACPI.sys[84a343d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x87309030]
22:22:43.653 AVAST engine scan C:\Windows
22:22:48.371 AVAST engine scan C:\Windows\system32
22:28:04.198 AVAST engine scan C:\Windows\system32\drivers
22:28:20.127 File: C:\Windows\system32\drivers\mfx.sys **HIDDEN**
22:28:20.405 AVAST engine scan C:\Users\Patrick Doherty
22:28:44.386 Disk 0 MBR has been saved successfully to "K:\Sirefef\MBR.dat"
22:28:44.403 The log file has been saved successfully to "K:\Sirefef\aswMBR.txt"


and the ESET Scan is still going and may be a while, I'll post that here when it finishes, so far it has found 8 infected files - no sign of Sirefef in there so far.

BC AdBot (Login to Remove)

 


#2 mcvpjd3

mcvpjd3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 August 2012 - 01:28 AM

Eset Results:

C:\Temp\la12.exe a variant of Win32/Injector.VDU trojan deleted - quarantined
C:\Users\Patrick Doherty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\447ea2d6-5b3eb8ad a variant of Win32/Injector.VDU trojan deleted - quarantined
C:\Users\Patrick Doherty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1f56cd19-71d8b7de a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined
C:\Users\Patrick Doherty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\1fc2bb9f-60d01c06 probably a variant of Java/Exploit.CVE-2011-3544.AZ trojan cleaned by deleting - quarantined
D:\Download\coretemp\coretemp_1236.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
D:\Download\winzip\WinZip.exe probably a variant of Win32/Agent.LXXBHZT trojan cleaned by deleting - quarantined
D:\Games7\Codemasters\DiRT 3\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined
D:\Games7\Codemasters\DiRT 3\SKIDROW.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined


Thanks for looking...

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:01 PM

Posted 15 August 2012 - 02:36 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#4 mcvpjd3

mcvpjd3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 August 2012 - 03:29 PM

As requested....


Malware Byte report:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Patrick Doherty :: PATRICK3D [administrator]

Protection: Enabled

15/08/2012 20:06:45
mbam-log-2012-08-15 (20-06-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 424030
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



MINITOOLBOX:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Patrick Doherty (administrator) on 15-08-2012 at 21:24:10
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 127.0.0.1:80

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.0.1 publish=Yes
set interface interface="Local Area Connection* 7-QoS Packet Scheduler-0000" forwarding=disabled advertise=disabled metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection 3" address=169.254.76.1 mask=255.255.255.0
add address name="Local Area Connection" address=192.168.0.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : PATRICK3D
Primary Dns Suffix . . . . . . . : thestakes.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : thestakes.local


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet
Physical Address. . . . . . . . . : BC-AE-C5-2B-A9-F5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.250
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B10E6900-A374-412D-9A80-FE13ED0EA597}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: server3.thestakes.local
Address: 192.168.0.250

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 2a00:1450:4009:802::1006
173.194.34.72
173.194.34.73
173.194.34.78
173.194.34.64
173.194.34.65
173.194.34.66
173.194.34.67
173.194.34.68
173.194.34.69
173.194.34.70
173.194.34.71


Pinging google.com [173.194.34.72] with 32 bytes of data:
Reply from 173.194.34.72: bytes=32 time=27ms TTL=51
Reply from 173.194.34.72: bytes=32 time=25ms TTL=52

Ping statistics for 173.194.34.72:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 27ms, Average = 26ms
Server: server3.thestakes.local
Address: 192.168.0.250

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=255ms TTL=43
Reply from 98.138.253.109: bytes=32 time=199ms TTL=44

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 199ms, Maximum = 255ms, Average = 227ms
Server: server3.thestakes.local
Address: 192.168.0.250

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...bc ae c5 2b a9 f5 ......NVIDIA nForce 10/100/1000 Mbps Ethernet
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 266
192.168.0.2 255.255.255.255 On-link 192.168.0.2 266
192.168.0.255 255.255.255.255 On-link 192.168.0.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/14/2012 09:08:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (08/14/2012 09:05:34 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.
.

Error: (08/14/2012 09:00:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff93f
Faulting module name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff93f
Exception code: 0xc0000005
Fault offset: 0x0002e9da
Faulting process id: 0xaec
Faulting application start time: 0xCore Temp.exe0
Faulting application path: Core Temp.exe1
Faulting module path: Core Temp.exe2
Report Id: Core Temp.exe3

Error: (08/14/2012 00:16:43 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1494

Start Time: 01cd79fef64a29d0

Termination Time: 43

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/08/2012 10:42:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff93f
Faulting module name: Core Temp.exe, version: 1.0.0.0, time stamp: 0x4e5ff93f
Exception code: 0xc0000005
Fault offset: 0x00029728
Faulting process id: 0xd78
Faulting application start time: 0xCore Temp.exe0
Faulting application path: Core Temp.exe1
Faulting module path: Core Temp.exe2
Report Id: Core Temp.exe3

Error: (08/06/2012 01:36:49 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1724

Start Time: 01cd731da1f70250

Termination Time: 38

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/05/2012 00:22:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: javaw.exe, version: 6.0.290.11, time stamp: 0x4e897ca0
Faulting module name: java.dll, version: 6.0.290.11, time stamp: 0x4e89b321
Exception code: 0xc0000005
Fault offset: 0x00004e0a
Faulting process id: 0xa74
Faulting application start time: 0xjavaw.exe0
Faulting application path: javaw.exe1
Faulting module path: javaw.exe2
Report Id: javaw.exe3

Error: (08/02/2012 11:46:24 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl20502a52.

System Error:
The system cannot find the file specified.
.

Error: (07/31/2012 09:32:32 PM) (Source: Application Hang) (User: )
Description: The program steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a48

Start Time: 01cd6f5b42742f30

Termination Time: 0

Application Path: D:\Games7\Steam\steam.exe

Report Id: d9223801-db4e-11e1-bd7e-bcaec52ba9f5

Error: (07/31/2012 09:29:51 PM) (Source: Application Hang) (User: )
Description: The program Steam.exe version 1.0.1065.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1604

Start Time: 01cd6ef5f49ccca0

Termination Time: 34

Application Path: D:\Games7\Steam\Steam.exe

Report Id: 77cd49a1-db4e-11e1-bd7e-bcaec52ba9f5


System errors:
=============
Error: (08/15/2012 09:19:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %HackTool:Win32/Keygen60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%HackTool:Win32/Keygen603

Name: HackTool:Win32/Keygen

ID: 2147593794

Severity: %HackTool:Win32/Keygen600

Category: %HackTool:Win32/Keygen602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %HackTool:Win32/Keygen608

User: {CBA38E05-223D-4855-B908-AE3F018ADCDC}9

Process Name: %HackTool:Win32/Keygen609

Action: {CBA38E05-223D-4855-B908-AE3F018ADCDC}1

Action Status: {CBA38E05-223D-4855-B908-AE3F018ADCDC}8

Error Code: {CBA38E05-223D-4855-B908-AE3F018ADCDC}3

Error description: {CBA38E05-223D-4855-B908-AE3F018ADCDC}4

Signature Version: 2012-08-15T09:02:17.654Z1

Engine Version: 2012-08-15T09:02:17.654Z2

Error: (08/15/2012 09:19:08 PM) (Source: Microsoft Antimalware) (User: )
Description: %Trojan:Win32/Provis!rts60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Trojan:Win32/Provis!rts603

Name: Trojan:Win32/Provis!rts

ID: 2147625181

Severity: %Trojan:Win32/Provis!rts600

Category: %Trojan:Win32/Provis!rts602

Path: 4.0.1526.02

Detection Origin: 4.0.1526.04

Detection Type: 4.0.1526.08

Detection Source: %Trojan:Win32/Provis!rts608

User: {B72781F9-42E3-4DCC-8BE0-40B99D2059C7}9

Process Name: %Trojan:Win32/Provis!rts609

Action: {B72781F9-42E3-4DCC-8BE0-40B99D2059C7}1

Action Status: {B72781F9-42E3-4DCC-8BE0-40B99D2059C7}8

Error Code: {B72781F9-42E3-4DCC-8BE0-40B99D2059C7}3

Error description: {B72781F9-42E3-4DCC-8BE0-40B99D2059C7}4

Signature Version: 2012-08-15T09:02:16.603Z1

Engine Version: 2012-08-15T09:02:16.603Z2

Error: (08/15/2012 07:27:09 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to read the file \\thestakes.local\sysvol\thestakes.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
B) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

Error: (08/15/2012 07:26:35 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (08/15/2012 07:26:35 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (08/15/2012 07:26:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Event Log service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/15/2012 07:26:35 AM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (08/15/2012 07:26:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Audio service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/15/2012 00:18:25 AM) (Source: Service Control Manager) (User: )
Description: The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/15/2012 00:18:25 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (08/14/2012 09:08:29 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.

Error: (08/14/2012 09:05:34 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
The RPC server is unavailable.

Error: (08/14/2012 09:00:19 PM) (Source: Application Error)(User: )
Description: Core Temp.exe1.0.0.04e5ff93fCore Temp.exe1.0.0.04e5ff93fc00000050002e9daaec01cd7a574e199fd0C:\Program Files\Core Temp\Core Temp.exeC:\Program Files\Core Temp\Core Temp.exeabff6f30-e64a-11e1-9df0-bcaec52ba9f5

Error: (08/14/2012 00:16:43 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16447149401cd79fef64a29d043C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/08/2012 10:42:55 AM) (Source: Application Error)(User: )
Description: Core Temp.exe1.0.0.04e5ff93fCore Temp.exe1.0.0.04e5ff93fc000000500029728d7801cd754a1e27f810C:\Program Files\Core Temp\Core Temp.exeC:\Program Files\Core Temp\Core Temp.exe6d7e35a0-e13d-11e1-be6c-bcaec52ba9f5

Error: (08/06/2012 01:36:49 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16447172401cd731da1f7025038C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/05/2012 00:22:03 PM) (Source: Application Error)(User: )
Description: javaw.exe6.0.290.114e897ca0java.dll6.0.290.114e89b321c000000500004e0aa7401cd72fc8850dbd0C:\Program Files\Java\jre6\bin\javaw.exeC:\Program Files\Java\jre6\bin\java.dllc7b140d0-deef-11e1-be68-bcaec52ba9f5

Error: (08/02/2012 11:46:24 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl20502a52.

System Error:
The system cannot find the file specified.

Error: (07/31/2012 09:32:32 PM) (Source: Application Hang)(User: )
Description: steam.exe1.0.1065.11a4801cd6f5b42742f300D:\Games7\Steam\steam.exed9223801-db4e-11e1-bd7e-bcaec52ba9f5

Error: (07/31/2012 09:29:51 PM) (Source: Application Hang)(User: )
Description: Steam.exe1.0.1065.11160401cd6ef5f49ccca034D:\Games7\Steam\Steam.exe77cd49a1-db4e-11e1-bd7e-bcaec52ba9f5


=========================== Installed Programs ============================

3 WiFi Manager (Version: 11.302.04.08.156)
7-Zip 9.20
AC3Filter 1.62b (Version: 1.62b)
Activision® (Version: 1.00.0000)
Adobe AIR (Version: 3.3.0.3650)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.270)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Allied Intent Xtended 2.0 (Version: 2.0)
Amazon MP3 Downloader 1.0.9
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
ARMA 2 Operation Arrowhead Uninstall
Battlefield 2™
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.118.0)
BattlEye Uninstall
BF2SP64 v1.05 (Version: 1.05)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Black & White® 2 (Version: 1.00.0000)
Blur™ (Version: 1.00.0000)
Bonjour (Version: 2.0.5.0)
Call of Duty 4 Modern Warfare
Call of Duty: Black Ops
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Dedicated Server
Call of Duty: Modern Warfare 3 - Multiplayer
CCleaner (Version: 3.20)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0)
Command & Conquer Generals (Version: 0.50.0000)
Command & Conquer™ 4 Tiberian Twilight (Version: 1.0.0.0)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
Core Temp 1.0 RC2 (Version: 1.0)
CPUID HWMonitor 1.17
Creeper World (Version: 0572)
Creeper World (Version: 255)
Creeper World 2 (Version: 4.97.0)
DAEMON Tools Lite (Version: 4.40.2.0131)
DAEMON Tools Toolbar (Version: 1.1.4.0024)
Dark Alleys: Penumbra Motel
Darkness Within: Collector's Edition 1.00
Defraggler (Version: 2.10)
Dell Driver Download Manager (Version: 2.1.0.0)
DiRT 3 (Version: 1.0.0000.130)
DivX Setup (Version: 2.6.0.34)
Dual-Core Optimizer (Version: 1.1.4.0169)
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.9.0
DVDFab 8.0.5.0 (18/11/2010)
Dyn Updater (Version: 4.1.10)
eags on! 0.8.81 (Version: 0.8.81)
Echoes of the Past: Royal House of Stone
Echoes of the Past: The Castle of Shadows
Echoes of the Past: The Citadels of Time
Enigmatis: The Ghosts of Maple Creek
EPSON Scan
EPSON SX420W Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.4)
FairUse Wizard 2 (Version: (v2.8))
Fallout New Vegas
Fantastic Creations: House of Brass
FEAR (Version: 1.00.0000)
FEAR Perseus Mandate (Version: 1.00.0000)
FileZilla Client 3.5.0 (Version: 3.5.0)
Flickr Uploadr 3.2.1
From Dust
Google Chrome (Version: 13.3.3696)
Google Earth (Version: 6.1.0.5001)
Google Talk (remove only)
Google Update Helper (Version: 1.3.21.115)
Gravely Silent: House of Deadlock
Grim Tales: The Bride
Haali Media Splitter
Hallowed Legends: Samhain
Halo 2 for Windows Vista
Halo 2 for Windows Vista (Version: 1.0.0.0)
Haunted Manor: Lord of Mirrors
Hidden Expedition: The Uncharted Islands Collector's Edition
Hidden Mysteries &reg;: Buckingham Palace ™
House of 1000 Doors: The Palm of Zoroaster
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 24.0.342.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
iDailyDiary 3.81
ImgBurn (Version: 2.5.6.0)
Infected: The Twin Vaccine
IP Camera
iTunes (Version: 10.2.2.12)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
KiSS PC-Link 3.0.5 (Version: 3.0.5)
Kremlin 2.21
KWorld Multimedia -- RC Utility Utilities
KWorld USB DVB-T BDA Driver
LeapFrog Connect (Version: 3.2.19.13664)
LeapFrog LeapPad Explorer Plugin (Version: 3.2.22.13714)
Logitech Gaming Software 5.10 (Version: 5.10.127)
LogMeIn (Version: 4.1.1578)
LogMeIn Ignition (Version: 1.2.244)
Lost Realms: Legacy of the Sun Princess
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Virtual PC 2007 SP1 (Version: 6.0.192.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Midnight Mysteries: Salem Witch Trials
Midnight Mysteries: The Edgar Allan Poe Conspiracy
MiniTool Partition Wizard Home Edition 7.1
Mozilla Thunderbird (2.0.0.23) (Version: 2.0.0.23 (en-GB))
MSI Afterburner 2.0.0 Beta 4 (Version: 2.0.0 Beta 4)
Mystery Case Files &reg;: 13th Skull ™ Collector's Edition
Mystery Case Files &reg;: Dire Grove ™
Mystery Case Files&reg;: Escape from Ravenhearst™
Mystery Case Files: Madame Fate &reg;
Mystery Case Files: Ravenhearst &reg;
Mystery Case Files: Return to Ravenhearst ™
Mystery Trackers: Black Isle
Mystery Trackers: Raincliff
Mystery Trackers: The Void Collector's Edition
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0)
Need for Speed™ Hot Pursuit (Version: 1.0.0.0)
Novacomd (Version: 1.0.0.73)
NVIDIA 3D Vision Controller Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Driver 285.62 (Version: 285.62)
NVIDIA 3D Vision Video Player (Version: 1.6.4)
NVIDIA 3D Vision Video Player (Version: 1.7.2)
NVIDIA Control Panel 285.62 (Version: 285.62)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Graphics Driver 285.62 (Version: 285.62)
NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA PhysX (Version: 9.11.0621)
NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
OpenAL
Origin (Version: 8.5.2.23)
Paint Shop Pro 7 (Version: 7.0.2.0000)
PC Remote (Version: 2.0)
Picasa 3 (Version: 3.8)
Platform (Version: 1.34)
Portal 2
PunkBuster Services (Version: 0.991)
PuppetShow: Lost Town
PuppetShow: Mystery of Joyville ™
PuppetShow: Souls of the Innocent
QuickTime (Version: 7.69.80.9)
RapeLay (Version: 1.03)
Rapture3D 2.4.8 Game
Redemption Cemetery: Children's Plight
Redrum: Time Lies
Reincarnations: Awakening
Shiver: Vanishing Hitchhiker
Sid Meier's Civilization V
Snark Busters: All Revved up
Snark Busters: Welcome to the Club
Sony Image Data Suite (Version: 3.2.00.15160)
Steam (Version: 1.0.0.0)
Stereoscopic Player (Version: 1.6.6)
Surface: Mystery of Another World
SyncBackSE
System Requirements Lab
Team Fortress 2
Team Fortress 2 Beta
The Agency of Anomalies: Cinderstone Orphanage
Theme Park
TiVme Software
Tornado: The secret of the magic cave
Treasure Seekers: Visions of Gold ™
TreeSize Professional 5.0
TwonkyBeam for Internet Explorer (Version: 1.4.46.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veronica Rivers: Portals to the Unknown ™
Veronica Rivers: The Order Of Conspiracy
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
VLC media player 1.1.11 (Version: 1.1.11)
VSO CopyToDVD 3 (Version: 3.1.3)
WBFS Manager 3.0 (Version: 3.0)
WebEx
WinBatch
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (Version: 09/10/2009 02.03.05.012)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (Version: 10/09/2009 1.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Phone Device Manager (Version: 1.3.0.0)
X-07 MAPPACK [LAN] Battlefield 2
Xvid 1.1.3 final uninstall (Version: 1.1)
ZENworks Remote Management Viewer (Version: 10.3.3.2855)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 55%
Total physical RAM: 3327.18 MB
Available physical RAM: 1476.48 MB
Total Pagefile: 6652.64 MB
Available Pagefile: 3973.97 MB
Total Virtual: 2047.88 MB
Available Virtual: 1919.81 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:195.21 GB) (Free:146.9 GB) NTFS
2 Drive d: () (Fixed) (Total:736.2 GB) (Free:22.36 GB) NTFS
3 Drive e: (WIN7) (Fixed) (Total:150.27 GB) (Free:43.83 GB) NTFS
4 Drive f: (Data) (Fixed) (Total:781.24 GB) (Free:515.88 GB) NTFS
5 Drive g: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
6 Drive h: (10/02/2012) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
12 Drive t: (Data) (Network) (Total:75.98 GB) (Free:71.67 GB) NTFS
13 Drive w: (2TB-ALL) (Network) (Total:1863.01 GB) (Free:668.06 GB) NTFS
14 Drive x: (NewTV) (Network) (Total:1863.01 GB) (Free:119.39 GB) NTFS

========================= Users: ========================================

User accounts for \\PATRICK3D

Administrator Guest SetupAdmin
UpdatusUser

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


FFS:

Farbar Service Scanner Version: 06-08-2012
Ran by Patrick Doherty (administrator) on 15-08-2012 at 21:29:39
Running from "D:\Download\bleepingcomputer"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


ADWCLEANER

# AdwCleaner v1.801 - Logfile created 08/15/2012 at 21:31:04
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Patrick Doherty - PATRICK3D
# Boot Mode : Normal
# Running from : D:\Download\bleepingcomputer\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Patrick Doherty\AppData\LocalLow\boost_interprocess
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Program Files\DAEMON Tools Toolbar

***** [Registry] *****

Key Found : HKCU\Software\AutocompleteProBHO
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Freeze.com

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Patrick Doherty\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found : "path": "C:\\Users\\Patrick Doherty\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D[...]

*************************

AdwCleaner[R1].txt - [1707 octets] - [15/08/2012 21:31:04]

########## EOF - C:\AdwCleaner[R1].txt - [1835 octets] ##########

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:01 PM

Posted 15 August 2012 - 07:46 PM

Log looks good

update microsoft security essentials and run a scan again.Let me know if it comes clean before we wrap up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users