Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing a virus.


  • Please log in to reply
19 replies to this topic

#1 CloseToHome

CloseToHome

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 August 2012 - 05:34 PM

I was doing scans with MSE and Malware Bytes and they both picked up a few viruses. Here are the screenshots. I haven't removed them yet though.

Posted Image


What should I do from here? Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 28 August 2012 - 05:38 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 August 2012 - 05:41 PM

Thanks, I will do that now.

This virus keeps popping up the fake "Adobe Flash Player" upgrade. It needs my permission to allow it to make changes. Of course I keep clicking "No" or the "X" button, but it keeps popping up.


Also, it does not allow me to download ESET Online scanner! It will say Error 404 when I reach the page. Luckiy, I have downloaded the program a month before and I'm downloading the virus signature database. Would that be fine?

Edited by CloseToHome, 28 August 2012 - 06:00 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 28 August 2012 - 06:05 PM

Boot into safemode with networking and run the tools

#5 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 August 2012 - 07:56 PM

TDSS Log

18:45:45.0674 4868 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
18:45:45.0971 4868 ============================================================
18:45:45.0971 4868 Current date / time: 2012/08/28 18:45:45.0971
18:45:45.0971 4868 SystemInfo:
18:45:45.0971 4868
18:45:45.0971 4868 OS Version: 6.1.7601 ServicePack: 1.0
18:45:45.0971 4868 Product type: Workstation
18:45:45.0971 4868 ComputerName: LANNY
18:45:45.0971 4868 UserName: user
18:45:45.0971 4868 Windows directory: C:\Windows
18:45:45.0971 4868 System windows directory: C:\Windows
18:45:45.0971 4868 Processor architecture: Intel x86
18:45:45.0971 4868 Number of processors: 4
18:45:45.0971 4868 Page size: 0x1000
18:45:45.0971 4868 Boot type: Normal boot
18:45:45.0971 4868 ============================================================
18:45:47.0210 4868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:45:47.0233 4868 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:45:47.0257 4868 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:45:47.0343 4868 ============================================================
18:45:47.0344 4868 \Device\Harddisk0\DR0:
18:45:47.0344 4868 MBR partitions:
18:45:47.0344 4868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC90D000
18:45:47.0344 4868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC90D800, BlocksNum 0x2DA78000
18:45:47.0344 4868 \Device\Harddisk1\DR1:
18:45:47.0344 4868 MBR partitions:
18:45:47.0344 4868 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E074C1
18:45:47.0344 4868 \Device\Harddisk2\DR2:
18:45:47.0345 4868 MBR partitions:
18:45:47.0345 4868 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
18:45:47.0345 4868 ============================================================
18:45:47.0373 4868 C: <-> \Device\Harddisk0\DR0\Partition1
18:45:47.0379 4868 I: <-> \Device\Harddisk1\DR1\Partition1
18:45:47.0443 4868 J: <-> \Device\Harddisk0\DR0\Partition2
18:45:47.0450 4868 K: <-> \Device\Harddisk2\DR2\Partition1
18:45:47.0450 4868 ============================================================
18:45:47.0450 4868 Initialize success
18:45:47.0450 4868 ============================================================
18:45:59.0342 5440 ============================================================
18:45:59.0342 5440 Scan started
18:45:59.0342 5440 Mode: Manual;
18:45:59.0342 5440 ============================================================
18:45:59.0894 5440 ================ Scan system memory ========================
18:45:59.0894 5440 System memory - ok
18:45:59.0895 5440 ================ Scan services =============================
18:46:00.0011 5440 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:46:00.0013 5440 1394ohci - ok
18:46:00.0081 5440 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:46:00.0083 5440 ACDaemon - ok
18:46:00.0111 5440 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:46:00.0114 5440 ACPI - ok
18:46:00.0134 5440 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:46:00.0135 5440 AcpiPmi - ok
18:46:00.0190 5440 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:46:00.0191 5440 AdobeARMservice - ok
18:46:00.0230 5440 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:00.0235 5440 adp94xx - ok
18:46:00.0246 5440 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:46:00.0250 5440 adpahci - ok
18:46:00.0261 5440 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:46:00.0263 5440 adpu320 - ok
18:46:00.0293 5440 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:46:00.0295 5440 AeLookupSvc - ok
18:46:00.0338 5440 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:46:00.0343 5440 AFD - ok
18:46:00.0368 5440 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:46:00.0370 5440 agp440 - ok
18:46:00.0392 5440 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:46:00.0394 5440 aic78xx - ok
18:46:00.0415 5440 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:46:00.0417 5440 ALG - ok
18:46:00.0430 5440 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:46:00.0431 5440 aliide - ok
18:46:00.0441 5440 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:46:00.0442 5440 amdagp - ok
18:46:00.0463 5440 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:46:00.0465 5440 amdide - ok
18:46:00.0493 5440 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:46:00.0494 5440 AmdK8 - ok
18:46:00.0504 5440 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:46:00.0506 5440 AmdPPM - ok
18:46:00.0531 5440 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:46:00.0532 5440 amdsata - ok
18:46:00.0546 5440 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:00.0549 5440 amdsbs - ok
18:46:00.0564 5440 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:46:00.0565 5440 amdxata - ok
18:46:00.0586 5440 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:46:00.0588 5440 AppID - ok
18:46:00.0620 5440 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:46:00.0622 5440 AppIDSvc - ok
18:46:00.0646 5440 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:46:00.0648 5440 Appinfo - ok
18:46:00.0703 5440 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:46:00.0705 5440 Apple Mobile Device - ok
18:46:00.0748 5440 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:46:00.0750 5440 AppMgmt - ok
18:46:00.0776 5440 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:46:00.0778 5440 arc - ok
18:46:00.0793 5440 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:46:00.0795 5440 arcsas - ok
18:46:00.0900 5440 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:46:00.0902 5440 aspnet_state - ok
18:46:00.0923 5440 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:00.0924 5440 AsyncMac - ok
18:46:00.0949 5440 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:46:00.0949 5440 atapi - ok
18:46:00.0976 5440 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:46:00.0981 5440 AudioEndpointBuilder - ok
18:46:00.0988 5440 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:46:00.0991 5440 Audiosrv - ok
18:46:01.0017 5440 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:46:01.0019 5440 AxInstSV - ok
18:46:01.0039 5440 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:46:01.0044 5440 b06bdrv - ok
18:46:01.0060 5440 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:46:01.0063 5440 b57nd60x - ok
18:46:01.0088 5440 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:46:01.0090 5440 BDESVC - ok
18:46:01.0095 5440 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:46:01.0095 5440 Beep - ok
18:46:01.0107 5440 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:46:01.0112 5440 BFE - ok
18:46:01.0137 5440 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:46:01.0145 5440 BITS - ok
18:46:01.0160 5440 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:01.0161 5440 blbdrive - ok
18:46:01.0201 5440 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:46:01.0206 5440 Bonjour Service - ok
18:46:01.0227 5440 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:46:01.0228 5440 bowser - ok
18:46:01.0246 5440 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:01.0247 5440 BrFiltLo - ok
18:46:01.0261 5440 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:01.0262 5440 BrFiltUp - ok
18:46:01.0280 5440 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:46:01.0282 5440 Browser - ok
18:46:01.0298 5440 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:46:01.0302 5440 Brserid - ok
18:46:01.0317 5440 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:01.0319 5440 BrSerWdm - ok
18:46:01.0328 5440 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:01.0329 5440 BrUsbMdm - ok
18:46:01.0337 5440 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:01.0338 5440 BrUsbSer - ok
18:46:01.0349 5440 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:01.0351 5440 BTHMODEM - ok
18:46:01.0388 5440 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:46:01.0390 5440 bthserv - ok
18:46:01.0417 5440 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:46:01.0418 5440 cdfs - ok
18:46:01.0447 5440 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:46:01.0448 5440 cdrom - ok
18:46:01.0473 5440 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:46:01.0475 5440 CertPropSvc - ok
18:46:01.0566 5440 [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
18:46:01.0609 5440 CGVPNCliSrvc - ok
18:46:01.0633 5440 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:46:01.0634 5440 circlass - ok
18:46:01.0670 5440 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:46:01.0673 5440 CLFS - ok
18:46:01.0725 5440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:01.0727 5440 clr_optimization_v2.0.50727_32 - ok
18:46:01.0753 5440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:01.0756 5440 clr_optimization_v4.0.30319_32 - ok
18:46:01.0773 5440 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:01.0775 5440 CmBatt - ok
18:46:01.0798 5440 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:46:01.0800 5440 cmdide - ok
18:46:01.0825 5440 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:46:01.0829 5440 CNG - ok
18:46:01.0834 5440 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:46:01.0835 5440 Compbatt - ok
18:46:01.0845 5440 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:46:01.0846 5440 CompositeBus - ok
18:46:01.0851 5440 COMSysApp - ok
18:46:01.0869 5440 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:01.0870 5440 crcdisk - ok
18:46:01.0902 5440 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:46:01.0905 5440 CryptSvc - ok
18:46:01.0928 5440 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:46:01.0933 5440 CSC - ok
18:46:01.0956 5440 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:46:01.0962 5440 CscService - ok
18:46:01.0977 5440 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:46:01.0981 5440 DcomLaunch - ok
18:46:02.0008 5440 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:46:02.0011 5440 defragsvc - ok
18:46:02.0036 5440 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:46:02.0038 5440 DfsC - ok
18:46:02.0059 5440 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:46:02.0063 5440 Dhcp - ok
18:46:02.0091 5440 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:46:02.0093 5440 discache - ok
18:46:02.0111 5440 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:46:02.0113 5440 Disk - ok
18:46:02.0133 5440 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:46:02.0135 5440 Dnscache - ok
18:46:02.0163 5440 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:46:02.0166 5440 dot3svc - ok
18:46:02.0184 5440 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:46:02.0186 5440 DPS - ok
18:46:02.0223 5440 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:46:02.0224 5440 drmkaud - ok
18:46:02.0256 5440 [ 16C5891C6D1FA0B5D9014F85A482EB20 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:46:02.0259 5440 dtsoftbus01 - ok
18:46:02.0283 5440 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:46:02.0291 5440 DXGKrnl - ok
18:46:02.0314 5440 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
18:46:02.0317 5440 e1express - ok
18:46:02.0345 5440 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:46:02.0348 5440 EapHost - ok
18:46:02.0421 5440 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:46:02.0462 5440 ebdrv - ok
18:46:02.0491 5440 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:46:02.0492 5440 EFS - ok
18:46:02.0544 5440 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:46:02.0550 5440 ehRecvr - ok
18:46:02.0582 5440 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:46:02.0584 5440 ehSched - ok
18:46:02.0602 5440 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:46:02.0608 5440 elxstor - ok
18:46:02.0629 5440 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:46:02.0630 5440 ErrDev - ok
18:46:02.0670 5440 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:46:02.0673 5440 EventSystem - ok
18:46:02.0693 5440 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:46:02.0695 5440 exfat - ok
18:46:02.0708 5440 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:46:02.0711 5440 fastfat - ok
18:46:02.0747 5440 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:46:02.0754 5440 Fax - ok
18:46:02.0763 5440 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:46:02.0764 5440 fdc - ok
18:46:02.0779 5440 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:46:02.0780 5440 fdPHost - ok
18:46:02.0789 5440 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:46:02.0790 5440 FDResPub - ok
18:46:02.0805 5440 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:46:02.0806 5440 FileInfo - ok
18:46:02.0814 5440 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:46:02.0816 5440 Filetrace - ok
18:46:02.0832 5440 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:02.0833 5440 flpydisk - ok
18:46:02.0857 5440 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:46:02.0860 5440 FltMgr - ok
18:46:02.0890 5440 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:46:02.0899 5440 FontCache - ok
18:46:02.0959 5440 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:46:02.0961 5440 FontCache3.0.0.0 - ok
18:46:02.0975 5440 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:46:02.0977 5440 FsDepends - ok
18:46:03.0001 5440 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:46:03.0002 5440 Fs_Rec - ok
18:46:03.0032 5440 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:46:03.0035 5440 fvevol - ok
18:46:03.0047 5440 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:03.0049 5440 gagp30kx - ok
18:46:03.0066 5440 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:46:03.0068 5440 GEARAspiWDM - ok
18:46:03.0101 5440 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:46:03.0108 5440 gpsvc - ok
18:46:03.0151 5440 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:46:03.0152 5440 gupdate - ok
18:46:03.0164 5440 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:46:03.0165 5440 gupdatem - ok
18:46:03.0175 5440 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:46:03.0176 5440 hcw85cir - ok
18:46:03.0202 5440 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:46:03.0205 5440 HDAudBus - ok
18:46:03.0217 5440 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:03.0219 5440 HidBatt - ok
18:46:03.0234 5440 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:46:03.0236 5440 HidBth - ok
18:46:03.0246 5440 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:46:03.0248 5440 HidIr - ok
18:46:03.0269 5440 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:46:03.0272 5440 hidserv - ok
18:46:03.0302 5440 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:46:03.0304 5440 HidUsb - ok
18:46:03.0329 5440 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:46:03.0331 5440 hkmsvc - ok
18:46:03.0353 5440 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:46:03.0356 5440 HomeGroupListener - ok
18:46:03.0377 5440 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:46:03.0381 5440 HomeGroupProvider - ok
18:46:03.0402 5440 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:46:03.0404 5440 HpSAMD - ok
18:46:03.0436 5440 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:46:03.0442 5440 HTTP - ok
18:46:03.0459 5440 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:46:03.0460 5440 hwpolicy - ok
18:46:03.0482 5440 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:46:03.0484 5440 i8042prt - ok
18:46:03.0495 5440 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:46:03.0499 5440 iaStorV - ok
18:46:03.0528 5440 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:46:03.0537 5440 idsvc - ok
18:46:03.0581 5440 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:46:03.0583 5440 iirsp - ok
18:46:03.0623 5440 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:46:03.0630 5440 IKEEXT - ok
18:46:03.0643 5440 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:46:03.0644 5440 intelide - ok
18:46:03.0659 5440 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:46:03.0661 5440 intelppm - ok
18:46:03.0699 5440 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:46:03.0702 5440 IPBusEnum - ok
18:46:03.0713 5440 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:03.0715 5440 IpFilterDriver - ok
18:46:03.0735 5440 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:46:03.0741 5440 iphlpsvc - ok
18:46:03.0754 5440 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:46:03.0756 5440 IPMIDRV - ok
18:46:03.0768 5440 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:46:03.0770 5440 IPNAT - ok
18:46:03.0812 5440 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:46:03.0820 5440 iPod Service - ok
18:46:03.0835 5440 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:46:03.0837 5440 IRENUM - ok
18:46:03.0849 5440 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:46:03.0851 5440 isapnp - ok
18:46:03.0867 5440 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:46:03.0870 5440 iScsiPrt - ok
18:46:03.0881 5440 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:46:03.0883 5440 kbdclass - ok
18:46:03.0903 5440 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:46:03.0904 5440 kbdhid - ok
18:46:03.0914 5440 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:46:03.0916 5440 KeyIso - ok
18:46:03.0947 5440 [ CF88B4985D957EEE45C9939092E87C92 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
18:46:03.0948 5440 KLIM6 - ok
18:46:03.0968 5440 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:46:03.0970 5440 KSecDD - ok
18:46:03.0995 5440 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:46:03.0998 5440 KSecPkg - ok
18:46:04.0024 5440 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:46:04.0029 5440 KtmRm - ok
18:46:04.0045 5440 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:46:04.0049 5440 LanmanServer - ok
18:46:04.0072 5440 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:46:04.0076 5440 LanmanWorkstation - ok
18:46:04.0103 5440 [ E2F1DCF4A68CC6CF694FBFBA1842F4CD ] libusb0 C:\Windows\system32\drivers\libusb0.sys
18:46:04.0105 5440 libusb0 - ok
18:46:04.0130 5440 [ 8B4B572753419FE601220526205F9455 ] libusbd C:\Windows\system32\libusbd-nt.exe
18:46:04.0132 5440 libusbd - ok
18:46:04.0173 5440 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:46:04.0174 5440 lltdio - ok
18:46:04.0206 5440 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:46:04.0209 5440 lltdsvc - ok
18:46:04.0221 5440 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:46:04.0223 5440 lmhosts - ok
18:46:04.0271 5440 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:04.0273 5440 LSI_FC - ok
18:46:04.0287 5440 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:04.0289 5440 LSI_SAS - ok
18:46:04.0299 5440 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:04.0300 5440 LSI_SAS2 - ok
18:46:04.0311 5440 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:04.0313 5440 LSI_SCSI - ok
18:46:04.0331 5440 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:46:04.0333 5440 luafv - ok
18:46:04.0378 5440 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:46:04.0379 5440 MBAMProtector - ok
18:46:04.0439 5440 [ 43683E970F008C93C9429EF428147A54 ] MBAMService J:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:46:04.0448 5440 MBAMService - ok
18:46:04.0484 5440 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
18:46:04.0485 5440 MBAMSwissArmy - ok
18:46:04.0505 5440 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:46:04.0508 5440 Mcx2Svc - ok
18:46:04.0537 5440 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:46:04.0539 5440 megasas - ok
18:46:04.0566 5440 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:04.0569 5440 MegaSR - ok
18:46:04.0604 5440 Microsoft SharePoint Workspace Audit Service - ok
18:46:04.0633 5440 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:46:04.0636 5440 MMCSS - ok
18:46:04.0650 5440 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:46:04.0650 5440 Modem - ok
18:46:04.0683 5440 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:46:04.0684 5440 monitor - ok
18:46:04.0712 5440 [ 787A5F57812F8B9D76D82C80D077C5CA ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
18:46:04.0714 5440 MotioninJoyXFilter - ok
18:46:04.0735 5440 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:46:04.0737 5440 mouclass - ok
18:46:04.0774 5440 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:46:04.0775 5440 mouhid - ok
18:46:04.0794 5440 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:46:04.0796 5440 mountmgr - ok
18:46:04.0853 5440 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:46:04.0855 5440 MozillaMaintenance - ok
18:46:04.0881 5440 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:46:04.0883 5440 MpFilter - ok
18:46:04.0909 5440 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:46:04.0912 5440 mpio - ok
18:46:04.0990 5440 [ A69630D039C38018689190234F866D77 ] MpKslbc2785ca C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{946E6A73-5C6B-46CE-97A8-C38B78DA4A5C}\MpKslbc2785ca.sys
18:46:04.0992 5440 MpKslbc2785ca - ok
18:46:05.0025 5440 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:46:05.0027 5440 mpsdrv - ok
18:46:05.0053 5440 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:46:05.0060 5440 MpsSvc - ok
18:46:05.0076 5440 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:46:05.0079 5440 MRxDAV - ok
18:46:05.0112 5440 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:05.0115 5440 mrxsmb - ok
18:46:05.0129 5440 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:05.0131 5440 mrxsmb10 - ok
18:46:05.0145 5440 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:05.0147 5440 mrxsmb20 - ok
18:46:05.0177 5440 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:46:05.0178 5440 msahci - ok
18:46:05.0191 5440 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:46:05.0194 5440 msdsm - ok
18:46:05.0221 5440 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:46:05.0224 5440 MSDTC - ok
18:46:05.0256 5440 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:46:05.0257 5440 Msfs - ok
18:46:05.0263 5440 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:46:05.0265 5440 mshidkmdf - ok
18:46:05.0277 5440 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:46:05.0278 5440 msisadrv - ok
18:46:05.0306 5440 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:46:05.0309 5440 MSiSCSI - ok
18:46:05.0314 5440 msiserver - ok
18:46:05.0338 5440 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:46:05.0339 5440 MSKSSRV - ok
18:46:05.0373 5440 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
18:46:05.0374 5440 MsMpSvc - ok
18:46:05.0388 5440 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:05.0390 5440 MSPCLOCK - ok
18:46:05.0395 5440 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:46:05.0397 5440 MSPQM - ok
18:46:05.0415 5440 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:46:05.0417 5440 MsRPC - ok
18:46:05.0446 5440 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:46:05.0448 5440 mssmbios - ok
18:46:05.0461 5440 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:46:05.0463 5440 MSTEE - ok
18:46:05.0476 5440 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:05.0478 5440 MTConfig - ok
18:46:05.0495 5440 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:46:05.0496 5440 Mup - ok
18:46:05.0519 5440 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:46:05.0524 5440 napagent - ok
18:46:05.0550 5440 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:46:05.0553 5440 NativeWifiP - ok
18:46:05.0584 5440 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:46:05.0591 5440 NDIS - ok
18:46:05.0605 5440 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:46:05.0607 5440 NdisCap - ok
18:46:05.0617 5440 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:46:05.0619 5440 NdisTapi - ok
18:46:05.0644 5440 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:46:05.0646 5440 Ndisuio - ok
18:46:05.0663 5440 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:46:05.0665 5440 NdisWan - ok
18:46:05.0674 5440 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:46:05.0676 5440 NDProxy - ok
18:46:05.0682 5440 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:46:05.0684 5440 NetBIOS - ok
18:46:05.0696 5440 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:46:05.0699 5440 NetBT - ok
18:46:05.0712 5440 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:46:05.0714 5440 Netlogon - ok
18:46:05.0749 5440 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:46:05.0753 5440 Netman - ok
18:46:05.0781 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:46:05.0784 5440 NetMsmqActivator - ok
18:46:05.0787 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:46:05.0788 5440 NetPipeActivator - ok
18:46:05.0807 5440 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:46:05.0812 5440 netprofm - ok
18:46:05.0817 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:46:05.0818 5440 NetTcpActivator - ok
18:46:05.0822 5440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:46:05.0823 5440 NetTcpPortSharing - ok
18:46:05.0851 5440 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:46:05.0853 5440 nfrd960 - ok
18:46:05.0871 5440 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:46:05.0873 5440 NisDrv - ok
18:46:05.0893 5440 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
18:46:05.0895 5440 NisSrv - ok
18:46:05.0920 5440 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:46:05.0924 5440 NlaSvc - ok
18:46:05.0935 5440 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:46:05.0937 5440 Npfs - ok
18:46:05.0963 5440 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:46:05.0966 5440 nsi - ok
18:46:05.0978 5440 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:46:05.0978 5440 nsiproxy - ok
18:46:06.0020 5440 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:46:06.0046 5440 Ntfs - ok
18:46:06.0160 5440 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:46:06.0162 5440 Null - ok
18:46:06.0186 5440 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:46:06.0188 5440 NVHDA - ok
18:46:06.0373 5440 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:46:06.0525 5440 nvlddmkm - ok
18:46:06.0556 5440 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:46:06.0558 5440 nvraid - ok
18:46:06.0582 5440 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:46:06.0584 5440 nvstor - ok
18:46:06.0613 5440 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:46:06.0620 5440 nvsvc - ok
18:46:06.0690 5440 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:46:06.0716 5440 nvUpdatusService - ok
18:46:06.0735 5440 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:46:06.0737 5440 nv_agp - ok
18:46:06.0773 5440 [ 58F478FD0115012CEEC75FB73628901C ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys
18:46:06.0775 5440 OEM05Afx - ok
18:46:06.0783 5440 [ 86326062A90494BDD79CE383511D7D69 ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys
18:46:06.0785 5440 OEM05Vfx - ok
18:46:06.0799 5440 [ 3C60C2022CB93073DA2574DA90C962C2 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys
18:46:06.0802 5440 OEM05Vid - ok
18:46:06.0824 5440 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:46:06.0826 5440 ohci1394 - ok
18:46:06.0875 5440 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:46:06.0877 5440 ose - ok
18:46:06.0981 5440 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:46:07.0058 5440 osppsvc - ok
18:46:07.0110 5440 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:46:07.0114 5440 p2pimsvc - ok
18:46:07.0130 5440 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:46:07.0136 5440 p2psvc - ok
18:46:07.0160 5440 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:46:07.0162 5440 Parport - ok
18:46:07.0183 5440 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:46:07.0184 5440 partmgr - ok
18:46:07.0201 5440 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:46:07.0202 5440 Parvdm - ok
18:46:07.0214 5440 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:46:07.0217 5440 PcaSvc - ok
18:46:07.0238 5440 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:46:07.0241 5440 pci - ok
18:46:07.0251 5440 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:46:07.0253 5440 pciide - ok
18:46:07.0267 5440 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:46:07.0269 5440 pcmcia - ok
18:46:07.0280 5440 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:46:07.0282 5440 pcw - ok
18:46:07.0307 5440 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:46:07.0314 5440 PEAUTH - ok
18:46:07.0366 5440 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:46:07.0378 5440 PeerDistSvc - ok
18:46:07.0430 5440 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:46:07.0456 5440 pla - ok
18:46:07.0480 5440 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:46:07.0485 5440 PlugPlay - ok
18:46:07.0522 5440 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
18:46:07.0530 5440 PnkBstrA - ok
18:46:07.0553 5440 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:46:07.0557 5440 PNRPAutoReg - ok
18:46:07.0568 5440 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:46:07.0571 5440 PNRPsvc - ok
18:46:07.0597 5440 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:46:07.0602 5440 PolicyAgent - ok
18:46:07.0611 5440 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:46:07.0615 5440 Power - ok
18:46:07.0647 5440 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:46:07.0650 5440 PptpMiniport - ok
18:46:07.0661 5440 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:46:07.0664 5440 Processor - ok
18:46:07.0699 5440 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:46:07.0703 5440 ProfSvc - ok
18:46:07.0710 5440 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:46:07.0712 5440 ProtectedStorage - ok
18:46:07.0723 5440 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:46:07.0725 5440 Psched - ok
18:46:07.0757 5440 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:46:07.0782 5440 ql2300 - ok
18:46:07.0798 5440 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:46:07.0800 5440 ql40xx - ok
18:46:07.0837 5440 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:46:07.0841 5440 QWAVE - ok
18:46:07.0850 5440 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:46:07.0852 5440 QWAVEdrv - ok
18:46:07.0868 5440 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:46:07.0869 5440 RasAcd - ok
18:46:07.0898 5440 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:46:07.0899 5440 RasAgileVpn - ok
18:46:07.0906 5440 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:46:07.0909 5440 RasAuto - ok
18:46:07.0921 5440 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:46:07.0924 5440 Rasl2tp - ok
18:46:07.0954 5440 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:46:07.0959 5440 RasMan - ok
18:46:07.0972 5440 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:46:07.0974 5440 RasPppoe - ok
18:46:08.0001 5440 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:46:08.0003 5440 RasSstp - ok
18:46:08.0029 5440 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:46:08.0032 5440 rdbss - ok
18:46:08.0046 5440 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:46:08.0058 5440 rdpbus - ok
18:46:08.0073 5440 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:46:08.0075 5440 RDPCDD - ok
18:46:08.0087 5440 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:46:08.0089 5440 RDPDR - ok
18:46:08.0107 5440 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:46:08.0108 5440 RDPENCDD - ok
18:46:08.0123 5440 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:46:08.0125 5440 RDPREFMP - ok
18:46:08.0150 5440 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:46:08.0152 5440 RdpVideoMiniport - ok
18:46:08.0167 5440 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:46:08.0170 5440 RDPWD - ok
18:46:08.0195 5440 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:46:08.0197 5440 rdyboost - ok
18:46:08.0226 5440 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:46:08.0230 5440 RemoteAccess - ok
18:46:08.0265 5440 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:46:08.0269 5440 RemoteRegistry - ok
18:46:08.0385 5440 [ 7728B6AEDC83BC0DEFD0A53371D4613B ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:46:08.0387 5440 RichVideo - ok
18:46:08.0419 5440 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:46:08.0423 5440 RpcEptMapper - ok
18:46:08.0446 5440 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:46:08.0448 5440 RpcLocator - ok
18:46:08.0461 5440 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:46:08.0465 5440 RpcSs - ok
18:46:08.0498 5440 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:46:08.0500 5440 rspndr - ok
18:46:08.0526 5440 [ 97CE457AF39AC7ABCD7E383D02203808 ] rzdaendpt C:\Windows\system32\DRIVERS\rzdaendpt.sys
18:46:08.0528 5440 rzdaendpt - ok
18:46:08.0540 5440 [ 6C14F9901106E154C5BF4F9ECA7C7D06 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
18:46:08.0542 5440 rzudd - ok
18:46:08.0559 5440 [ 4FE05C4C420505B9EE76CFA7F48CC8AE ] rzvkeyboard C:\Windows\system32\DRIVERS\rzvkeyboard.sys
18:46:08.0561 5440 rzvkeyboard - ok
18:46:08.0579 5440 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:46:08.0581 5440 s3cap - ok
18:46:08.0592 5440 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:46:08.0594 5440 SamSs - ok
18:46:08.0796 5440 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:46:08.0799 5440 sbp2port - ok
18:46:08.0827 5440 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:46:08.0831 5440 SCardSvr - ok
18:46:08.0839 5440 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:46:08.0840 5440 scfilter - ok
18:46:08.0871 5440 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:46:08.0878 5440 Schedule - ok
18:46:08.0907 5440 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:46:08.0908 5440 SCPolicySvc - ok
18:46:08.0922 5440 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:46:08.0927 5440 SDRSVC - ok
18:46:08.0972 5440 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:46:08.0973 5440 secdrv - ok
18:46:08.0989 5440 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:46:08.0992 5440 seclogon - ok
18:46:09.0018 5440 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:46:09.0020 5440 SENS - ok
18:46:09.0045 5440 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:46:09.0048 5440 SensrSvc - ok
18:46:09.0062 5440 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:46:09.0064 5440 Serenum - ok
18:46:09.0076 5440 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:46:09.0078 5440 Serial - ok
18:46:09.0097 5440 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:46:09.0099 5440 sermouse - ok
18:46:09.0130 5440 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:46:09.0133 5440 SessionEnv - ok
18:46:09.0152 5440 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:46:09.0154 5440 sffdisk - ok
18:46:09.0158 5440 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:46:09.0159 5440 sffp_mmc - ok
18:46:09.0163 5440 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:46:09.0164 5440 sffp_sd - ok
18:46:09.0173 5440 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:46:09.0174 5440 sfloppy - ok
18:46:09.0204 5440 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:46:09.0209 5440 SharedAccess - ok
18:46:09.0232 5440 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:46:09.0236 5440 ShellHWDetection - ok
18:46:09.0249 5440 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:46:09.0251 5440 sisagp - ok
18:46:09.0275 5440 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:46:09.0307 5440 SiSRaid2 - ok
18:46:09.0355 5440 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:46:09.0417 5440 SiSRaid4 - ok
18:46:09.0519 5440 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:46:09.0574 5440 Smb - ok
18:46:09.0631 5440 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:46:09.0634 5440 SNMPTRAP - ok
18:46:09.0640 5440 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:46:09.0641 5440 spldr - ok
18:46:09.0662 5440 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:46:09.0667 5440 Spooler - ok
18:46:09.0721 5440 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:46:09.0772 5440 sppsvc - ok
18:46:09.0793 5440 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:46:09.0796 5440 sppuinotify - ok
18:46:09.0819 5440 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:46:09.0822 5440 srv - ok
18:46:09.0833 5440 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:46:09.0837 5440 srv2 - ok
18:46:09.0852 5440 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:46:09.0854 5440 srvnet - ok
18:46:09.0886 5440 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:46:09.0890 5440 SSDPSRV - ok
18:46:09.0900 5440 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:46:09.0904 5440 SstpSvc - ok
18:46:09.0930 5440 [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV C:\Windows\system32\STacSV.exe
18:46:09.0933 5440 STacSV - ok
18:46:09.0969 5440 Steam Client Service - ok
18:46:10.0022 5440 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:46:10.0026 5440 Stereo Service - ok
18:46:10.0049 5440 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:46:10.0050 5440 stexstor - ok
18:46:10.0070 5440 [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA C:\Windows\system32\drivers\stwrt.sys
18:46:10.0074 5440 STHDA - ok
18:46:10.0099 5440 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:46:10.0106 5440 StiSvc - ok
18:46:10.0116 5440 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:46:10.0118 5440 storflt - ok
18:46:10.0145 5440 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:46:10.0147 5440 storvsc - ok
18:46:10.0162 5440 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:46:10.0164 5440 swenum - ok
18:46:10.0198 5440 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:46:10.0204 5440 swprv - ok
18:46:10.0213 5440 Synth3dVsc - ok
18:46:10.0250 5440 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:46:10.0268 5440 SysMain - ok
18:46:10.0277 5440 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:46:10.0280 5440 TabletInputService - ok
18:46:10.0305 5440 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
18:46:10.0307 5440 tap0901 - ok
18:46:10.0328 5440 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:46:10.0333 5440 TapiSrv - ok
18:46:10.0346 5440 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:46:10.0349 5440 TBS - ok
18:46:10.0385 5440 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:46:10.0411 5440 Tcpip - ok
18:46:10.0442 5440 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:46:10.0450 5440 TCPIP6 - ok
18:46:10.0472 5440 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:46:10.0474 5440 tcpipreg - ok
18:46:10.0497 5440 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:46:10.0499 5440 TDPIPE - ok
18:46:10.0518 5440 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:46:10.0519 5440 TDTCP - ok
18:46:10.0530 5440 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:46:10.0532 5440 tdx - ok
18:46:10.0543 5440 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:46:10.0544 5440 TermDD - ok
18:46:10.0573 5440 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:46:10.0578 5440 TermService - ok
18:46:10.0604 5440 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:46:10.0608 5440 Themes - ok
18:46:10.0618 5440 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:46:10.0620 5440 THREADORDER - ok
18:46:10.0639 5440 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:46:10.0642 5440 TrkWks - ok
18:46:10.0677 5440 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:46:10.0680 5440 TrustedInstaller - ok
18:46:10.0692 5440 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:46:10.0693 5440 tssecsrv - ok
18:46:10.0706 5440 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:46:10.0708 5440 TsUsbFlt - ok
18:46:10.0711 5440 tsusbhub - ok
18:46:10.0731 5440 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:46:10.0733 5440 tunnel - ok
18:46:10.0761 5440 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:46:10.0762 5440 uagp35 - ok
18:46:10.0775 5440 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:46:10.0779 5440 udfs - ok
18:46:10.0791 5440 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:46:10.0794 5440 UI0Detect - ok
18:46:10.0839 5440 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:46:10.0841 5440 uliagpkx - ok
18:46:10.0859 5440 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:46:10.0861 5440 umbus - ok
18:46:10.0877 5440 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:46:10.0878 5440 UmPass - ok
18:46:10.0896 5440 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:46:10.0900 5440 UmRdpService - ok
18:46:10.0929 5440 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 J:\Program Files\Unlocker\UnlockerDriver5.sys
18:46:10.0930 5440 UnlockerDriver5 - ok
18:46:10.0966 5440 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:46:10.0970 5440 upnphost - ok
18:46:10.0999 5440 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:46:11.0001 5440 USBAAPL - ok
18:46:11.0017 5440 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:46:11.0019 5440 usbaudio - ok
18:46:11.0031 5440 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:46:11.0033 5440 usbccgp - ok
18:46:11.0050 5440 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:46:11.0052 5440 usbcir - ok
18:46:11.0066 5440 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:46:11.0068 5440 usbehci - ok
18:46:11.0081 5440 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:46:11.0084 5440 usbhub - ok
18:46:11.0103 5440 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:46:11.0104 5440 usbohci - ok
18:46:11.0135 5440 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:46:11.0137 5440 usbprint - ok
18:46:11.0147 5440 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:46:11.0148 5440 usbscan - ok
18:46:11.0163 5440 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:46:11.0165 5440 USBSTOR - ok
18:46:11.0175 5440 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:46:11.0176 5440 usbuhci - ok
18:46:11.0206 5440 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:46:11.0209 5440 UxSms - ok
18:46:11.0223 5440 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:46:11.0224 5440 VaultSvc - ok
18:46:11.0234 5440 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:46:11.0236 5440 vdrvroot - ok
18:46:11.0255 5440 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:46:11.0262 5440 vds - ok
18:46:11.0275 5440 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:46:11.0305 5440 vga - ok
18:46:11.0325 5440 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:46:11.0329 5440 VgaSave - ok
18:46:11.0335 5440 VGPU - ok
18:46:11.0353 5440 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:46:11.0355 5440 vhdmp - ok
18:46:11.0377 5440 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:46:11.0379 5440 viaagp - ok
18:46:11.0396 5440 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:46:11.0398 5440 ViaC7 - ok
18:46:11.0410 5440 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:46:11.0412 5440 viaide - ok
18:46:11.0428 5440 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:46:11.0430 5440 vmbus - ok
18:46:11.0444 5440 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:46:11.0446 5440 VMBusHID - ok
18:46:11.0462 5440 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:46:11.0464 5440 volmgr - ok
18:46:11.0480 5440 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:46:11.0484 5440 volmgrx - ok
18:46:11.0496 5440 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:46:11.0500 5440 volsnap - ok
18:46:11.0520 5440 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:46:11.0522 5440 vsmraid - ok
18:46:11.0560 5440 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:46:11.0572 5440 VSS - ok
18:46:11.0611 5440 [ 682FCF7D2EB5158CD30408E976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
18:46:11.0615 5440 VSTHWBS2 - ok
18:46:11.0643 5440 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:46:11.0653 5440 VST_DPV - ok
18:46:11.0669 5440 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:46:11.0671 5440 vwifibus - ok
18:46:11.0705 5440 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:46:11.0711 5440 W32Time - ok
18:46:11.0743 5440 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:46:11.0745 5440 WacomPen - ok
18:46:11.0781 5440 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:46:11.0783 5440 WANARP - ok
18:46:11.0791 5440 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:46:11.0792 5440 Wanarpv6 - ok
18:46:11.0839 5440 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:46:11.0865 5440 WatAdminSvc - ok
18:46:11.0903 5440 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:46:11.0928 5440 wbengine - ok
18:46:11.0960 5440 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:46:11.0964 5440 WbioSrvc - ok
18:46:11.0978 5440 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:46:11.0984 5440 wcncsvc - ok
18:46:11.0990 5440 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:46:11.0994 5440 WcsPlugInService - ok
18:46:12.0024 5440 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:46:12.0026 5440 Wd - ok
18:46:12.0048 5440 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:46:12.0053 5440 Wdf01000 - ok
18:46:12.0065 5440 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:46:12.0069 5440 WdiServiceHost - ok
18:46:12.0073 5440 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:46:12.0076 5440 WdiSystemHost - ok
18:46:12.0086 5440 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:46:12.0091 5440 WebClient - ok
18:46:12.0103 5440 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:46:12.0108 5440 Wecsvc - ok
18:46:12.0119 5440 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:46:12.0122 5440 wercplsupport - ok
18:46:12.0141 5440 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:46:12.0144 5440 WerSvc - ok
18:46:12.0183 5440 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:46:12.0186 5440 WfpLwf - ok
18:46:12.0201 5440 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:46:12.0203 5440 WIMMount - ok
18:46:12.0225 5440 [ BC0C7EA89194C299F051C24119000E17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:46:12.0234 5440 winachsf - ok
18:46:12.0302 5440 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:46:12.0310 5440 WinDefend - ok
18:46:12.0321 5440 WinHttpAutoProxySvc - ok
18:46:12.0374 5440 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:46:12.0376 5440 Winmgmt - ok
18:46:12.0411 5440 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:46:12.0437 5440 WinRM - ok
18:46:12.0479 5440 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:46:12.0480 5440 WinUsb - ok
18:46:12.0518 5440 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:46:12.0529 5440 Wlansvc - ok
18:46:12.0570 5440 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:46:12.0597 5440 wlidsvc - ok
18:46:12.0625 5440 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:46:12.0626 5440 WmiAcpi - ok
18:46:12.0657 5440 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:46:12.0660 5440 wmiApSrv - ok
18:46:12.0723 5440 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:46:12.0740 5440 WMPNetworkSvc - ok
18:46:12.0768 5440 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:46:12.0772 5440 WPCSvc - ok
18:46:12.0792 5440 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:46:12.0797 5440 WPDBusEnum - ok
18:46:12.0823 5440 WPFFontCache_v0400 - ok
18:46:12.0844 5440 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:46:12.0846 5440 ws2ifsl - ok
18:46:12.0862 5440 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:46:12.0866 5440 wscsvc - ok
18:46:12.0870 5440 WSearch - ok
18:46:12.0922 5440 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:46:12.0956 5440 wuauserv - ok
18:46:12.0992 5440 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:46:12.0994 5440 WudfPf - ok
18:46:13.0028 5440 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:46:13.0030 5440 WUDFRd - ok
18:46:13.0063 5440 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:46:13.0068 5440 wudfsvc - ok
18:46:13.0105 5440 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:46:13.0109 5440 WwanSvc - ok
18:46:13.0142 5440 [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
18:46:13.0144 5440 xusb21 - ok
18:46:13.0199 5440 [ 74EC37B9EAF9FCA015B933A526825C7A ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
18:46:13.0201 5440 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
18:46:13.0205 5440 ================ Scan global ===============================
18:46:13.0229 5440 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:46:13.0252 5440 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:46:13.0261 5440 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
18:46:13.0289 5440 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:46:13.0317 5440 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:46:13.0323 5440 [Global] - ok
18:46:13.0324 5440 ================ Scan MBR ==================================
18:46:13.0332 5440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:46:13.0688 5440 \Device\Harddisk0\DR0 - ok
18:46:13.0692 5440 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:46:13.0697 5440 \Device\Harddisk1\DR1 - ok
18:46:13.0701 5440 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
18:46:13.0706 5440 \Device\Harddisk2\DR2 - ok
18:46:13.0706 5440 ================ Scan VBR ==================================
18:46:13.0722 5440 [ 91B5BE93964B44AFBA10ECF51B4BD741 ] \Device\Harddisk0\DR0\Partition1
18:46:13.0724 5440 \Device\Harddisk0\DR0\Partition1 - ok
18:46:13.0737 5440 [ 67319CCB8CE77BC4D89CCB8E85756D92 ] \Device\Harddisk0\DR0\Partition2
18:46:13.0739 5440 \Device\Harddisk0\DR0\Partition2 - ok
18:46:13.0743 5440 [ C20BF30272BB7F357EC88156EEBEBFF9 ] \Device\Harddisk1\DR1\Partition1
18:46:13.0745 5440 \Device\Harddisk1\DR1\Partition1 - ok
18:46:13.0750 5440 [ 11D6C4BCA104C122AB9469BDDDE90420 ] \Device\Harddisk2\DR2\Partition1
18:46:13.0752 5440 \Device\Harddisk2\DR2\Partition1 - ok
18:46:13.0753 5440 ============================================================
18:46:13.0753 5440 Scan finished
18:46:13.0753 5440 ============================================================
18:46:13.0764 4944 Detected object count: 0
18:46:13.0764 4944 Actual detected object count: 0
18:48:24.0775 7036 Deinitialize success


aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 02:07:53
-----------------------------
02:07:53.857 OS Version: Windows 6.1.7601 Service Pack 1
02:07:53.857 Number of processors: 4 586 0xF0B
02:07:53.858 ComputerName: LANNY UserName: user
02:07:55.479 Initialize success
02:08:52.964 AVAST engine defs: 12072302
02:09:25.805 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:09:25.808 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
02:09:25.810 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000076
02:09:25.813 Disk 1 Vendor: Size: 476940MB BusType: 0
02:09:25.816 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007b
02:09:25.819 Disk 2 Vendor: Size: 476940MB BusType: 0
02:09:25.832 Disk 0 MBR read successfully
02:09:25.836 Disk 0 MBR scan
02:09:25.841 Disk 0 Windows 7 default MBR code
02:09:25.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 102938 MB offset 2048
02:09:25.862 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 374000 MB offset 210819072
02:09:25.869 Disk 0 scanning sectors +976771072
02:09:25.926 Disk 0 scanning C:\Windows\system32\drivers
02:09:35.192 Service scanning
02:09:54.475 Modules scanning
02:10:02.432 Disk 0 trace - called modules:
02:10:03.381
02:10:06.912 AVAST engine scan C:\Windows
02:10:07.028 File: C:\Windows\AutoKMS.exe **INFECTED** Win32:Trojan-gen
02:10:08.446 AVAST engine scan C:\Windows\system32
02:12:04.360 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
02:12:47.856 AVAST engine scan C:\Windows\system32\drivers
02:12:58.509 AVAST engine scan C:\Users\user
02:39:45.506 AVAST engine scan C:\ProgramData
02:40:55.257 Scan finished successfully
02:42:14.762 Disk 0 MBR has been saved successfully to "C:\Users\user\Documents\MBR.dat"
02:42:14.769 The log file has been saved successfully to "C:\Users\user\Documents\aswMBR.txt"



ESET log

C:\ProgramData\AutoKMS\Resources\KMSKG\Keygen.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Temp\00198140.exe a variant of Win32/Injector.VET trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Local\Temp\msaiag.exe a variant of Win32/Injector.VET trojan cleaned by deleting - quarantined
C:\Users\user\AppData\Roaming\870CB4.exe a variant of Win32/Injector.VET trojan cleaned by deleting (after the next restart) - quarantined
C:\Windows\AutoKMS.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application cleaned by deleting - quarantined
C:\Windows\AutoKMS\AutoKMS.exe a variant of Win32/HackKMS.B application cleaned by deleting - quarantined
Operating memory multiple threats




Thanks!

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 28 August 2012 - 08:20 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#7 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 28 August 2012 - 10:19 PM

Mini Toolbox Log

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 28-08-2012 at 23:17:36
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.autoconfig_url", "http://89.36.225.1:8080/Romania_0%20"
"network.proxy.http", "199.127.56.223"
"network.proxy.http_port", 3128

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82566DC-2 Gigabit Network Connection = Local Area Connection (Connected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Lanny
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-BA-0A-3D-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1D-09-1E-3B-09
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::ad85:4b50:eb18:32d5%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 28, 2012 11:12:45 PM
Lease Expires . . . . . . . . . . : Wednesday, August 29, 2012 11:12:44 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167779593
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E6-F5-07-00-1D-09-1E-3B-09
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{BA0A3DF0-391E-4BC2-A604-37201236146F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:2457:1984:bdf4:55ac(Preferred)
Link-local IPv6 Address . . . . . : fe80::2457:1984:bdf4:55ac%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{32A6A4E1-E53D-4336-A8CB-49A1A0494681}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:400b:801::1006
74.125.226.33
74.125.226.34
74.125.226.35
74.125.226.36
74.125.226.37
74.125.226.38
74.125.226.39
74.125.226.40
74.125.226.41
74.125.226.46
74.125.226.32


Pinging google.com [74.125.226.32] with 32 bytes of data:
Reply from 74.125.226.32: bytes=32 time=12ms TTL=56
Reply from 74.125.226.32: bytes=32 time=12ms TTL=56

Ping statistics for 74.125.226.32:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 12ms, Average = 12ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=203ms TTL=53
Reply from 72.30.38.140: bytes=32 time=394ms TTL=53

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 203ms, Maximum = 394ms, Average = 298ms
Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...00 ff ba 0a 3d f0 ......TAP-Win32 Adapter V9
9...00 1d 09 1e 3b 09 ......Intel® 82566DC-2 Gigabit Network Connection
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 266
192.168.1.2 255.255.255.255 On-link 192.168.1.2 266
192.168.1.255 255.255.255.255 On-link 192.168.1.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:9d38:953c:2457:1984:bdf4:55ac/128
On-link
9 266 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::2457:1984:bdf4:55ac/128
On-link
9 266 fe80::ad85:4b50:eb18:32d5/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
9 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2012 09:52:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: flashget.exe, version: 1.9.6.1073, time stamp: 0x46f8c17b
Faulting module name: FGEMCORE.dll, version: 1.0.3.1002, time stamp: 0x46711c54
Exception code: 0xc0000005
Fault offset: 0x00021f50
Faulting process id: 0x1414
Faulting application start time: 0xflashget.exe0
Faulting application path: flashget.exe1
Faulting module path: flashget.exe2
Report Id: flashget.exe3

Error: (08/28/2012 09:52:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: flashget.exe, version: 1.9.6.1073, time stamp: 0x46f8c17b
Faulting module name: FGEMCORE.dll, version: 1.0.3.1002, time stamp: 0x46711c54
Exception code: 0xc0000005
Fault offset: 0x00021f50
Faulting process id: 0x12ec
Faulting application start time: 0xflashget.exe0
Faulting application path: flashget.exe1
Faulting module path: flashget.exe2
Report Id: flashget.exe3

Error: (08/28/2012 09:52:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: flashget.exe, version: 1.9.6.1073, time stamp: 0x46f8c17b
Faulting module name: FGEMCORE.dll, version: 1.0.3.1002, time stamp: 0x46711c54
Exception code: 0xc0000005
Fault offset: 0x000015d3
Faulting process id: 0xbc8
Faulting application start time: 0xflashget.exe0
Faulting application path: flashget.exe1
Faulting module path: flashget.exe2
Report Id: flashget.exe3

Error: (08/28/2012 09:51:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: flashget.exe, version: 1.9.6.1073, time stamp: 0x46f8c17b
Faulting module name: FGEMCORE.dll, version: 1.0.3.1002, time stamp: 0x46711c54
Exception code: 0xc0000005
Fault offset: 0x00021f50
Faulting process id: 0xbc8
Faulting application start time: 0xflashget.exe0
Faulting application path: flashget.exe1
Faulting module path: flashget.exe2
Report Id: flashget.exe3

Error: (08/28/2012 06:14:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 14.0.1.4577, time stamp: 0x5000b729
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x045e000b
Faulting process id: 0x27b8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/28/2012 01:01:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2012 01:01:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2012 01:01:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2012 01:01:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2012 01:01:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/28/2012 11:12:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (08/28/2012 06:17:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (08/26/2012 07:35:34 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (08/26/2012 02:33:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6

Error: (08/26/2012 02:27:50 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (08/26/2012 02:14:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (08/25/2012 00:28:14 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the libusbd service.

Error: (08/25/2012 02:06:20 AM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/25/2012 02:06:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/25/2012 02:05:42 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
KLIM6


Microsoft Office Sessions:
=========================
Error: (08/28/2012 09:52:39 PM) (Source: Application Error)(User: )
Description: flashget.exe1.9.6.107346f8c17bFGEMCORE.dll1.0.3.100246711c54c000000500021f50141401cd8588f530c075J:\Program Files\Flashget\flashget.exeJ:\Program Files\Flashget\FGEMCORE.dll36088f1f-f17c-11e1-b161-001d091e3b09

Error: (08/28/2012 09:52:22 PM) (Source: Application Error)(User: )
Description: flashget.exe1.9.6.107346f8c17bFGEMCORE.dll1.0.3.100246711c54c000000500021f5012ec01cd8588e9bb6312J:\Program Files\Flashget\flashget.exeJ:\Program Files\Flashget\FGEMCORE.dll2c23c2a9-f17c-11e1-b161-001d091e3b09

Error: (08/28/2012 09:52:05 PM) (Source: Application Error)(User: )
Description: flashget.exe1.9.6.107346f8c17bFGEMCORE.dll1.0.3.100246711c54c0000005000015d3bc801cd856adf424e2eJ:\Program Files\Flashget\flashget.exeJ:\Program Files\Flashget\FGEMCORE.dll219f7f8d-f17c-11e1-b161-001d091e3b09

Error: (08/28/2012 09:51:58 PM) (Source: Application Error)(User: )
Description: flashget.exe1.9.6.107346f8c17bFGEMCORE.dll1.0.3.100246711c54c000000500021f50bc801cd856adf424e2eJ:\Program Files\Flashget\flashget.exeJ:\Program Files\Flashget\FGEMCORE.dll1db73a38-f17c-11e1-b161-001d091e3b09

Error: (08/28/2012 06:14:43 PM) (Source: Application Error)(User: )
Description: firefox.exe14.0.1.45775000b729unknown0.0.0.000000000c0000005045e000b27b801cd856722e002d5C:\Program Files\Mozilla Firefox\firefox.exeunknownc480b428-f15d-11e1-b1c3-001d091e3b09

Error: (08/28/2012 01:01:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\razer_common_driver\Drivers\DPInst_amd64.exe

Error: (08/28/2012 01:01:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Razer\imperator\firmware updater\bootloader\DPInst_amd64.exe

Error: (08/28/2012 01:01:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\Moose1.dll

Error: (08/28/2012 01:01:03 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\LastFmTools1.dll

Error: (08/28/2012 01:01:02 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762"j:\program files\Last.fm\LastFmFingerprint1.dll


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
32 bit Windows Card Reader Driver (Version: 1.1.0.0)
ABBYY FineReader 6.0 Sprint (Version: 6.00.1395.4512)
abgx360 v1.0.6
Adobe Flash Player 10 Plugin (Version: 10.3.183.20)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
All Sound Recorder Vista 1.30
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
Assassin's Creed Revelations (Version: 1.01)
Audacity 1.3.13 (Unicode)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Back to the Future The Game - Episode 1 (Version: 1.0.0.0)
Back to the Future The Game - Episode 2 (Version: 1.0.0.0)
Back to the Future The Game - Episode 3 (Version: 1.0.0.0)
Back to the Future The Game - Episode 4 (Version: 1.0.0.15)
Back to the Future The Game - Episode 5 (Version: 1.0.0.15)
Batman Arkham City version 1.0 (Version: 1.0)
Bonjour (Version: 3.0.0.10)
Call of Duty: Modern Warfare 3 - Multiplayer
Call of Juarez The Cartel
Cheat Engine 6.1
Counter-Strike: Source
CyberGhost VPN Patch 4.7.19
CyberLink PowerDirector (Version: 9.0.0.2316)
CyberLink PowerDVD 10 (Version: 10.0.2325.51)
CyberLink WaveEditor (Version: 1.0.1.2228b)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 4.41.0314.0232)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiRT 3 (Version: 1.0.0001.130)
Dropbox (Version: 1.1.45)
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager (Version: 2.01.00)
Epson Print CD (Version: 2.00.00)
EPSON Scan
ESET Online Scanner v3
FileZilla Client 3.5.0 (Version: 3.5.0)
FlashGet 1.9.6.1073 (Version: 1.9.6.1073)
Fraps
Google Chrome (Version: 21.0.1180.83)
Google Update Helper (Version: 1.3.21.115)
HyperCam 3 (Version: 3.0.912.18)
HyperSnap 7 (Version: 7.06.01)
ImgBurn (Version: 2.5.7.0)
InfraRecorder
Intel® PRO Network Connections 12.1.12.4 (Version: )
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
L.A. Noire (Version: 1.00.0000)
LAME v3.98.3 for Audacity
LibUSB-Win32-0.1.10.1 (Version: 0.1.10.1)
LIMBO
London 2012: The Official Video Game of the Olympic Games
Major League Baseball 2K12 (Version: 1.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Max Payne 3 (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Midnight Club II
mIRC (Version: 7.22)
Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
Monopoly
MotioninJoy ds3 driver version 0.6.0004 (Version: 0.6.00001)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN Connection Center (Version: 1.8)
MSVCRT (Version: 15.4.2862.0708)
Need for Speed™ The Run (Version: 1.0.0.0)
NetWaiting (Version: 2.5.47)
Nexus Mod Manager (Version: 0.13.1)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA HD Audio Driver 1.3.16.0 (Version: 1.3.16.0)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
Octoshape Streaming Services
OpenAL
PAYDAY: The Heist
Pod to PC 4.027
Power Challenge Game Plugin
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.72.80.56)
Rapture3D 2.4.8 Game
Razer Imperator (Version: 2.02.00)
Razer Imperator Firmware Updater (Version: 1.16.00)
Razer Synapse 2.0 (Version: 1.4.13)
Rockstar Games Social Club (Version: 1.0.9.5)
Saints Row The Third
Segoe UI (Version: 15.4.2271.0615)
SigmaTel Audio (Version: 5.10.5102.0)
Sleeping Dogs
Sniper Elite V2
Steam (Version: 1.0.0.0)
swMSM (Version: 12.0.0.1)
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
The Amazing Spider-Man
The Darkness II
The Walking Dead © 3 version 1 (Version: 1)
Toy Soldiers
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.2 (Version: 2.0.2)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
Xvid Video Codec (Version: 1.3.2)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 3069.94 MB
Available physical RAM: 1734.88 MB
Total Pagefile: 6138.17 MB
Available Pagefile: 4414.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.09 MB

========================= Partitions: =====================================

1 Drive c: (Partition Drive) (Fixed) (Total:100.53 GB) (Free:3.75 GB) NTFS
7 Drive i: (FreeAgentGoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1145.3 GB) NTFS
8 Drive j: (Local Disk) (Fixed) (Total:365.23 GB) (Free:329.92 GB) NTFS
9 Drive k: (IMATION) (Fixed) (Total:931.51 GB) (Free:196.35 GB) NTFS
10 Drive l: (Prototype 2 - Di) (CDROM) (Total:7.5 GB) (Free:0 GB) CDFS
11 Drive m: (Prototype 2 - Di) (CDROM) (Total:1.37 GB) (Free:0 GB) CDFS
12 Drive n: (TASM) (CDROM) (Total:7.25 GB) (Free:0 GB) CDFS
13 Drive o: (SD DVD1) (CDROM) (Total:7.78 GB) (Free:0 GB) CDFS
14 Drive p: (SD DVD 2) (CDROM) (Total:1.38 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\LANNY

Administrator Guest Mcx1-LANNY
UpdatusUser user


**** End of log ****



FSS Log

Farbar Service Scanner Version: 06-08-2012
Ran by user (administrator) on 28-08-2012 at 23:20:05
Running from "J:\Documents\Flashget Download"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



adwarecleaner log

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 23:22:03
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : user - LANNY
# Boot Mode : Normal
# Running from : J:\Documents\Flashget Download\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\PhotoJoy_Bar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CF45C54F-801C-41B5-AC77-57F2BF418EDC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A46DB878-A940-4144-80AF-99A385FC91DD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF2839AB-4039-4C33-9622-28648B41C80A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5061BCE8-AE5A-43D4-8462-7A39C540FD43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{202C16F2-6D5A-41C3-8B12-B1B8F2433ABD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF45C54F-801C-41B5-AC77-57F2BF418EDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF2839AB-4039-4C33-9622-28648B41C80A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CF45C54F-801C-41B5-AC77-57F2BF418EDC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF45C54F-801C-41B5-AC77-57F2BF418EDC}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CF45C54F-801C-41B5-AC77-57F2BF418EDC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CF45C54F-801C-41B5-AC77-57F2BF418EDC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CF45C54F-801C-41B5-AC77-57F2BF418EDC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.
-\\ Mozilla Firefox v14.0.1 (en-US)

-\\ Google Chrome v21.0.1180.83

*************************

AdwCleaner[S3].txt - [1971 octets] - [28/08/2012 23:22:03]

########## EOF - C:\AdwCleaner[S3].txt - [2099 octets] ##########


Edited by CloseToHome, 28 August 2012 - 10:26 PM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 28 August 2012 - 10:53 PM

MBAM log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#9 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 August 2012 - 12:44 AM

MBAM log?

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Sorry

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LANNY [administrator]

Protection: Enabled

8/29/2012 12:22:01 AM
mbam-log-2012-08-29 (00-22-01).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380908
Time elapsed: 56 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



RKILL Log

Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/29/2012 01:48:43 AM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\system32\libusbd-nt.exe (PID: 2072) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/29/2012 01:48:58 AM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



Thanks!

Edited by CloseToHome, 29 August 2012 - 12:49 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 29 August 2012 - 08:27 AM

Any current issues?

Can you post the previous MBAM log that detected infection?

Launch malwarebytes and click on LOGS tab

You will find the previous log

#11 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 August 2012 - 10:56 AM

Any current issues?

Can you post the previous MBAM log that detected infection?

Launch malwarebytes and click on LOGS tab

You will find the previous log



Yes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LANNY [administrator]

Protection: Enabled

8/29/2012 10:50:05 PM
mbam-log-2012-08-29 (01-50-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 380656
Time elapsed: 58 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\user\LOCALS~1\Temp\mswuwv.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#12 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 August 2012 - 12:24 PM

Hmmm, this trojan keeps getting detected after each Scan and restart.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LANNY [administrator]

Protection: Enabled

8/29/2012 12:17:21 PM
mbam-log-2012-08-29 (12-17-21).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 381547
Time elapsed: 1 hour(s), 1 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Agent) -> Data: C:\Users\user\LOCALS~1\Temp\mswuwv.exe -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 29 August 2012 - 12:53 PM

Press Windows+R key and type

regedit and click ok

Browse to

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

On right side you should find LOAD key with this value C:\Users\user\LOCALS~1\Temp\mswuwv.exe ,delete it.

If you receive access denied error then

go to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

right click on Windows key

Click on permissions

CLick on Everyone

Under permissions ,select FULL CONTROL and click ok,now you should be able to delete the LOAD key

Run Malwarebytes again and post the log

#14 CloseToHome

CloseToHome
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 29 August 2012 - 03:56 PM

Awesome :thumbup2:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: LANNY [administrator]

Protection: Enabled

8/29/2012 3:53:42 PM
mbam-log-2012-08-29 (15-53-42).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 381024
Time elapsed: 54 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:28 AM

Posted 29 August 2012 - 03:57 PM

Please run microsoft security essentials scan and let me know if it comes out clean before we wrap up




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users