Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect malware


  • Please log in to reply
11 replies to this topic

#1 baberlicious

baberlicious

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 16 August 2012 - 05:02 PM

i have a win7x64 computer that was redirecting google results in chrome. there was an extension "default extension" that would not delete easily.

i booted to safe mode and ran malwarebytes and got 5 hits...

[registry]
run -> Trojan.RedirRdll3.Gen
[files]
(2) Trojan.Happili
(1) Trojan.RedirRdll3.Gen
(1) Trojan.Zbot.VTGen

i cleaned them. had to manually delete the chrome extension files.

updated everything and did full system scan with Microsoft Security Essenstials. results clean.

i assumed the problem was fixed, but then again today, got another redirect. the "default extension" was back. ran malware again and got 4 hits.

[memory modules]
Trojan.RedirRdll3.Gen

[registry]
Trojan.RedirRdll3.Gen

[files]
Trojan.RedirRdll3.Gen
Trojan.Happili

cleaned everything up again, manually deleting the chrome extension.

as this isn't my computer, i'm not sure that the user didn't just reinfect themselves. i'd say im fairly versed in cleaning up malware, but seeing how the problem returned, thought i'd ask some advice.

i have also ran hijack this and combofix... nothing in the logs looked amiss, but... (i heard i'm not supposed to post logs here)

any help/guidance is greatly appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:25 PM

Posted 16 August 2012 - 05:30 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 August 2012 - 10:54 PM

ok.. i ran those tools.


21:09:04.0521 6756 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:09:05.0054 6756 ============================================================
21:09:05.0055 6756 Current date / time: 2012/08/17 21:09:05.0054
21:09:05.0055 6756 SystemInfo:
21:09:05.0055 6756
21:09:05.0055 6756 OS Version: 6.1.7601 ServicePack: 1.0
21:09:05.0055 6756 Product type: Workstation
21:09:05.0055 6756 ComputerName: BLAKE-LAPTOP
21:09:05.0056 6756 UserName: Blake
21:09:05.0056 6756 Windows directory: C:\windows
21:09:05.0056 6756 System windows directory: C:\windows
21:09:05.0056 6756 Running under WOW64
21:09:05.0056 6756 Processor architecture: Intel x64
21:09:05.0056 6756 Number of processors: 8
21:09:05.0056 6756 Page size: 0x1000
21:09:05.0056 6756 Boot type: Normal boot
21:09:05.0056 6756 ============================================================
21:09:05.0884 6756 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
21:09:05.0893 6756 ============================================================
21:09:05.0893 6756 \Device\Harddisk0\DR0:
21:09:05.0893 6756 MBR partitions:
21:09:05.0893 6756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
21:09:05.0893 6756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
21:09:05.0915 6756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
21:09:05.0915 6756 ============================================================
21:09:05.0962 6756 C: <-> \Device\Harddisk0\DR0\Partition2
21:09:06.0015 6756 D: <-> \Device\Harddisk0\DR0\Partition3
21:09:06.0015 6756 ============================================================
21:09:06.0015 6756 Initialize success
21:09:06.0015 6756 ============================================================
21:09:42.0912 4960 ============================================================
21:09:42.0913 4960 Scan started
21:09:42.0913 4960 Mode: Manual; TDLFS;
21:09:42.0913 4960 ============================================================
21:09:43.0136 4960 ================ Scan services =============================
21:09:43.0320 4960 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:09:43.0327 4960 1394ohci - ok
21:09:43.0364 4960 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:09:43.0371 4960 ACPI - ok
21:09:43.0392 4960 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:09:43.0394 4960 AcpiPmi - ok
21:09:43.0425 4960 [ 5bbff8b826ec38d32c26334e079c7efc ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
21:09:43.0427 4960 ACPIVPC - ok
21:09:43.0549 4960 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:09:43.0554 4960 AdobeFlashPlayerUpdateSvc - ok
21:09:43.0608 4960 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
21:09:43.0620 4960 adp94xx - ok
21:09:43.0658 4960 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\drivers\adpahci.sys
21:09:43.0666 4960 adpahci - ok
21:09:43.0704 4960 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
21:09:43.0709 4960 adpu320 - ok
21:09:43.0737 4960 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:09:43.0739 4960 AeLookupSvc - ok
21:09:43.0782 4960 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\windows\system32\drivers\afd.sys
21:09:43.0794 4960 AFD - ok
21:09:43.0823 4960 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\drivers\agp440.sys
21:09:43.0826 4960 agp440 - ok
21:09:43.0856 4960 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
21:09:43.0859 4960 ALG - ok
21:09:43.0901 4960 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\drivers\aliide.sys
21:09:43.0903 4960 aliide - ok
21:09:43.0910 4960 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\drivers\amdide.sys
21:09:43.0912 4960 amdide - ok
21:09:43.0922 4960 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
21:09:43.0925 4960 AmdK8 - ok
21:09:43.0933 4960 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
21:09:43.0936 4960 AmdPPM - ok
21:09:43.0946 4960 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\windows\system32\drivers\amdsata.sys
21:09:43.0949 4960 amdsata - ok
21:09:43.0966 4960 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\drivers\amdsbs.sys
21:09:43.0969 4960 amdsbs - ok
21:09:43.0978 4960 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:09:43.0979 4960 amdxata - ok
21:09:44.0001 4960 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\windows\system32\drivers\appid.sys
21:09:44.0002 4960 AppID - ok
21:09:44.0026 4960 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:09:44.0027 4960 AppIDSvc - ok
21:09:44.0057 4960 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\windows\System32\appinfo.dll
21:09:44.0060 4960 Appinfo - ok
21:09:44.0167 4960 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:44.0170 4960 Apple Mobile Device - ok
21:09:44.0225 4960 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\drivers\arc.sys
21:09:44.0229 4960 arc - ok
21:09:44.0237 4960 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\drivers\arcsas.sys
21:09:44.0240 4960 arcsas - ok
21:09:44.0344 4960 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:09:44.0347 4960 aspnet_state - ok
21:09:44.0391 4960 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:09:44.0393 4960 AsyncMac - ok
21:09:44.0451 4960 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\drivers\atapi.sys
21:09:44.0453 4960 atapi - ok
21:09:44.0497 4960 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:09:44.0511 4960 AudioEndpointBuilder - ok
21:09:44.0525 4960 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\windows\System32\Audiosrv.dll
21:09:44.0531 4960 AudioSrv - ok
21:09:44.0571 4960 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\windows\System32\AxInstSV.dll
21:09:44.0573 4960 AxInstSV - ok
21:09:44.0614 4960 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
21:09:44.0625 4960 b06bdrv - ok
21:09:44.0650 4960 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
21:09:44.0656 4960 b57nd60a - ok
21:09:44.0686 4960 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
21:09:44.0689 4960 BDESVC - ok
21:09:44.0717 4960 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
21:09:44.0718 4960 Beep - ok
21:09:44.0772 4960 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\windows\System32\bfe.dll
21:09:44.0787 4960 BFE - ok
21:09:44.0830 4960 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\windows\system32\qmgr.dll
21:09:44.0848 4960 BITS - ok
21:09:44.0862 4960 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:09:44.0864 4960 blbdrive - ok
21:09:44.0932 4960 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:09:44.0943 4960 Bonjour Service - ok
21:09:44.0968 4960 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:09:44.0972 4960 bowser - ok
21:09:45.0048 4960 [ aaa4f992f879977a000fe8b8c730cd2c ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
21:09:45.0050 4960 BPntDrv - ok
21:09:45.0073 4960 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
21:09:45.0075 4960 BrFiltLo - ok
21:09:45.0079 4960 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
21:09:45.0080 4960 BrFiltUp - ok
21:09:45.0090 4960 [ 5c2f352a4e961d72518261257aae204b ] Bridge C:\windows\system32\DRIVERS\bridge.sys
21:09:45.0092 4960 Bridge - ok
21:09:45.0096 4960 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:09:45.0097 4960 BridgeMP - ok
21:09:45.0140 4960 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\windows\System32\browser.dll
21:09:45.0143 4960 Browser - ok
21:09:45.0173 4960 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:09:45.0178 4960 Brserid - ok
21:09:45.0190 4960 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:09:45.0192 4960 BrSerWdm - ok
21:09:45.0197 4960 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:09:45.0198 4960 BrUsbMdm - ok
21:09:45.0203 4960 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:09:45.0204 4960 BrUsbSer - ok
21:09:45.0228 4960 [ cf98190a94f62e405c8cb255018b2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:09:45.0230 4960 BthEnum - ok
21:09:45.0262 4960 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
21:09:45.0264 4960 BTHMODEM - ok
21:09:45.0286 4960 [ 02dd601b708dd0667e1331fa8518e9ff ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:09:45.0289 4960 BthPan - ok
21:09:45.0321 4960 [ 738d0e9272f59eb7a1449c3ec118e6c4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:09:45.0330 4960 BTHPORT - ok
21:09:45.0372 4960 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
21:09:45.0374 4960 bthserv - ok
21:09:45.0410 4960 [ f188b7394d81010767b6df3178519a37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:09:45.0413 4960 BTHUSB - ok
21:09:45.0469 4960 [ a0dfb69ade3444c78b17636fcf28e898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
21:09:45.0478 4960 BTWAMPFL - ok
21:09:45.0500 4960 [ 7cf028ce78696882b327ff13d2dfa534 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
21:09:45.0503 4960 btwaudio - ok
21:09:45.0519 4960 [ 3def2370e414b4e299673558ba171a51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
21:09:45.0522 4960 btwavdt - ok
21:09:45.0579 4960 [ 3d5e7fb2cb69a6186c7954c0859173f4 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
21:09:45.0592 4960 btwdins - ok
21:09:45.0616 4960 [ 346b4051b3d7ff70e8f027869b8eca6e ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
21:09:45.0618 4960 btwl2cap - ok
21:09:45.0633 4960 [ 9937e0e4dfc0030560a6dfe9d3a94b39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
21:09:45.0634 4960 btwrchid - ok
21:09:45.0817 4960 [ 4d1b31aa1cd11122e9abca04708a1b1c ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
21:09:45.0959 4960 CarboniteService - ok
21:09:45.0986 4960 catchme - ok
21:09:46.0006 4960 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:09:46.0007 4960 cdfs - ok
21:09:46.0048 4960 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:09:46.0053 4960 cdrom - ok
21:09:46.0098 4960 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\windows\System32\certprop.dll
21:09:46.0100 4960 CertPropSvc - ok
21:09:46.0126 4960 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\drivers\circlass.sys
21:09:46.0129 4960 circlass - ok
21:09:46.0182 4960 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
21:09:46.0191 4960 CLFS - ok
21:09:46.0264 4960 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:46.0267 4960 clr_optimization_v2.0.50727_32 - ok
21:09:46.0319 4960 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:46.0323 4960 clr_optimization_v2.0.50727_64 - ok
21:09:46.0374 4960 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:46.0378 4960 clr_optimization_v4.0.30319_32 - ok
21:09:46.0387 4960 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:46.0391 4960 clr_optimization_v4.0.30319_64 - ok
21:09:46.0429 4960 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
21:09:46.0431 4960 clwvd - ok
21:09:46.0449 4960 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:09:46.0451 4960 CmBatt - ok
21:09:46.0472 4960 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\drivers\cmdide.sys
21:09:46.0474 4960 cmdide - ok
21:09:46.0517 4960 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\windows\system32\Drivers\cng.sys
21:09:46.0526 4960 CNG - ok
21:09:46.0567 4960 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
21:09:46.0569 4960 Compbatt - ok
21:09:46.0590 4960 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
21:09:46.0592 4960 CompositeBus - ok
21:09:46.0605 4960 COMSysApp - ok
21:09:46.0628 4960 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
21:09:46.0630 4960 crcdisk - ok
21:09:46.0661 4960 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\windows\system32\cryptsvc.dll
21:09:46.0664 4960 CryptSvc - ok
21:09:46.0708 4960 [ 1ca90212a99db6975c344826d11055c9 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
21:09:46.0711 4960 dc3d - ok
21:09:46.0756 4960 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\windows\system32\rpcss.dll
21:09:46.0769 4960 DcomLaunch - ok
21:09:46.0794 4960 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
21:09:46.0800 4960 defragsvc - ok
21:09:46.0825 4960 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:09:46.0828 4960 DfsC - ok
21:09:46.0870 4960 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\windows\system32\dhcpcore.dll
21:09:46.0875 4960 Dhcp - ok
21:09:46.0899 4960 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
21:09:46.0901 4960 discache - ok
21:09:46.0941 4960 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\drivers\disk.sys
21:09:46.0943 4960 Disk - ok
21:09:46.0966 4960 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:09:46.0970 4960 Dnscache - ok
21:09:46.0994 4960 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\windows\System32\dot3svc.dll
21:09:47.0000 4960 dot3svc - ok
21:09:47.0011 4960 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\windows\system32\dps.dll
21:09:47.0015 4960 DPS - ok
21:09:47.0056 4960 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:09:47.0058 4960 drmkaud - ok
21:09:47.0095 4960 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:09:47.0111 4960 DXGKrnl - ok
21:09:47.0131 4960 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
21:09:47.0134 4960 EapHost - ok
21:09:47.0225 4960 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\drivers\evbda.sys
21:09:47.0293 4960 ebdrv - ok
21:09:47.0315 4960 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\windows\System32\lsass.exe
21:09:47.0316 4960 EFS - ok
21:09:47.0367 4960 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:09:47.0415 4960 ehRecvr - ok
21:09:47.0427 4960 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
21:09:47.0449 4960 ehSched - ok
21:09:47.0501 4960 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
21:09:47.0513 4960 elxstor - ok
21:09:47.0518 4960 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\drivers\errdev.sys
21:09:47.0519 4960 ErrDev - ok
21:09:47.0549 4960 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
21:09:47.0554 4960 EventSystem - ok
21:09:47.0653 4960 [ e3a96d5ae6e5c7b5472011ba77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:09:47.0671 4960 EvtEng - ok
21:09:47.0683 4960 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
21:09:47.0686 4960 exfat - ok
21:09:47.0701 4960 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
21:09:47.0704 4960 fastfat - ok
21:09:47.0748 4960 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\windows\system32\fxssvc.exe
21:09:47.0761 4960 Fax - ok
21:09:47.0781 4960 [ 3191aca33088ee2481044fc0db736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
21:09:47.0783 4960 fbfmon - ok
21:09:47.0810 4960 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\drivers\fdc.sys
21:09:47.0812 4960 fdc - ok
21:09:47.0845 4960 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
21:09:47.0846 4960 fdPHost - ok
21:09:47.0864 4960 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
21:09:47.0867 4960 FDResPub - ok
21:09:47.0881 4960 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:09:47.0883 4960 FileInfo - ok
21:09:47.0914 4960 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:09:47.0916 4960 Filetrace - ok
21:09:47.0934 4960 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
21:09:47.0936 4960 flpydisk - ok
21:09:47.0958 4960 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:09:47.0963 4960 FltMgr - ok
21:09:48.0018 4960 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\windows\system32\FntCache.dll
21:09:48.0042 4960 FontCache - ok
21:09:48.0078 4960 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:48.0080 4960 FontCache3.0.0.0 - ok
21:09:48.0094 4960 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:09:48.0097 4960 FsDepends - ok
21:09:48.0119 4960 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:09:48.0122 4960 Fs_Rec - ok
21:09:48.0169 4960 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:09:48.0175 4960 fvevol - ok
21:09:48.0218 4960 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
21:09:48.0221 4960 gagp30kx - ok
21:09:48.0253 4960 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:48.0256 4960 GEARAspiWDM - ok
21:09:48.0298 4960 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\windows\System32\gpsvc.dll
21:09:48.0315 4960 gpsvc - ok
21:09:48.0371 4960 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:48.0374 4960 gupdate - ok
21:09:48.0390 4960 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:48.0392 4960 gupdatem - ok
21:09:48.0428 4960 [ cc839e8d766cc31a7710c9f38cf3e375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:09:48.0433 4960 gusvc - ok
21:09:48.0464 4960 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:09:48.0467 4960 hcw85cir - ok
21:09:48.0499 4960 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:09:48.0511 4960 HdAudAddService - ok
21:09:48.0535 4960 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
21:09:48.0539 4960 HDAudBus - ok
21:09:48.0556 4960 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\drivers\HidBatt.sys
21:09:48.0558 4960 HidBatt - ok
21:09:48.0567 4960 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\drivers\hidbth.sys
21:09:48.0571 4960 HidBth - ok
21:09:48.0579 4960 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\drivers\hidir.sys
21:09:48.0582 4960 HidIr - ok
21:09:48.0601 4960 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
21:09:48.0604 4960 hidserv - ok
21:09:48.0640 4960 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:09:48.0643 4960 HidUsb - ok
21:09:48.0668 4960 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\windows\system32\kmsvc.dll
21:09:48.0672 4960 hkmsvc - ok
21:09:48.0690 4960 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:09:48.0695 4960 HomeGroupListener - ok
21:09:48.0715 4960 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:09:48.0720 4960 HomeGroupProvider - ok
21:09:48.0759 4960 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:09:48.0761 4960 HpSAMD - ok
21:09:48.0789 4960 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:09:48.0799 4960 HTTP - ok
21:09:48.0806 4960 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:09:48.0807 4960 hwpolicy - ok
21:09:48.0835 4960 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:09:48.0837 4960 i8042prt - ok
21:09:48.0861 4960 [ 53cc5bf8b5a219119953c7abb19a7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:09:48.0864 4960 iaStor - ok
21:09:48.0903 4960 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:09:48.0913 4960 iaStorV - ok
21:09:48.0983 4960 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:48.0999 4960 idsvc - ok
21:09:49.0247 4960 [ 795c99dc4f574c97c03d0bb39cf099ee ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
21:09:49.0463 4960 igfx - ok
21:09:49.0488 4960 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\drivers\iirsp.sys
21:09:49.0489 4960 iirsp - ok
21:09:49.0539 4960 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\windows\System32\ikeext.dll
21:09:49.0556 4960 IKEEXT - ok
21:09:49.0650 4960 [ aba41ee6f5eefc034f3bbd025506b37e ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
21:09:49.0676 4960 IntcAzAudAddService - ok
21:09:49.0716 4960 [ fc727061c0f47c8059e88e05d5c8e381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
21:09:49.0720 4960 IntcDAud - ok
21:09:49.0756 4960 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\drivers\intelide.sys
21:09:49.0757 4960 intelide - ok
21:09:49.0774 4960 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:09:49.0776 4960 intelppm - ok
21:09:49.0819 4960 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:09:49.0823 4960 IPBusEnum - ok
21:09:49.0837 4960 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:09:49.0840 4960 IpFilterDriver - ok
21:09:49.0856 4960 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:09:49.0868 4960 iphlpsvc - ok
21:09:49.0879 4960 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:09:49.0882 4960 IPMIDRV - ok
21:09:49.0889 4960 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:09:49.0891 4960 IPNAT - ok
21:09:49.0946 4960 [ 50d6ccc6ff5561f9f56946b3e6164fb8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:09:49.0959 4960 iPod Service - ok
21:09:49.0989 4960 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
21:09:49.0991 4960 IRENUM - ok
21:09:50.0007 4960 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:09:50.0009 4960 isapnp - ok
21:09:50.0034 4960 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:09:50.0039 4960 iScsiPrt - ok
21:09:50.0066 4960 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:09:50.0068 4960 kbdclass - ok
21:09:50.0088 4960 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:09:50.0090 4960 kbdhid - ok
21:09:50.0104 4960 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\windows\system32\lsass.exe
21:09:50.0105 4960 KeyIso - ok
21:09:50.0138 4960 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:09:50.0141 4960 KSecDD - ok
21:09:50.0158 4960 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:09:50.0161 4960 KSecPkg - ok
21:09:50.0191 4960 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
21:09:50.0192 4960 ksthunk - ok
21:09:50.0232 4960 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
21:09:50.0239 4960 KtmRm - ok
21:09:50.0286 4960 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\windows\System32\srvsvc.dll
21:09:50.0295 4960 LanmanServer - ok
21:09:50.0318 4960 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:09:50.0323 4960 LanmanWorkstation - ok
21:09:50.0375 4960 [ be166935083f9c38edfdc21b9a7a679b ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
21:09:50.0378 4960 LHDmgr - ok
21:09:50.0393 4960 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:09:50.0396 4960 lltdio - ok
21:09:50.0421 4960 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
21:09:50.0430 4960 lltdsvc - ok
21:09:50.0465 4960 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
21:09:50.0468 4960 lmhosts - ok
21:09:50.0534 4960 [ 2ed1786b7542cda261029f6b526edf44 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:09:50.0542 4960 LMS - ok
21:09:50.0589 4960 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
21:09:50.0593 4960 LSI_FC - ok
21:09:50.0601 4960 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
21:09:50.0604 4960 LSI_SAS - ok
21:09:50.0611 4960 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
21:09:50.0614 4960 LSI_SAS2 - ok
21:09:50.0622 4960 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
21:09:50.0625 4960 LSI_SCSI - ok
21:09:50.0649 4960 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
21:09:50.0653 4960 luafv - ok
21:09:50.0673 4960 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:09:50.0678 4960 Mcx2Svc - ok
21:09:50.0698 4960 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\drivers\megasas.sys
21:09:50.0700 4960 megasas - ok
21:09:50.0740 4960 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
21:09:50.0751 4960 MegaSR - ok
21:09:50.0788 4960 [ a6518dcc42f7a6e999bb3bea8fd87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
21:09:50.0791 4960 MEIx64 - ok
21:09:50.0843 4960 Microsoft SharePoint Workspace Audit Service - ok
21:09:50.0857 4960 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
21:09:50.0861 4960 MMCSS - ok
21:09:50.0893 4960 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
21:09:50.0896 4960 Modem - ok
21:09:50.0923 4960 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:09:50.0925 4960 monitor - ok
21:09:50.0965 4960 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:09:50.0969 4960 mouclass - ok
21:09:51.0000 4960 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:09:51.0003 4960 mouhid - ok
21:09:51.0027 4960 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:09:51.0030 4960 mountmgr - ok
21:09:51.0083 4960 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:09:51.0086 4960 MozillaMaintenance - ok
21:09:51.0127 4960 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
21:09:51.0132 4960 MpFilter - ok
21:09:51.0158 4960 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\windows\system32\drivers\mpio.sys
21:09:51.0163 4960 mpio - ok
21:09:51.0190 4960 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:09:51.0193 4960 mpsdrv - ok
21:09:51.0243 4960 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\windows\system32\mpssvc.dll
21:09:51.0262 4960 MpsSvc - ok
21:09:51.0279 4960 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:09:51.0282 4960 MRxDAV - ok
21:09:51.0304 4960 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:09:51.0307 4960 mrxsmb - ok
21:09:51.0343 4960 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:09:51.0348 4960 mrxsmb10 - ok
21:09:51.0361 4960 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:09:51.0363 4960 mrxsmb20 - ok
21:09:51.0370 4960 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\windows\system32\drivers\msahci.sys
21:09:51.0371 4960 msahci - ok
21:09:51.0393 4960 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:09:51.0395 4960 msdsm - ok
21:09:51.0425 4960 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
21:09:51.0429 4960 MSDTC - ok
21:09:51.0447 4960 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
21:09:51.0449 4960 Msfs - ok
21:09:51.0472 4960 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:09:51.0474 4960 mshidkmdf - ok
21:09:51.0489 4960 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:09:51.0490 4960 msisadrv - ok
21:09:51.0543 4960 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:09:51.0550 4960 MSiSCSI - ok
21:09:51.0637 4960 msiserver - ok
21:09:51.0666 4960 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:09:51.0668 4960 MSKSSRV - ok
21:09:51.0744 4960 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:09:51.0746 4960 MsMpSvc - ok
21:09:51.0777 4960 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:09:51.0779 4960 MSPCLOCK - ok
21:09:51.0787 4960 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:09:51.0789 4960 MSPQM - ok
21:09:51.0815 4960 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:09:51.0821 4960 MsRPC - ok
21:09:51.0842 4960 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
21:09:51.0844 4960 mssmbios - ok
21:09:51.0889 4960 MSSQL$XACTWARE - ok
21:09:51.0936 4960 [ f1761c8fb2b25a32c6d63e36bb88c3ae ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
21:09:51.0939 4960 MSSQLServerADHelper100 - ok
21:09:51.0973 4960 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:09:51.0975 4960 MSTEE - ok
21:09:51.0983 4960 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\drivers\MTConfig.sys
21:09:51.0985 4960 MTConfig - ok
21:09:52.0008 4960 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
21:09:52.0011 4960 Mup - ok
21:09:52.0054 4960 [ 8f57db74bf5407a4cda6c8b005dc8dd0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:09:52.0062 4960 MyWiFiDHCPDNS - ok
21:09:52.0105 4960 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\windows\system32\qagentRT.dll
21:09:52.0118 4960 napagent - ok
21:09:52.0171 4960 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:09:52.0179 4960 NativeWifiP - ok
21:09:52.0241 4960 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\windows\system32\drivers\ndis.sys
21:09:52.0258 4960 NDIS - ok
21:09:52.0285 4960 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:09:52.0287 4960 NdisCap - ok
21:09:52.0305 4960 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:09:52.0307 4960 NdisTapi - ok
21:09:52.0336 4960 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:09:52.0338 4960 Ndisuio - ok
21:09:52.0354 4960 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:09:52.0357 4960 NdisWan - ok
21:09:52.0367 4960 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:09:52.0369 4960 NDProxy - ok
21:09:52.0392 4960 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:09:52.0393 4960 NetBIOS - ok
21:09:52.0412 4960 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:09:52.0417 4960 NetBT - ok
21:09:52.0426 4960 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\windows\system32\lsass.exe
21:09:52.0427 4960 Netlogon - ok
21:09:52.0460 4960 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
21:09:52.0467 4960 Netman - ok
21:09:52.0488 4960 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0491 4960 NetMsmqActivator - ok
21:09:52.0495 4960 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0497 4960 NetPipeActivator - ok
21:09:52.0525 4960 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
21:09:52.0532 4960 netprofm - ok
21:09:52.0554 4960 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0556 4960 NetTcpActivator - ok
21:09:52.0561 4960 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:09:52.0562 4960 NetTcpPortSharing - ok
21:09:52.0766 4960 [ 50ad7f7040c22bb7caa59a0880875a21 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
21:09:52.0945 4960 NETwNs64 - ok
21:09:52.0980 4960 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
21:09:52.0983 4960 nfrd960 - ok
21:09:53.0055 4960 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:09:53.0058 4960 NisDrv - ok
21:09:53.0103 4960 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:09:53.0110 4960 NisSrv - ok
21:09:53.0149 4960 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
21:09:53.0156 4960 NlaSvc - ok
21:09:53.0174 4960 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
21:09:53.0175 4960 Npfs - ok
21:09:53.0198 4960 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
21:09:53.0201 4960 nsi - ok
21:09:53.0217 4960 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:09:53.0219 4960 nsiproxy - ok
21:09:53.0277 4960 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:09:53.0299 4960 Ntfs - ok
21:09:53.0316 4960 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
21:09:53.0317 4960 Null - ok
21:09:53.0351 4960 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\windows\system32\drivers\nvraid.sys
21:09:53.0354 4960 nvraid - ok
21:09:53.0358 4960 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\windows\system32\drivers\nvstor.sys
21:09:53.0360 4960 nvstor - ok
21:09:53.0371 4960 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:09:53.0372 4960 nv_agp - ok
21:09:53.0381 4960 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:09:53.0382 4960 ohci1394 - ok
21:09:53.0458 4960 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:09:53.0463 4960 ose - ok
21:09:53.0618 4960 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:09:53.0736 4960 osppsvc - ok
21:09:53.0761 4960 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:09:53.0765 4960 p2pimsvc - ok
21:09:53.0781 4960 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
21:09:53.0788 4960 p2psvc - ok
21:09:53.0810 4960 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\drivers\parport.sys
21:09:53.0813 4960 Parport - ok
21:09:53.0837 4960 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\windows\system32\drivers\partmgr.sys
21:09:53.0839 4960 partmgr - ok
21:09:53.0887 4960 [ 9665402b7fa59302d520ad845ddfc026 ] Partner Service C:\ProgramData\Partner\Partner.exe
21:09:53.0895 4960 Partner Service - ok
21:09:53.0928 4960 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
21:09:53.0934 4960 PcaSvc - ok
21:09:53.0961 4960 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\windows\system32\drivers\pci.sys
21:09:53.0966 4960 pci - ok
21:09:53.0994 4960 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\drivers\pciide.sys
21:09:53.0996 4960 pciide - ok
21:09:54.0017 4960 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\drivers\pcmcia.sys
21:09:54.0022 4960 pcmcia - ok
21:09:54.0041 4960 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
21:09:54.0043 4960 pcw - ok
21:09:54.0073 4960 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:09:54.0084 4960 PEAUTH - ok
21:09:54.0160 4960 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
21:09:54.0163 4960 PerfHost - ok
21:09:54.0233 4960 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\windows\system32\pla.dll
21:09:54.0257 4960 pla - ok
21:09:54.0294 4960 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:09:54.0306 4960 PlugPlay - ok
21:09:54.0333 4960 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:09:54.0338 4960 PNRPAutoReg - ok
21:09:54.0361 4960 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:09:54.0365 4960 PNRPsvc - ok
21:09:54.0393 4960 [ 4f0878fd62d5f7444c5f1c4c66d9d293 ] Point64 C:\windows\system32\DRIVERS\point64.sys
21:09:54.0395 4960 Point64 - ok
21:09:54.0432 4960 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:09:54.0444 4960 PolicyAgent - ok
21:09:54.0462 4960 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
21:09:54.0469 4960 Power - ok
21:09:54.0490 4960 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:09:54.0493 4960 PptpMiniport - ok
21:09:54.0512 4960 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\drivers\processr.sys
21:09:54.0515 4960 Processor - ok
21:09:54.0544 4960 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\windows\system32\profsvc.dll
21:09:54.0549 4960 ProfSvc - ok
21:09:54.0559 4960 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\windows\system32\lsass.exe
21:09:54.0561 4960 ProtectedStorage - ok
21:09:54.0578 4960 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:09:54.0580 4960 Psched - ok
21:09:54.0633 4960 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
21:09:54.0655 4960 ql2300 - ok
21:09:54.0670 4960 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
21:09:54.0672 4960 ql40xx - ok
21:09:54.0698 4960 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
21:09:54.0701 4960 QWAVE - ok
21:09:54.0711 4960 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:09:54.0712 4960 QWAVEdrv - ok
21:09:54.0735 4960 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:09:54.0736 4960 RasAcd - ok
21:09:54.0755 4960 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:09:54.0758 4960 RasAgileVpn - ok
21:09:54.0785 4960 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
21:09:54.0791 4960 RasAuto - ok
21:09:54.0809 4960 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:09:54.0814 4960 Rasl2tp - ok
21:09:54.0840 4960 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\windows\System32\rasmans.dll
21:09:54.0850 4960 RasMan - ok
21:09:54.0870 4960 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:09:54.0872 4960 RasPppoe - ok
21:09:54.0895 4960 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:09:54.0897 4960 RasSstp - ok
21:09:54.0923 4960 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:09:54.0928 4960 rdbss - ok
21:09:54.0940 4960 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\drivers\rdpbus.sys
21:09:54.0941 4960 rdpbus - ok
21:09:54.0959 4960 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:09:54.0960 4960 RDPCDD - ok
21:09:54.0988 4960 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:09:54.0990 4960 RDPENCDD - ok
21:09:55.0007 4960 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:09:55.0008 4960 RDPREFMP - ok
21:09:55.0033 4960 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:09:55.0036 4960 RDPWD - ok
21:09:55.0081 4960 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:09:55.0087 4960 rdyboost - ok
21:09:55.0172 4960 [ fd11c1287d38a46fb72353e14d50089c ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:09:55.0190 4960 RegSrvc - ok
21:09:55.0223 4960 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
21:09:55.0226 4960 RemoteAccess - ok
21:09:55.0248 4960 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:09:55.0252 4960 RemoteRegistry - ok
21:09:55.0276 4960 [ 3dd798846e2c28102b922c56e71b7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:09:55.0279 4960 RFCOMM - ok
21:09:55.0314 4960 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:09:55.0319 4960 RpcEptMapper - ok
21:09:55.0347 4960 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
21:09:55.0350 4960 RpcLocator - ok
21:09:55.0389 4960 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\windows\system32\rpcss.dll
21:09:55.0399 4960 RpcSs - ok
21:09:55.0433 4960 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:09:55.0436 4960 rspndr - ok
21:09:55.0473 4960 [ e54a5586a28d0630a79a68bbab84bfcf ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
21:09:55.0480 4960 RSUSBVSTOR - ok
21:09:55.0514 4960 [ 20a466b9ea2bd828c0ec723f99b8cfe7 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
21:09:55.0521 4960 RTL8167 - ok
21:09:55.0647 4960 [ 8e5297d5747a90636d5efaec8e466623 ] S6000KNT C:\windows\system32\Drivers\S6000KNT.sys
21:09:55.0723 4960 S6000KNT - ok
21:09:55.0737 4960 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\windows\system32\lsass.exe
21:09:55.0738 4960 SamSs - ok
21:09:55.0761 4960 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:09:55.0763 4960 sbp2port - ok
21:09:55.0781 4960 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
21:09:55.0789 4960 SCardSvr - ok
21:09:55.0806 4960 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:09:55.0808 4960 scfilter - ok
21:09:55.0846 4960 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\windows\system32\schedsvc.dll
21:09:55.0865 4960 Schedule - ok
21:09:55.0898 4960 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\windows\System32\certprop.dll
21:09:55.0899 4960 SCPolicySvc - ok
21:09:55.0929 4960 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:09:55.0935 4960 SDRSVC - ok
21:09:55.0963 4960 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:09:55.0965 4960 secdrv - ok
21:09:55.0991 4960 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\windows\system32\seclogon.dll
21:09:55.0994 4960 seclogon - ok
21:09:56.0007 4960 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
21:09:56.0011 4960 SENS - ok
21:09:56.0061 4960 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
21:09:56.0065 4960 SensrSvc - ok
21:09:56.0089 4960 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\drivers\serenum.sys
21:09:56.0092 4960 Serenum - ok
21:09:56.0110 4960 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\drivers\serial.sys
21:09:56.0114 4960 Serial - ok
21:09:56.0133 4960 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\drivers\sermouse.sys
21:09:56.0136 4960 sermouse - ok
21:09:56.0172 4960 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\windows\system32\sessenv.dll
21:09:56.0176 4960 SessionEnv - ok
21:09:56.0192 4960 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:09:56.0193 4960 sffdisk - ok
21:09:56.0204 4960 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:09:56.0206 4960 sffp_mmc - ok
21:09:56.0210 4960 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:09:56.0212 4960 sffp_sd - ok
21:09:56.0226 4960 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
21:09:56.0227 4960 sfloppy - ok
21:09:56.0267 4960 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
21:09:56.0273 4960 SharedAccess - ok
21:09:56.0305 4960 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:09:56.0316 4960 ShellHWDetection - ok
21:09:56.0340 4960 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
21:09:56.0343 4960 SiSRaid2 - ok
21:09:56.0361 4960 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
21:09:56.0365 4960 SiSRaid4 - ok
21:09:56.0387 4960 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
21:09:56.0390 4960 Smb - ok
21:09:56.0428 4960 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:09:56.0430 4960 SNMPTRAP - ok
21:09:56.0467 4960 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
21:09:56.0468 4960 spldr - ok
21:09:56.0493 4960 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\windows\System32\spoolsv.exe
21:09:56.0501 4960 Spooler - ok
21:09:56.0604 4960 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\windows\system32\sppsvc.exe
21:09:56.0682 4960 sppsvc - ok
21:09:56.0695 4960 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:09:56.0698 4960 sppuinotify - ok
21:09:56.0731 4960 [ a687b5b326afcfcf182c4931d1ff9771 ] SQLAgent$XACTWARE c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XACTWARE\MSSQL\Binn\SQLAGENT.EXE
21:09:56.0741 4960 SQLAgent$XACTWARE - ok
21:09:56.0806 4960 [ b54b48f6d92423440c264e91225c5ff1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:09:56.0813 4960 SQLBrowser - ok
21:09:56.0845 4960 [ 6d65985945b03ca59b67d0b73702fc7b ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:09:56.0849 4960 SQLWriter - ok
21:09:56.0890 4960 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\windows\system32\DRIVERS\srv.sys
21:09:56.0899 4960 srv - ok
21:09:56.0911 4960 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:09:56.0918 4960 srv2 - ok
21:09:56.0929 4960 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:09:56.0933 4960 srvnet - ok
21:09:56.0964 4960 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:09:56.0968 4960 SSDPSRV - ok
21:09:56.0986 4960 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
21:09:56.0989 4960 SstpSvc - ok
21:09:57.0011 4960 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\drivers\stexstor.sys
21:09:57.0012 4960 stexstor - ok
21:09:57.0054 4960 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\windows\System32\wiaservc.dll
21:09:57.0069 4960 stisvc - ok
21:09:57.0089 4960 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
21:09:57.0091 4960 swenum - ok
21:09:57.0132 4960 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
21:09:57.0146 4960 swprv - ok
21:09:57.0208 4960 [ 08425cd92972c6430f350a9697f4a553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:09:57.0226 4960 SynTP - ok
21:09:57.0273 4960 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\windows\system32\sysmain.dll
21:09:57.0291 4960 SysMain - ok
21:09:57.0307 4960 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\windows\System32\TabSvc.dll
21:09:57.0310 4960 TabletInputService - ok
21:09:57.0323 4960 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\windows\System32\tapisrv.dll
21:09:57.0327 4960 TapiSrv - ok
21:09:57.0339 4960 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
21:09:57.0342 4960 TBS - ok
21:09:57.0417 4960 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:09:57.0435 4960 Tcpip - ok
21:09:57.0494 4960 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:09:57.0513 4960 TCPIP6 - ok
21:09:57.0531 4960 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:09:57.0533 4960 tcpipreg - ok
21:09:57.0547 4960 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:09:57.0548 4960 TDPIPE - ok
21:09:57.0574 4960 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:09:57.0576 4960 TDTCP - ok
21:09:57.0587 4960 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:09:57.0589 4960 tdx - ok
21:09:57.0616 4960 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
21:09:57.0618 4960 TermDD - ok
21:09:57.0657 4960 [ 2e648163254233755035b46dd7b89123 ] TermService C:\windows\System32\termsrv.dll
21:09:57.0674 4960 TermService - ok
21:09:57.0695 4960 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
21:09:57.0698 4960 Themes - ok
21:09:57.0714 4960 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
21:09:57.0716 4960 THREADORDER - ok
21:09:57.0746 4960 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
21:09:57.0750 4960 TrkWks - ok
21:09:57.0801 4960 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:09:57.0805 4960 TrustedInstaller - ok
21:09:57.0824 4960 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:09:57.0827 4960 tssecsrv - ok
21:09:57.0842 4960 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:09:57.0844 4960 TsUsbFlt - ok
21:09:57.0860 4960 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
21:09:57.0862 4960 TsUsbGD - ok
21:09:57.0892 4960 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:09:57.0895 4960 tunnel - ok
21:09:57.0904 4960 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
21:09:57.0907 4960 uagp35 - ok
21:09:57.0937 4960 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:09:57.0945 4960 udfs - ok
21:09:57.0974 4960 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:09:57.0977 4960 UI0Detect - ok
21:09:58.0012 4960 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:09:58.0014 4960 uliagpkx - ok
21:09:58.0037 4960 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
21:09:58.0039 4960 umbus - ok
21:09:58.0068 4960 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\drivers\umpass.sys
21:09:58.0070 4960 UmPass - ok
21:09:58.0201 4960 [ 7e5e1603d0ff2d240ae70295c5c3fefc ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:09:58.0230 4960 UNS - ok
21:09:58.0256 4960 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
21:09:58.0261 4960 upnphost - ok
21:09:58.0289 4960 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
21:09:58.0292 4960 USBAAPL64 - ok
21:09:58.0333 4960 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\windows\system32\drivers\usbaudio.sys
21:09:58.0337 4960 usbaudio - ok
21:09:58.0357 4960 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:09:58.0360 4960 usbccgp - ok
21:09:58.0375 4960 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:09:58.0378 4960 usbcir - ok
21:09:58.0402 4960 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:09:58.0404 4960 usbehci - ok
21:09:58.0427 4960 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:09:58.0432 4960 usbhub - ok
21:09:58.0444 4960 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\windows\system32\drivers\usbohci.sys
21:09:58.0445 4960 usbohci - ok
21:09:58.0473 4960 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\drivers\usbprint.sys
21:09:58.0474 4960 usbprint - ok
21:09:58.0486 4960 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:09:58.0488 4960 USBSTOR - ok
21:09:58.0493 4960 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\windows\system32\drivers\usbuhci.sys
21:09:58.0495 4960 usbuhci - ok
21:09:58.0515 4960 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
21:09:58.0519 4960 usbvideo - ok
21:09:58.0543 4960 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
21:09:58.0546 4960 UxSms - ok
21:09:58.0560 4960 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\windows\system32\lsass.exe
21:09:58.0562 4960 VaultSvc - ok
21:09:58.0597 4960 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:09:58.0598 4960 vdrvroot - ok
21:09:58.0633 4960 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\windows\System32\vds.exe
21:09:58.0648 4960 vds - ok
21:09:58.0683 4960 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:09:58.0686 4960 vga - ok
21:09:58.0698 4960 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
21:09:58.0701 4960 VgaSave - ok
21:09:58.0709 4960 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:09:58.0713 4960 vhdmp - ok
21:09:58.0743 4960 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\drivers\viaide.sys
21:09:58.0745 4960 viaide - ok
21:09:58.0764 4960 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:09:58.0766 4960 volmgr - ok
21:09:58.0796 4960 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:09:58.0802 4960 volmgrx - ok
21:09:58.0813 4960 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:09:58.0818 4960 volsnap - ok
21:09:58.0846 4960 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
21:09:58.0849 4960 vsmraid - ok
21:09:58.0898 4960 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\windows\system32\vssvc.exe
21:09:58.0915 4960 VSS - ok
21:09:58.0938 4960 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:09:58.0940 4960 vwifibus - ok
21:09:58.0965 4960 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:09:58.0968 4960 vwififlt - ok
21:09:58.0980 4960 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
21:09:58.0982 4960 vwifimp - ok
21:09:59.0011 4960 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
21:09:59.0020 4960 W32Time - ok
21:09:59.0046 4960 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\drivers\wacompen.sys
21:09:59.0048 4960 WacomPen - ok
21:09:59.0078 4960 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:09:59.0081 4960 WANARP - ok
21:09:59.0090 4960 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:09:59.0092 4960 Wanarpv6 - ok
21:09:59.0156 4960 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:09:59.0183 4960 WatAdminSvc - ok
21:09:59.0237 4960 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\windows\system32\wbengine.exe
21:09:59.0258 4960 wbengine - ok
21:09:59.0265 4960 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:09:59.0270 4960 WbioSrvc - ok
21:09:59.0287 4960 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\windows\System32\wcncsvc.dll
21:09:59.0294 4960 wcncsvc - ok
21:09:59.0320 4960 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:09:59.0323 4960 WcsPlugInService - ok
21:09:59.0351 4960 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\drivers\wd.sys
21:09:59.0354 4960 Wd - ok
21:09:59.0391 4960 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:09:59.0406 4960 Wdf01000 - ok
21:09:59.0432 4960 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
21:09:59.0438 4960 WdiServiceHost - ok
21:09:59.0446 4960 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
21:09:59.0451 4960 WdiSystemHost - ok
21:09:59.0495 4960 [ 94dc2bf6cbaaa95e369c3756d3115a76 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
21:09:59.0498 4960 wdkmd - ok
21:09:59.0528 4960 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\windows\System32\webclnt.dll
21:09:59.0534 4960 WebClient - ok
21:09:59.0546 4960 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
21:09:59.0551 4960 Wecsvc - ok
21:09:59.0567 4960 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
21:09:59.0571 4960 wercplsupport - ok
21:09:59.0597 4960 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
21:09:59.0600 4960 WerSvc - ok
21:09:59.0620 4960 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:09:59.0622 4960 WfpLwf - ok
21:09:59.0636 4960 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:09:59.0637 4960 WIMMount - ok
21:09:59.0656 4960 WinDefend - ok
21:09:59.0663 4960 WinHttpAutoProxySvc - ok
21:09:59.0717 4960 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:09:59.0723 4960 Winmgmt - ok
21:09:59.0808 4960 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\windows\system32\WsmSvc.dll
21:09:59.0836 4960 WinRM - ok
21:09:59.0868 4960 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
21:09:59.0870 4960 WinUsb - ok
21:09:59.0899 4960 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
21:09:59.0911 4960 Wlansvc - ok
21:09:59.0959 4960 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:09:59.0960 4960 wlcrasvc - ok
21:10:00.0036 4960 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:00.0066 4960 wlidsvc - ok
21:10:00.0087 4960 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
21:10:00.0088 4960 WmiAcpi - ok
21:10:00.0116 4960 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:10:00.0120 4960 wmiApSrv - ok
21:10:00.0156 4960 WMPNetworkSvc - ok
21:10:00.0180 4960 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
21:10:00.0185 4960 WPCSvc - ok
21:10:00.0199 4960 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:10:00.0205 4960 WPDBusEnum - ok
21:10:00.0224 4960 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:10:00.0226 4960 ws2ifsl - ok
21:10:00.0264 4960 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\windows\system32\wscsvc.dll
21:10:00.0270 4960 wscsvc - ok
21:10:00.0306 4960 [ 8d918b1db190a4d9b1753a66fa8c96e8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
21:10:00.0309 4960 WSDPrintDevice - ok
21:10:00.0316 4960 WSearch - ok
21:10:00.0353 4960 [ 83575c43b2bfe9ab0661a7f957e843c0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
21:10:00.0357 4960 wsvd - ok
21:10:00.0429 4960 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\windows\system32\wuaueng.dll
21:10:00.0461 4960 wuauserv - ok
21:10:00.0471 4960 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:10:00.0474 4960 WudfPf - ok
21:10:00.0485 4960 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:10:00.0487 4960 WUDFRd - ok
21:10:00.0509 4960 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:10:00.0514 4960 wudfsvc - ok
21:10:00.0531 4960 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
21:10:00.0538 4960 WwanSvc - ok
21:10:00.0574 4960 ================ Scan global ===============================
21:10:00.0596 4960 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
21:10:00.0624 4960 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
21:10:00.0640 4960 (eb6a48cc998e1090e44e8e7f1009a640) C:\windows\system32\winsrv.dll
21:10:00.0671 4960 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
21:10:00.0698 4960 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
21:10:00.0709 4960 [Global] - ok
21:10:00.0710 4960 ================ Scan MBR ==================================
21:10:00.0722 4960 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:10:01.0043 4960 \Device\Harddisk0\DR0 - ok
21:10:01.0044 4960 ================ Scan VBR ==================================
21:10:01.0049 4960 Boot (0x1200) (6404afec488335156f6d0362ad4e9672) \Device\Harddisk0\DR0\Partition1
21:10:01.0052 4960 \Device\Harddisk0\DR0\Partition1 - ok
21:10:01.0078 4960 Boot (0x1200) (3d4e2112d10144fcac4a8f5f1100e4d2) \Device\Harddisk0\DR0\Partition2
21:10:01.0080 4960 \Device\Harddisk0\DR0\Partition2 - ok
21:10:01.0103 4960 Boot (0x1200) (6ec10321dc6f317db501de91ed262d65) \Device\Harddisk0\DR0\Partition3
21:10:01.0105 4960 \Device\Harddisk0\DR0\Partition3 - ok
21:10:01.0106 4960 ============================================================
21:10:01.0106 4960 Scan finished
21:10:01.0106 4960 ============================================================
21:10:01.0124 7192 Detected object count: 0
21:10:01.0125 7192 Actual detected object count: 0
21:10:41.0609 5964 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-17 21:10:55
-----------------------------
21:10:55.383 OS Version: Windows x64 6.1.7601 Service Pack 1
21:10:55.383 Number of processors: 8 586 0x2A07
21:10:55.384 ComputerName: BLAKE-LAPTOP UserName: Blake
21:10:57.881 Initialize success
21:11:30.032 AVAST engine defs: 12081701
21:11:57.688 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:11:57.694 Disk 0 Vendor: HITACHI_ JE4Z Size: 715404MB BusType: 3
21:11:57.708 Disk 0 MBR read successfully
21:11:57.713 Disk 0 MBR scan
21:11:57.786 Disk 0 Windows 7 default MBR code
21:11:57.794 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
21:11:57.819 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 670402 MB offset 411648
21:11:57.839 Disk 0 Partition - 00 0F Extended LBA 29693 MB offset 1373394944
21:11:57.865 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
21:11:57.933 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29692 MB offset 1373396992
21:11:58.024 Disk 0 scanning C:\windows\system32\drivers
21:12:10.774 Service scanning
21:12:50.908 Modules scanning
21:12:50.928 Disk 0 trace - called modules:
21:12:50.956 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:12:50.963 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009654790]
21:12:50.969 3 CLASSPNP.SYS[fffff8800186543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80079a9050]
21:12:53.535 AVAST engine scan C:\windows
21:13:01.183 AVAST engine scan C:\windows\system32
21:17:07.776 AVAST engine scan C:\windows\system32\drivers
21:17:25.302 AVAST engine scan C:\Users\Blake
21:17:30.927 File: C:\Users\Blake\AppData\Local\Intel\shptwqbt.dll **INFECTED** Win32:Trojan-gen
21:18:36.743 Disk 0 MBR has been saved successfully to "C:\Users\Blake\Desktop\MBR.dat"
21:18:36.785 The log file has been saved successfully to "C:\Users\Blake\Desktop\aswMBR.txt"
21:20:07.744 Disk 0 MBR has been saved successfully to "C:\Users\Blake\Desktop\MBR.dat"
21:20:07.745 The log file has been saved successfully to "C:\Users\Blake\Desktop\aswMBR.txt"




i couldn't tell if aswMBR was finished, but it hadn't moved for a while, and at least found one.
the last tool found 2 of the same the same thing and removed them, but i clicked the wrong button and it closed before i could save the log :o i'm such a derp. it was something like "Trojan.AGOG Gen" (it wasnt exactly AGOG, but something like that) after i did all of these things, i ran malwarebytes one more time (quick scan) and it this is the log.



Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blake :: BLAKE-LAPTOP [administrator]

8/17/2012 10:43:13 PM
mbam-log-2012-08-17 (22-43-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200429
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Blake\AppData\Local\Apple\Adobe\zmkhfjmo.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\Blake\AppData\Local\Apple\Adobe\zmkhfjmo.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Blake\AppData\Local\Apple\Adobe\zmkhfjmo.dll (Trojan.RedirRdll3.Gen) -> Delete on reboot.

(end)

sorry about derping on the last tool you wanted me to run, but as it said it removed them... i assume that it won't find them again. is the log stored anywhere automatically?

Thanks so much for the help so far! what should i do now?

#4 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 August 2012 - 11:10 PM

also, i noticed while ESET online scanner was running, MSE reported that an infection was found and removed. when i rebooted after malwarebyte was finished an alert said "...appdata/local/intel/shptwqbt.sll" could not be loaded. i fired ESET online scanner back up and it said basicly that MSE was running, and may interfere with the scan, so i disabled it. i'm currently running another ESET online scanner scan, and will not derp this time and paste the log.

#5 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 August 2012 - 11:43 PM

second run of ESET came up clean... but as it was running i just google'd where it save the logs, lol.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c55c86a38147443af2460bae13679f6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 03:17:06
# local_time=2012-08-17 10:17:06 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 54015867 96800528 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=168894
# found=2
# cleaned=2
# scan_time=2747
C:\Users\Blake\AppData\Local\Intel\shptwqbt.dll Win32/Kryptik.AKGO.Gen trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\Users\Blake\AppData\Local\Temp\NOD2022.tmp Win32/Kryptik.AKGO.Gen trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2c55c86a38147443af2460bae13679f6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-18 04:39:31
# local_time=2012-08-17 11:39:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 54021169 96805830 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=170580
# found=0
# cleaned=0
# scan_time=2391

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:25 PM

Posted 18 August 2012 - 05:30 AM

Update MBAM and run a FULL SCAN,do not run a QUICK SCAN,post the log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#7 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 22 August 2012 - 02:16 PM

sorry for the delay, the computer ran out of town for the weekend. i'll post those logs a little later today

#8 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 23 August 2012 - 11:43 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blake :: BLAKE-LAPTOP [administrator]

8/18/2012 12:08:44 AM
mbam-log-2012-08-18 (00-08-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348611
Time elapsed: 42 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 23 August 2012 - 01:46 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by Blake (administrator) on 23-08-2012 at 13:30:04
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Blake-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 74-E5-0B-B4-C2-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 74-E5-0B-B4-C2-7D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 74-E5-0B-B4-C2-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : F0-DE-F1-C5-FF-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3ca0:fb1d:a6c0:d068%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 22, 2012 11:46:09 AM
Lease Expires . . . . . . . . . . : Friday, August 24, 2012 8:22:06 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 300998385
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-C5-7D-19-F0-DE-F1-C5-FF-C9
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 64-27-37-C8-15-21
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{20DCB5B1-45C4-4D78-8561-EED15E70C5B6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FCAE7FCE-3165-4B85-8695-6ADB5886FA14}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E3918561-2050-4C41-BB33-3BFF9E43F85C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{558F595C-C637-4BD9-8519-314FD8C1D230}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1097:282d:b89e:c5cc(Preferred)
Link-local IPv6 Address . . . . . : fe80::1097:282d:b89e:c5cc%18(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: myrouter.home
Address: 192.168.1.1

Name: google.com
Addresses: 2001:4860:4002:800::1006
74.125.227.73
74.125.227.69
74.125.227.64
74.125.227.67
74.125.227.68
74.125.227.66
74.125.227.71
74.125.227.78
74.125.227.65
74.125.227.70
74.125.227.72


Pinging google.com [74.125.227.41] with 32 bytes of data:
Reply from 74.125.227.41: bytes=32 time=6ms TTL=252
Reply from 74.125.227.41: bytes=32 time=7ms TTL=252

Ping statistics for 74.125.227.41:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 6ms, Maximum = 7ms, Average = 6ms
Server: myrouter.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=231ms TTL=49
Reply from 98.139.183.24: bytes=32 time=162ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 162ms, Maximum = 231ms, Average = 196ms
Server: myrouter.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...74 e5 0b b4 c2 7d ......Microsoft Virtual WiFi Miniport Adapter #2
16...74 e5 0b b4 c2 7d ......Microsoft Virtual WiFi Miniport Adapter
15...74 e5 0b b4 c2 7c ......Intel® WiFi Link 1000 BGN
13...f0 de f1 c5 ff c9 ......Realtek PCIe FE Family Controller
12...64 27 37 c8 15 21 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.11 276
192.168.1.11 255.255.255.255 On-link 192.168.1.11 276
192.168.1.255 255.255.255.255 On-link 192.168.1.11 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.11 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.11 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
18 58 ::/0 On-link
1 306 ::1/128 On-link
18 58 2001::/32 On-link
18 306 2001:0:4137:9e76:1097:282d:b89e:c5cc/128
On-link
13 276 fe80::/64 On-link
18 306 fe80::/64 On-link
18 306 fe80::1097:282d:b89e:c5cc/128
On-link
13 276 fe80::3ca0:fb1d:a6c0:d068/128
On-link
1 306 ff00::/8 On-link
18 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/22/2012 11:11:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2012 10:50:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15990

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15990

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14992

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14992

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 09:09:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13994

Error: (08/21/2012 09:09:32 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13994


System errors:
=============
Error: (08/22/2012 08:31:37 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (08/21/2012 09:09:17 PM) (Source: Service Control Manager) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/20/2012 04:26:18 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on E: cannot be read.

Error: (08/20/2012 02:05:46 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2286.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/17/2012 08:54:52 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.131.2201.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (08/17/2012 08:24:36 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:23:04 AM on ?8/?17/?2012 was unexpected.

Error: (08/17/2012 08:17:06 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:46:09 PM on ?8/?16/?2012 was unexpected.

Error: (08/16/2012 05:19:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%31

Error: (08/16/2012 04:34:00 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{FCAE7FCE-3165-4B85-8695-6ADB5886FA14}.
The backup browser is stopping.

Error: (08/16/2012 04:27:12 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (08/22/2012 11:11:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2012 10:50:19 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15990

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15990

Error: (08/21/2012 09:09:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14992

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14992

Error: (08/21/2012 09:09:33 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2012 09:09:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13994

Error: (08/21/2012 09:09:32 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13994


========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 8106.14 MB
Available physical RAM: 5655.65 MB
Total Pagefile: 16210.47 MB
Available Pagefile: 13576.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:654.69 GB) (Free:559.85 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.28 GB) NTFS
3 Drive e: () (Removable) (Total:1.84 GB) (Free:1.26 GB) FAT

========================= Users: ========================================

User accounts for \\BLAKE-LAPTOP

Administrator Blake Guest


**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Blake (administrator) on 23-08-2012 at 13:33:16
Running from "C:\Users\Blake\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


# AdwCleaner v1.801 - Logfile created 08/23/2012 at 13:33:58
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Blake - BLAKE-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Blake\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Blake\AppData\Roaming\Mozilla\Firefox\Profiles\gdvoammx.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.83

File : C:\Users\Blake\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Blake\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2123 octets] - [23/08/2012 13:33:58]

########## EOF - C:\AdwCleaner[S1].txt - [2251 octets] ##########



"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Energy Management" "Lenovo Energy Management Software 6.0" "Lenovo (Beijing) Limited" "c:\program files (x86)\lenovo\energy management\energy management.exe"
+ "EnergyUtility" "Lenovo Battery Management Software Ver 6.0" "Lenovo(beijing) Limited" "c:\program files (x86)\lenovo\energy management\utility.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "IntelPAN" "Intel® PROSet/Wireless Framework" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "itype" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
+ "Lenovo EE Boot Optimizer" "Lenovo EE Boot Optimizer Software" "Lenovo" "c:\program files (x86)\lenovo\boot optimizer\popwnd.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "OnekeyStudio" "Lenovo Onekey Theater Application" "Lenovo" "c:\program files (x86)\lenovo\onekey theater\onekeystudio.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "UpdatePRCShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\bcssync.exe"
+ "Carbonite Backup" "Carbonite User Interface" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carboniteui.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "UpdateP2GShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\muitransfer\muistartmenu.exe"
+ "UpdatePRCShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe"
+ "VeriFaceManager" "VeriFace Tray Icon Manager" "Lenovo" "c:\program files (x86)\lenovo\veriface\pmanage.exe"
+ "YouCam Mirage" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe"
+ "YouCam Tray" "YouCam" "CyberLink Corp." "c:\program files (x86)\lenovo\youcam\youcam.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\lenovo\bluetooth software\bttray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "IkeyShlExt" "SimpleExt Module" "" "c:\windows\system32\simpleext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\lenovo\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\PropertySheetHandlers" "" "" ""
+ "Carbonite" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files\carbonite\carbonite backup\carbonitense.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "VeriFace Enc" "" "" "c:\windows\system32\icnovrly.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Carbonite.Green" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Partial" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Carbonite.Yellow" "Carbonite Explorer Extensions" "Carbonite, Inc." "c:\program files (x86)\carbonite\carbonite backup\carbonitense.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\oracle\javafx 2.1 runtime\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\lenovo\bluetooth software\btsendto_ie.htm"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Send to &Bluetooth Device..." "" "" "c:\program files\lenovo\bluetooth software\btsendto_ie.htm"
"Task Scheduler" "" "" ""
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\Microsoft_Hardware_Launch_IType_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft intellitype pro\itype.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe"
+ "\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}" "" "" "File not found: C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\lenovo\bluetooth software\btwdins.exe"
+ "CarboniteService" "Carbonite Backup Service" "Carbonite, Inc. (www.carbonite.com)" "c:\program files\carbonite\carbonite backup\carboniteservice.exe"
+ "EvtEng" "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel® Corporation" "c:\program files\intel\wifi\bin\evteng.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\groove.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MSSQL$XACTWARE" "Provides storage, processing and controlled access of data, and rapid transaction processing." "Microsoft Corporation" "c:\program files (x86)\microsoft sql server\mssql10.xactware\mssql\binn\sqlservr.exe"
+ "MyWiFiDHCPDNS" "Wireless PAN DHCP and DNS Server" "" "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Partner Service" "" "" "File not found: C:\ProgramData\Partner\Partner.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components" "Intel® Corporation" "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "SQLWriter" "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." "Microsoft Corporation" "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BPntDrv" "BpntDrv" "Lenovo" "c:\windows\system32\drivers\bpntdrv.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BTWAMPFL" "btwampfl Bluetooth filter driver" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "catchme" "" "" "File not found: C:\ComboFix\catchme.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "fbfmon" "FBfmon" "Lenovo" "c:\windows\system32\drivers\fbfmon.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LHDmgr" "HD Disk Driver" "Lenovo." "c:\windows\system32\drivers\lhdx64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "NETwNs64" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBVSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsuvstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "S6000KNT" "AVStream Simulated Hardware Sample" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\s6000knt.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "wdkmd" "Intel Wireless Display Solution" "Intel Corporation" "c:\windows\system32\drivers\wdkmd.sys"
+ "wsvd" "CyberLink Virtual Disk Driver" "CyberLink" "c:\windows\system32\drivers\wsvd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.clmp3enc" "CLMP3Enc" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\clmp3enc.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.dvsd" "DV Video for Windows Driver" "Matsubleepa Electric Industrial Co., Ltd." "c:\windows\syswow64\pdvcodec.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2greader.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\lenovo\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\lenovo\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvideostabilizer.ax"
+ "DS Video Buffer Filter" "WiDiAgent.dll COM object." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\dsbuffer_video.ax"
+ "Intel® Media SDK AAC Encoder" "Intel® Media SDK AAC Encoder" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_aac_enc_ds.dll"
+ "Intel® Media SDK MPEG-2 Muxer" "Intel® Media SDK MPEG-2 Muxer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\imc_mp2_mux_ds.dll"
+ "Intel® Mux Renderer" "Intel® TS Mux / Network Renderer" "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\intelmux.dll"
+ "Intel® Network Filter" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\intelnet.dll"
+ "Intel®WiDi H264 encoder" "" "" "c:\program files (x86)\common files\intel corporation\widiagent\h264_enc_filter.dll"
+ "MainConcept AAC Encoder" "AAC audio encoder filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_enc_aac_ds.ax"
+ "MainConcept MPEG Multiplexer-Plus" "MPEG Multiplexer-Plus DS Filter" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mcmpeg2mux.ax"
+ "MainConcept Network Renderer" "Network Renderer" "MainConcept GmbH" "c:\program files (x86)\common files\intel corporation\mainconcept filters\mc_net_renderer_ds.ax"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gresample.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WD Audio Filter" "WiDi Audio Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdaudiofilter.dll"
+ "WDSource Filter" "WiDi Video Source Filter." "Intel Corporation" "c:\program files (x86)\common files\intel corporation\widiagent\wdsourcefilter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\lenovo\bluetooth software\btwcp.dll"
+ "ImageReog" "Lenovo VeriFace Vista Credential Library" "Lenovo" "c:\windows\system32\imagereog.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP 5312 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts5312lm.dll"
+ "HP Discovery Port Monitor (HP Officejet Pro 8500 A910)" "HP Discovery Port Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpdiscopm5312.dll"
+ "PCL hpf3lw73" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpf3lw73.dll"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:25 PM

Posted 23 August 2012 - 01:49 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

Any current issues

#11 baberlicious

baberlicious
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 23 August 2012 - 02:38 PM

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2012 02:29:49 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!


Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* CscService [Missing Service]
* PeerDistSvc [Missing Service]
* UmRdpService [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/23/2012 02:30:00 PM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)





as far as i can tell, everything is running smoothly now...
also, just FYI... i checked MSE and the file it quarantined while i was running the ESET scanner the first time was reported as Exploit:Java/CVE-2012-1723.DS

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:25 PM

Posted 23 August 2012 - 02:55 PM

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users