Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ghost audio


  • Please log in to reply
13 replies to this topic

#1 lolcats

lolcats

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 26 September 2012 - 06:01 PM

Mod edit: Moved from WIN7 to the Am I Infected forum ~~ boopme

At random times during the day I will hear various ads through my speakers even though the only open application is Outlook.
Where is this audio coming from and how do I put a stop to it? It's funny but it's kind of annoying, too.
I've checked Task Manager and I'll only see Outlook.
The running processes are minimal and look to be normal for my computer.
I've gone through msconfig and disabled all the fluff...
Just now while writing this I got an ad for some Insurance company while Outlook and Firefox were open.
Bleepingcomputer.com is the only tab open.
Why you do this to me, Demi?

Edited by boopme, 26 September 2012 - 06:44 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 26 September 2012 - 06:02 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 26 September 2012 - 06:41 PM

Thanks for such a fast reply!

Downloaded TDSS killer, double clicked it to launch it and nothing.
Tried Run as administrator - nothing :(
Downloaded aswMRB, same thing.
Checked Task Manager and neither one is running.
Downloaded ESET and was able to scan.
It's still scanning and only at 21% after 20 minutes.
The C: drive has over 200 GB of data on it...I just love inherited work computers...
I'll post the log when it's done, either later today or tomorrow morning.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 26 September 2012 - 06:46 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#5 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 27 September 2012 - 12:17 PM

Eset completed scanning and found 3 infections.
Text of the log file:

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
D:\Users\Marco\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\QXAUUYTW\whjejkwh11_blogspot_in[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
D:\Users\Marco\Downloads\Mp3ConverterSetup.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined


ListParts was able to scan.
Log file:

ListParts by Farbar Version: 25-09-2012
Ran by user (administrator) on 27-09-2012 at 10:12:55
Windows 7 (X86)
Running From: C:\Users\user\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 39%
Total physical RAM: 3031.11 MB
Available physical RAM: 1844.38 MB
Total Pagefile: 6060.51 MB
Available Pagefile: 4860.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.62 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:232.74 GB) (Free:24.3 GB) NTFS ==>

[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 86 MB 31 KB
Partition 2 Primary 232 GB 86 MB
Partition 3 Primary 8 MB 232 GB

======================================================================

================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================

================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status

Info
---------- --- ----------- ----- ---------- ------- ---------

--------
* Volume 1 C OS NTFS Partition 232 GB Healthy

System (partition with boot components)

======================================================================

================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================

================================

****** End Of Log ******

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 27 September 2012 - 01:17 PM

Tdsskiller should launch now.

Post the TDSSkiller and aswmbr logs

Edited by narenxp, 27 September 2012 - 02:54 PM.


#7 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 27 September 2012 - 02:50 PM

kerneldetective worked like a champ.
I was able to run TDSSkiller
Log file:

12:19:50.0447 5856 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:19:51.0043 5856 ============================================================
12:19:51.0043 5856 Current date / time: 2012/09/27 12:19:51.0043
12:19:51.0043 5856 SystemInfo:
12:19:51.0043 5856
12:19:51.0043 5856 OS Version: 6.1.7601 ServicePack: 1.0
12:19:51.0043 5856 Product type: Workstation
12:19:51.0043 5856 ComputerName: computer
12:19:51.0043 5856 UserName: user
12:19:51.0043 5856 Windows directory: C:\Windows
12:19:51.0043 5856 System windows directory: C:\Windows
12:19:51.0043 5856 Processor architecture: Intel x86
12:19:51.0043 5856 Number of processors: 8
12:19:51.0043 5856 Page size: 0x1000
12:19:51.0043 5856 Boot type: Normal boot
12:19:51.0044 5856 ============================================================
12:19:51.0243 5856 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:19:51.0248 5856 Drive \Device\Harddisk1\DR1 - Size: 0x790000000 (30.25 Gb), SectorSize: 0x200, Cylinders: 0xF6C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:19:51.0249 5856 ============================================================
12:19:51.0249 5856 \Device\Harddisk0\DR0:
12:19:51.0249 5856 MBR partitions:
12:19:51.0249 5856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x1D179257
12:19:51.0249 5856 \Device\Harddisk1\DR1:
12:19:51.0249 5856 MBR partitions:
12:19:51.0249 5856 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3C7F800
12:19:51.0249 5856 ============================================================
12:19:51.0263 5856 C: <-> \Device\Harddisk0\DR0\Partition1
12:19:51.0263 5856 ============================================================
12:19:51.0263 5856 Initialize success
12:19:51.0263 5856 ============================================================
12:20:10.0347 4932 ============================================================
12:20:10.0347 4932 Scan started
12:20:10.0347 4932 Mode: Manual; TDLFS;
12:20:10.0347 4932 ============================================================
12:20:10.0583 4932 ================ Scan system memory ========================
12:20:10.0583 4932 System memory - ok
12:20:10.0584 4932 ================ Scan services =============================
12:20:10.0697 4932 [ 2A8681AEA24003040CA7D677BE9F1702 ] 10704811 C:\Windows\system32\drivers\85626532.sys
12:20:10.0767 4932 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:20:10.0768 4932 1394ohci - ok
12:20:10.0835 4932 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:20:10.0837 4932 ACPI - ok
12:20:10.0894 4932 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:20:10.0895 4932 AcpiPmi - ok
12:20:11.0109 4932 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:20:11.0109 4932 AdobeARMservice - ok
12:20:11.0233 4932 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:20:11.0234 4932 AdobeFlashPlayerUpdateSvc - ok
12:20:11.0283 4932 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:20:11.0285 4932 adp94xx - ok
12:20:11.0300 4932 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:20:11.0301 4932 adpahci - ok
12:20:11.0330 4932 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:20:11.0331 4932 adpu320 - ok
12:20:11.0351 4932 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:20:11.0352 4932 AeLookupSvc - ok
12:20:11.0417 4932 [ 7A841462AD4749F8A07B27AE8E8947B8 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
12:20:11.0417 4932 AERTFilters - ok
12:20:11.0493 4932 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:20:11.0495 4932 AFD - ok
12:20:11.0557 4932 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:20:11.0558 4932 agp440 - ok
12:20:11.0592 4932 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:20:11.0592 4932 aic78xx - ok
12:20:11.0759 4932 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
12:20:11.0759 4932 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
12:20:11.0763 4932 Akamai ( HiddenFile.Multi.Generic ) - warning
12:20:11.0763 4932 Akamai - detected HiddenFile.Multi.Generic (1)
12:20:11.0830 4932 [ C3E7AC2EB8B1BAA98BC4E5DBCF934964 ] aksfridge C:\Windows\system32\DRIVERS\aksfridge.sys
12:20:11.0831 4932 aksfridge - ok
12:20:11.0885 4932 [ 64FC197D24A2B240598F29CE0A6660C0 ] akshasp C:\Windows\system32\DRIVERS\akshasp.sys
12:20:11.0886 4932 akshasp - ok
12:20:11.0899 4932 [ DFD3C25A2AAB48668E14AEF0316A0522 ] akshhl C:\Windows\system32\DRIVERS\akshhl.sys
12:20:11.0899 4932 akshhl - ok
12:20:11.0972 4932 [ AE2C310930AC216B80A1CE65E834C4DE ] aksusb C:\Windows\system32\DRIVERS\aksusb.sys
12:20:11.0973 4932 aksusb - ok
12:20:12.0005 4932 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:20:12.0006 4932 ALG - ok
12:20:12.0021 4932 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:20:12.0021 4932 aliide - ok
12:20:12.0087 4932 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:20:12.0087 4932 amdagp - ok
12:20:12.0098 4932 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:20:12.0098 4932 amdide - ok
12:20:12.0117 4932 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:20:12.0117 4932 AmdK8 - ok
12:20:12.0130 4932 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:20:12.0131 4932 AmdPPM - ok
12:20:12.0200 4932 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:20:12.0201 4932 amdsata - ok
12:20:12.0211 4932 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:20:12.0212 4932 amdsbs - ok
12:20:12.0229 4932 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:20:12.0229 4932 amdxata - ok
12:20:12.0294 4932 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:20:12.0294 4932 AppID - ok
12:20:12.0333 4932 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:20:12.0333 4932 AppIDSvc - ok
12:20:12.0381 4932 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
12:20:12.0381 4932 Appinfo - ok
12:20:12.0538 4932 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:20:12.0539 4932 Apple Mobile Device - ok
12:20:12.0586 4932 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:20:12.0587 4932 AppMgmt - ok
12:20:12.0599 4932 aqynujqv - ok
12:20:12.0626 4932 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:20:12.0626 4932 arc - ok
12:20:12.0638 4932 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:20:12.0638 4932 arcsas - ok
12:20:12.0658 4932 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:20:12.0659 4932 AsyncMac - ok
12:20:12.0677 4932 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:20:12.0678 4932 atapi - ok
12:20:12.0744 4932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:20:12.0745 4932 AudioEndpointBuilder - ok
12:20:12.0751 4932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:20:12.0753 4932 Audiosrv - ok
12:20:12.0822 4932 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:20:12.0822 4932 AxInstSV - ok
12:20:12.0867 4932 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:20:12.0868 4932 b06bdrv - ok
12:20:12.0905 4932 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:20:12.0906 4932 b57nd60x - ok
12:20:12.0927 4932 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:20:12.0927 4932 BDESVC - ok
12:20:12.0960 4932 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:20:12.0961 4932 Beep - ok
12:20:13.0028 4932 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:20:13.0030 4932 BFE - ok
12:20:13.0089 4932 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:20:13.0092 4932 BITS - ok
12:20:13.0113 4932 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:20:13.0113 4932 blbdrive - ok
12:20:13.0235 4932 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:20:13.0236 4932 Bonjour Service - ok
12:20:13.0289 4932 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:20:13.0289 4932 bowser - ok
12:20:13.0314 4932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:20:13.0314 4932 BrFiltLo - ok
12:20:13.0328 4932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:20:13.0328 4932 BrFiltUp - ok
12:20:13.0386 4932 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
12:20:13.0386 4932 Browser - ok
12:20:13.0402 4932 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:20:13.0403 4932 Brserid - ok
12:20:13.0417 4932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:20:13.0418 4932 BrSerWdm - ok
12:20:13.0432 4932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:20:13.0432 4932 BrUsbMdm - ok
12:20:13.0450 4932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:20:13.0450 4932 BrUsbSer - ok
12:20:13.0458 4932 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:20:13.0458 4932 BTHMODEM - ok
12:20:13.0495 4932 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:20:13.0495 4932 bthserv - ok
12:20:13.0519 4932 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:20:13.0520 4932 cdfs - ok
12:20:13.0552 4932 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:20:13.0552 4932 cdrom - ok
12:20:13.0617 4932 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:20:13.0618 4932 CertPropSvc - ok
12:20:13.0645 4932 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:20:13.0646 4932 circlass - ok
12:20:13.0674 4932 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:20:13.0675 4932 CLFS - ok
12:20:13.0727 4932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:20:13.0727 4932 clr_optimization_v2.0.50727_32 - ok
12:20:13.0846 4932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:20:13.0846 4932 clr_optimization_v4.0.30319_32 - ok
12:20:13.0863 4932 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:20:13.0863 4932 CmBatt - ok
12:20:13.0887 4932 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:20:13.0887 4932 cmdide - ok
12:20:13.0952 4932 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
12:20:13.0953 4932 CNG - ok
12:20:13.0972 4932 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:20:13.0972 4932 Compbatt - ok
12:20:14.0032 4932 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:20:14.0032 4932 CompositeBus - ok
12:20:14.0045 4932 COMSysApp - ok
12:20:14.0056 4932 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:20:14.0056 4932 crcdisk - ok
12:20:14.0122 4932 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:20:14.0122 4932 CryptSvc - ok
12:20:14.0191 4932 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:20:14.0193 4932 CSC - ok
12:20:14.0257 4932 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:20:14.0260 4932 CscService - ok
12:20:14.0319 4932 [ 946A232A6FC3368805A161B890C23544 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:20:14.0320 4932 dc3d - ok
12:20:14.0358 4932 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:20:14.0361 4932 DcomLaunch - ok
12:20:14.0393 4932 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:20:14.0394 4932 defragsvc - ok
12:20:14.0456 4932 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:20:14.0456 4932 DfsC - ok
12:20:14.0517 4932 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:20:14.0518 4932 dg_ssudbus - ok
12:20:14.0584 4932 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:20:14.0585 4932 Dhcp - ok
12:20:14.0608 4932 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:20:14.0608 4932 discache - ok
12:20:14.0636 4932 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:20:14.0637 4932 Disk - ok
12:20:14.0701 4932 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:20:14.0701 4932 Dnscache - ok
12:20:14.0755 4932 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:20:14.0756 4932 dot3svc - ok
12:20:14.0812 4932 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:20:14.0813 4932 DPS - ok
12:20:14.0839 4932 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:20:14.0839 4932 drmkaud - ok
12:20:14.0897 4932 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:20:14.0900 4932 DXGKrnl - ok
12:20:14.0928 4932 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:20:14.0929 4932 EapHost - ok
12:20:14.0984 4932 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:20:14.0995 4932 ebdrv - ok
12:20:15.0052 4932 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:20:15.0053 4932 EFS - ok
12:20:15.0127 4932 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:20:15.0129 4932 ehRecvr - ok
12:20:15.0163 4932 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:20:15.0163 4932 ehSched - ok
12:20:15.0193 4932 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:20:15.0194 4932 elxstor - ok
12:20:15.0234 4932 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:20:15.0234 4932 ErrDev - ok
12:20:15.0294 4932 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:20:15.0295 4932 EventSystem - ok
12:20:15.0369 4932 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:20:15.0369 4932 exfat - ok
12:20:15.0381 4932 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:20:15.0382 4932 fastfat - ok
12:20:15.0449 4932 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:20:15.0451 4932 Fax - ok
12:20:15.0504 4932 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:20:15.0505 4932 fdc - ok
12:20:15.0513 4932 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:20:15.0514 4932 fdPHost - ok
12:20:15.0550 4932 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:20:15.0551 4932 FDResPub - ok
12:20:15.0587 4932 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:20:15.0587 4932 FileInfo - ok
12:20:15.0626 4932 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:20:15.0627 4932 Filetrace - ok
12:20:15.0706 4932 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:20:15.0708 4932 FLEXnet Licensing Service - ok
12:20:15.0757 4932 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:20:15.0757 4932 flpydisk - ok
12:20:15.0783 4932 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:20:15.0784 4932 FltMgr - ok
12:20:15.0856 4932 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
12:20:15.0860 4932 FontCache - ok
12:20:15.0934 4932 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:20:15.0934 4932 FontCache3.0.0.0 - ok
12:20:15.0973 4932 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:20:15.0973 4932 FsDepends - ok
12:20:16.0025 4932 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:20:16.0025 4932 Fs_Rec - ok
12:20:16.0091 4932 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:20:16.0091 4932 fvevol - ok
12:20:16.0112 4932 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:20:16.0112 4932 gagp30kx - ok
12:20:16.0160 4932 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:20:16.0160 4932 GEARAspiWDM - ok
12:20:16.0206 4932 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:20:16.0208 4932 gpsvc - ok
12:20:16.0293 4932 [ 506097D91E96AEE4BAD61800782E8FB6 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
12:20:16.0295 4932 Hardlock - ok
12:20:16.0297 4932 hasplms - ok
12:20:16.0343 4932 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:20:16.0344 4932 hcw85cir - ok
12:20:16.0407 4932 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:20:16.0408 4932 HdAudAddService - ok
12:20:16.0459 4932 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:20:16.0460 4932 HDAudBus - ok
12:20:16.0514 4932 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
12:20:16.0514 4932 HECI - ok
12:20:16.0557 4932 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:20:16.0558 4932 HidBatt - ok
12:20:16.0574 4932 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:20:16.0575 4932 HidBth - ok
12:20:16.0581 4932 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:20:16.0581 4932 HidIr - ok
12:20:16.0641 4932 [ A40793AE6E10463762553561C0E0AE54 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
12:20:16.0642 4932 hidkmdf - ok
12:20:16.0669 4932 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:20:16.0670 4932 hidserv - ok
12:20:16.0738 4932 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:20:16.0739 4932 HidUsb - ok
12:20:16.0792 4932 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:20:16.0793 4932 hkmsvc - ok
12:20:16.0858 4932 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:20:16.0859 4932 HomeGroupListener - ok
12:20:16.0923 4932 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:20:16.0925 4932 HomeGroupProvider - ok
12:20:16.0946 4932 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:20:16.0946 4932 HpSAMD - ok
12:20:17.0006 4932 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:20:17.0008 4932 HTTP - ok
12:20:17.0064 4932 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:20:17.0064 4932 hwpolicy - ok
12:20:17.0125 4932 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:20:17.0126 4932 i8042prt - ok
12:20:17.0199 4932 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:20:17.0200 4932 iaStor - ok
12:20:17.0347 4932 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:20:17.0348 4932 IAStorDataMgrSvc - ok
12:20:17.0376 4932 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:20:17.0377 4932 iaStorV - ok
12:20:17.0478 4932 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:20:17.0482 4932 idsvc - ok
12:20:17.0512 4932 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:20:17.0512 4932 iirsp - ok
12:20:17.0585 4932 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:20:17.0587 4932 IKEEXT - ok
12:20:17.0669 4932 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:20:17.0679 4932 IntcAzAudAddService - ok
12:20:17.0710 4932 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:20:17.0710 4932 intelide - ok
12:20:17.0741 4932 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:20:17.0741 4932 intelppm - ok
12:20:17.0758 4932 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:20:17.0758 4932 IPBusEnum - ok
12:20:17.0798 4932 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:20:17.0798 4932 IpFilterDriver - ok
12:20:17.0863 4932 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:20:17.0866 4932 iphlpsvc - ok
12:20:17.0924 4932 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:20:17.0925 4932 IPMIDRV - ok
12:20:17.0941 4932 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:20:17.0941 4932 IPNAT - ok
12:20:18.0010 4932 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:20:18.0013 4932 iPod Service - ok
12:20:18.0045 4932 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:20:18.0046 4932 IRENUM - ok
12:20:18.0075 4932 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:20:18.0076 4932 isapnp - ok
12:20:18.0112 4932 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:20:18.0113 4932 iScsiPrt - ok
12:20:18.0186 4932 [ 7EA81534E80570BDF6EE4A4248BBA4D6 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
12:20:18.0187 4932 k57nd60x - ok
12:20:18.0240 4932 [ 25F6915A8E38CD57D1C3D8EC662037BE ] k57w2k C:\Windows\system32\DRIVERS\k57xp32.sys
12:20:18.0241 4932 k57w2k - ok
12:20:18.0255 4932 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:20:18.0256 4932 kbdclass - ok
12:20:18.0316 4932 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:20:18.0316 4932 kbdhid - ok
12:20:18.0339 4932 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:20:18.0340 4932 KeyIso - ok
12:20:18.0387 4932 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:20:18.0388 4932 KSecDD - ok
12:20:18.0399 4932 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:20:18.0400 4932 KSecPkg - ok
12:20:18.0433 4932 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:20:18.0435 4932 KtmRm - ok
12:20:18.0475 4932 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:20:18.0477 4932 LanmanServer - ok
12:20:18.0520 4932 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:20:18.0522 4932 LanmanWorkstation - ok
12:20:18.0588 4932 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:20:18.0589 4932 lltdio - ok
12:20:18.0643 4932 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:20:18.0644 4932 lltdsvc - ok
12:20:18.0683 4932 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:20:18.0684 4932 lmhosts - ok
12:20:18.0812 4932 [ C6A4FA0BEED6E4198DDD8B8EE136CF80 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
12:20:18.0814 4932 LMIGuardianSvc - ok
12:20:18.0883 4932 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
12:20:18.0883 4932 LMIInfo - ok
12:20:18.0962 4932 [ 6295A19E8A6486FF8A13A1B2F4E461E0 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
12:20:18.0963 4932 LMIMaint - ok
12:20:19.0027 4932 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
12:20:19.0027 4932 lmimirr - ok
12:20:19.0038 4932 LMIRfsClientNP - ok
12:20:19.0074 4932 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
12:20:19.0075 4932 LMIRfsDriver - ok
12:20:19.0196 4932 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:20:19.0197 4932 LMS - ok
12:20:19.0250 4932 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
12:20:19.0251 4932 LogMeIn - ok
12:20:19.0309 4932 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:20:19.0310 4932 LSI_FC - ok
12:20:19.0351 4932 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:20:19.0352 4932 LSI_SAS - ok
12:20:19.0391 4932 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:20:19.0392 4932 LSI_SAS2 - ok
12:20:19.0433 4932 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:20:19.0434 4932 LSI_SCSI - ok
12:20:19.0478 4932 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:20:19.0478 4932 luafv - ok
12:20:19.0529 4932 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:20:19.0530 4932 Mcx2Svc - ok
12:20:19.0570 4932 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:20:19.0571 4932 megasas - ok
12:20:19.0598 4932 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:20:19.0599 4932 MegaSR - ok
12:20:19.0622 4932 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:20:19.0623 4932 MMCSS - ok
12:20:19.0633 4932 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:20:19.0634 4932 Modem - ok
12:20:19.0699 4932 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:20:19.0699 4932 monitor - ok
12:20:19.0747 4932 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:20:19.0748 4932 mouclass - ok
12:20:19.0823 4932 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:20:19.0824 4932 mouhid - ok
12:20:19.0882 4932 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:20:19.0882 4932 mountmgr - ok
12:20:19.0967 4932 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:20:19.0968 4932 MozillaMaintenance - ok
12:20:20.0040 4932 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
12:20:20.0041 4932 MpFilter - ok
12:20:20.0055 4932 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:20:20.0056 4932 mpio - ok
12:20:20.0240 4932 [ A69630D039C38018689190234F866D77 ] MpKslfb34ff35 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71C01EC0-6703-43BE-A87C-569AD518F6F1}\MpKslfb34ff35.sys
12:20:20.0240 4932 MpKslfb34ff35 - ok
12:20:20.0262 4932 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:20:20.0262 4932 mpsdrv - ok
12:20:20.0321 4932 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:20:20.0324 4932 MpsSvc - ok
12:20:20.0388 4932 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:20:20.0389 4932 MRxDAV - ok
12:20:20.0421 4932 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:20:20.0422 4932 mrxsmb - ok
12:20:20.0449 4932 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:20:20.0450 4932 mrxsmb10 - ok
12:20:20.0464 4932 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:20:20.0465 4932 mrxsmb20 - ok
12:20:20.0494 4932 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\drivers\msahci.sys
12:20:20.0494 4932 msahci - ok
12:20:20.0551 4932 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:20:20.0552 4932 msdsm - ok
12:20:20.0602 4932 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:20:20.0603 4932 MSDTC - ok
12:20:20.0651 4932 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:20:20.0651 4932 Msfs - ok
12:20:20.0700 4932 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:20:20.0701 4932 mshidkmdf - ok
12:20:20.0765 4932 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:20:20.0765 4932 msisadrv - ok
12:20:20.0788 4932 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:20:20.0790 4932 MSiSCSI - ok
12:20:20.0792 4932 msiserver - ok
12:20:20.0848 4932 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:20:20.0848 4932 MSKSSRV - ok
12:20:20.0955 4932 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:20:20.0955 4932 MsMpSvc - ok
12:20:21.0007 4932 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:20:21.0008 4932 MSPCLOCK - ok
12:20:21.0055 4932 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:20:21.0055 4932 MSPQM - ok
12:20:21.0111 4932 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:20:21.0112 4932 MsRPC - ok
12:20:21.0154 4932 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:20:21.0154 4932 mssmbios - ok
12:20:21.0165 4932 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:20:21.0166 4932 MSTEE - ok
12:20:21.0175 4932 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:20:21.0175 4932 MTConfig - ok
12:20:21.0228 4932 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:20:21.0228 4932 Mup - ok
12:20:21.0287 4932 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:20:21.0289 4932 napagent - ok
12:20:21.0310 4932 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:20:21.0311 4932 NativeWifiP - ok
12:20:21.0367 4932 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:20:21.0370 4932 NDIS - ok
12:20:21.0426 4932 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:20:21.0427 4932 NdisCap - ok
12:20:21.0445 4932 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:20:21.0446 4932 NdisTapi - ok
12:20:21.0497 4932 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:20:21.0497 4932 Ndisuio - ok
12:20:21.0549 4932 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:20:21.0549 4932 NdisWan - ok
12:20:21.0552 4932 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:20:21.0553 4932 NDProxy - ok
12:20:21.0569 4932 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:20:21.0569 4932 NetBIOS - ok
12:20:21.0634 4932 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:20:21.0635 4932 NetBT - ok
12:20:21.0637 4932 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:20:21.0638 4932 Netlogon - ok
12:20:21.0703 4932 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:20:21.0705 4932 Netman - ok
12:20:21.0757 4932 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:20:21.0760 4932 netprofm - ok
12:20:21.0808 4932 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:20:21.0808 4932 NetTcpPortSharing - ok
12:20:21.0866 4932 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:20:21.0866 4932 nfrd960 - ok
12:20:21.0904 4932 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:20:21.0905 4932 NisDrv - ok
12:20:21.0977 4932 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
12:20:21.0979 4932 NisSrv - ok
12:20:22.0050 4932 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:20:22.0052 4932 NlaSvc - ok
12:20:22.0069 4932 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:20:22.0069 4932 Npfs - ok
12:20:22.0087 4932 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:20:22.0089 4932 nsi - ok
12:20:22.0106 4932 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:20:22.0107 4932 nsiproxy - ok
12:20:22.0192 4932 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:20:22.0197 4932 Ntfs - ok
12:20:22.0291 4932 [ F37F68FD35023004C60515DB9DC13072 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:20:22.0291 4932 NuidFltr - ok
12:20:22.0329 4932 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:20:22.0329 4932 Null - ok
12:20:22.0391 4932 [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
12:20:22.0392 4932 NVHDA - ok
12:20:22.0539 4932 [ A6E06D1AE86B4FD2CD4AF1E5F2B8A241 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:20:22.0572 4932 nvlddmkm - ok
12:20:22.0662 4932 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:20:22.0662 4932 nvraid - ok
12:20:22.0726 4932 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:20:22.0727 4932 nvstor - ok
12:20:22.0796 4932 [ CD8EA2885B0FAC5CFD93B41BC7345DFE ] nvsvc C:\Windows\system32\nvvsvc.exe
12:20:22.0797 4932 nvsvc - ok
12:20:22.0904 4932 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:20:22.0904 4932 nv_agp - ok
12:20:23.0027 4932 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:20:23.0028 4932 odserv - ok
12:20:23.0085 4932 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:20:23.0085 4932 ohci1394 - ok
12:20:23.0159 4932 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:20:23.0160 4932 ose - ok
12:20:23.0320 4932 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:20:23.0337 4932 osppsvc - ok
12:20:23.0384 4932 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:20:23.0386 4932 p2pimsvc - ok
12:20:23.0450 4932 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:20:23.0452 4932 p2psvc - ok
12:20:23.0514 4932 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:20:23.0515 4932 Parport - ok
12:20:23.0573 4932 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:20:23.0573 4932 partmgr - ok
12:20:23.0626 4932 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:20:23.0627 4932 Parvdm - ok
12:20:23.0681 4932 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:20:23.0682 4932 PcaSvc - ok
12:20:23.0700 4932 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:20:23.0701 4932 pci - ok
12:20:23.0760 4932 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:20:23.0761 4932 pciide - ok
12:20:23.0778 4932 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:20:23.0778 4932 pcmcia - ok
12:20:23.0831 4932 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:20:23.0831 4932 pcw - ok
12:20:23.0857 4932 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:20:23.0859 4932 PEAUTH - ok
12:20:23.0926 4932 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:20:23.0931 4932 PeerDistSvc - ok
12:20:24.0000 4932 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:20:24.0006 4932 pla - ok
12:20:24.0067 4932 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:20:24.0070 4932 PlugPlay - ok
12:20:24.0094 4932 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:20:24.0095 4932 PNRPAutoReg - ok
12:20:24.0113 4932 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:20:24.0115 4932 PNRPsvc - ok
12:20:24.0177 4932 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
12:20:24.0177 4932 Point32 - ok
12:20:24.0194 4932 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:20:24.0196 4932 PolicyAgent - ok
12:20:24.0247 4932 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:20:24.0249 4932 Power - ok
12:20:24.0317 4932 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:20:24.0317 4932 PptpMiniport - ok
12:20:24.0330 4932 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:20:24.0331 4932 Processor - ok
12:20:24.0387 4932 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
12:20:24.0389 4932 ProfSvc - ok
12:20:24.0434 4932 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:20:24.0435 4932 ProtectedStorage - ok
12:20:24.0459 4932 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:20:24.0459 4932 Psched - ok
12:20:24.0501 4932 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:20:24.0507 4932 ql2300 - ok
12:20:24.0527 4932 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:20:24.0527 4932 ql40xx - ok
12:20:24.0551 4932 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:20:24.0553 4932 QWAVE - ok
12:20:24.0560 4932 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:20:24.0560 4932 QWAVEdrv - ok
12:20:24.0566 4932 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:20:24.0566 4932 RasAcd - ok
12:20:24.0589 4932 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:20:24.0590 4932 RasAgileVpn - ok
12:20:24.0602 4932 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:20:24.0604 4932 RasAuto - ok
12:20:24.0612 4932 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:20:24.0613 4932 Rasl2tp - ok
12:20:24.0676 4932 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:20:24.0678 4932 RasMan - ok
12:20:24.0691 4932 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:20:24.0691 4932 RasPppoe - ok
12:20:24.0701 4932 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:20:24.0702 4932 RasSstp - ok
12:20:24.0748 4932 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:20:24.0750 4932 rdbss - ok
12:20:24.0760 4932 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:20:24.0760 4932 rdpbus - ok
12:20:24.0810 4932 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:20:24.0810 4932 RDPCDD - ok
12:20:24.0864 4932 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:20:24.0864 4932 RDPDR - ok
12:20:24.0885 4932 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:20:24.0885 4932 RDPENCDD - ok
12:20:24.0893 4932 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:20:24.0894 4932 RDPREFMP - ok
12:20:24.0945 4932 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:20:24.0946 4932 RDPWD - ok
12:20:25.0007 4932 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:20:25.0008 4932 rdyboost - ok
12:20:25.0031 4932 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:20:25.0033 4932 RemoteAccess - ok
12:20:25.0038 4932 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:20:25.0040 4932 RemoteRegistry - ok
12:20:25.0051 4932 RimUsb - ok
12:20:25.0123 4932 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
12:20:25.0124 4932 RimVSerPort - ok
12:20:25.0160 4932 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
12:20:25.0161 4932 ROOTMODEM - ok
12:20:25.0180 4932 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:20:25.0182 4932 RpcEptMapper - ok
12:20:25.0187 4932 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:20:25.0188 4932 RpcLocator - ok
12:20:25.0205 4932 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:20:25.0208 4932 RpcSs - ok
12:20:25.0219 4932 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:20:25.0219 4932 rspndr - ok
12:20:25.0266 4932 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:20:25.0267 4932 s3cap - ok
12:20:25.0278 4932 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:20:25.0279 4932 SamSs - ok
12:20:25.0299 4932 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:20:25.0300 4932 sbp2port - ok
12:20:25.0318 4932 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:20:25.0319 4932 SCardSvr - ok
12:20:25.0328 4932 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:20:25.0328 4932 scfilter - ok
12:20:25.0387 4932 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:20:25.0391 4932 Schedule - ok
12:20:25.0400 4932 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:20:25.0400 4932 SCPolicySvc - ok
12:20:25.0452 4932 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:20:25.0453 4932 SDRSVC - ok
12:20:25.0479 4932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:20:25.0480 4932 secdrv - ok
12:20:25.0499 4932 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:20:25.0500 4932 seclogon - ok
12:20:25.0522 4932 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
12:20:25.0523 4932 SENS - ok
12:20:25.0547 4932 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:20:25.0549 4932 SensrSvc - ok
12:20:25.0563 4932 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:20:25.0563 4932 Serenum - ok
12:20:25.0572 4932 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:20:25.0572 4932 Serial - ok
12:20:25.0632 4932 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:20:25.0632 4932 sermouse - ok
12:20:25.0691 4932 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:20:25.0692 4932 SessionEnv - ok
12:20:25.0699 4932 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:20:25.0700 4932 sffdisk - ok
12:20:25.0706 4932 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:20:25.0706 4932 sffp_mmc - ok
12:20:25.0710 4932 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:20:25.0710 4932 sffp_sd - ok
12:20:25.0725 4932 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:20:25.0726 4932 sfloppy - ok
12:20:25.0742 4932 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:20:25.0743 4932 SharedAccess - ok
12:20:25.0803 4932 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:20:25.0806 4932 ShellHWDetection - ok
12:20:25.0826 4932 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:20:25.0826 4932 sisagp - ok
12:20:25.0844 4932 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:20:25.0844 4932 SiSRaid2 - ok
12:20:25.0857 4932 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:20:25.0858 4932 SiSRaid4 - ok
12:20:25.0948 4932 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:20:25.0949 4932 SkypeUpdate - ok
12:20:25.0969 4932 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:20:25.0970 4932 Smb - ok
12:20:25.0990 4932 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:20:25.0991 4932 SNMPTRAP - ok
12:20:26.0013 4932 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:20:26.0014 4932 spldr - ok
12:20:26.0069 4932 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:20:26.0072 4932 Spooler - ok
12:20:26.0121 4932 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:20:26.0133 4932 sppsvc - ok
12:20:26.0179 4932 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:20:26.0181 4932 sppuinotify - ok
12:20:26.0235 4932 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:20:26.0237 4932 srv - ok
12:20:26.0246 4932 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:20:26.0247 4932 srv2 - ok
12:20:26.0257 4932 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:20:26.0258 4932 srvnet - ok
12:20:26.0325 4932 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:20:26.0325 4932 ssadbus - ok
12:20:26.0347 4932 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:20:26.0347 4932 ssadmdfl - ok
12:20:26.0402 4932 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:20:26.0403 4932 ssadmdm - ok
12:20:26.0425 4932 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:20:26.0427 4932 SSDPSRV - ok
12:20:26.0433 4932 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:20:26.0435 4932 SstpSvc - ok
12:20:26.0499 4932 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:20:26.0500 4932 ssudmdm - ok
12:20:26.0527 4932 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:20:26.0527 4932 stexstor - ok
12:20:26.0584 4932 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:20:26.0588 4932 StiSvc - ok
12:20:26.0647 4932 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:20:26.0647 4932 storflt - ok
12:20:26.0670 4932 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:20:26.0672 4932 StorSvc - ok
12:20:26.0687 4932 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:20:26.0688 4932 storvsc - ok
12:20:26.0741 4932 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:20:26.0741 4932 swenum - ok
12:20:26.0880 4932 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:20:26.0882 4932 SwitchBoard - ok
12:20:26.0898 4932 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:20:26.0901 4932 swprv - ok
12:20:26.0973 4932 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:20:26.0979 4932 SysMain - ok
12:20:26.0994 4932 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:20:26.0995 4932 TabletInputService - ok
12:20:27.0209 4932 [ 7858692A63306093E808DBE4139286CE ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
12:20:27.0235 4932 TabletServiceWacom - ok
12:20:27.0288 4932 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:20:27.0290 4932 TapiSrv - ok
12:20:27.0305 4932 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:20:27.0307 4932 TBS - ok
12:20:27.0371 4932 [ 65D10B191C59C5501A1263FC33F6894B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:20:27.0376 4932 Tcpip - ok
12:20:27.0402 4932 [ 65D10B191C59C5501A1263FC33F6894B ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:20:27.0407 4932 TCPIP6 - ok
12:20:27.0460 4932 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:20:27.0460 4932 tcpipreg - ok
12:20:27.0520 4932 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:20:27.0520 4932 TDPIPE - ok
12:20:27.0568 4932 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:20:27.0568 4932 TDTCP - ok
12:20:27.0617 4932 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:20:27.0617 4932 tdx - ok
12:20:27.0675 4932 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:20:27.0675 4932 TermDD - ok
12:20:27.0729 4932 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:20:27.0733 4932 TermService - ok
12:20:27.0735 4932 tgfpqsvk - ok
12:20:27.0746 4932 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:20:27.0748 4932 Themes - ok
12:20:27.0753 4932 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:20:27.0754 4932 THREADORDER - ok
12:20:27.0822 4932 [ 23BF02F5DB9B5C163DD8917382BE82FC ] TouchServiceWacom C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
12:20:27.0824 4932 TouchServiceWacom - ok
12:20:27.0833 4932 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:20:27.0835 4932 TrkWks - ok
12:20:27.0860 4932 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:20:27.0861 4932 TrustedInstaller - ok
12:20:27.0870 4932 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:20:27.0870 4932 tssecsrv - ok
12:20:27.0930 4932 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:20:27.0930 4932 TsUsbFlt - ok
12:20:27.0988 4932 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:20:27.0989 4932 tunnel - ok
12:20:28.0004 4932 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:20:28.0004 4932 uagp35 - ok
12:20:28.0061 4932 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:20:28.0062 4932 udfs - ok
12:20:28.0087 4932 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:20:28.0088 4932 UI0Detect - ok
12:20:28.0105 4932 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:20:28.0106 4932 uliagpkx - ok
12:20:28.0123 4932 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:20:28.0124 4932 umbus - ok
12:20:28.0127 4932 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:20:28.0127 4932 UmPass - ok
12:20:28.0135 4932 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:20:28.0137 4932 UmRdpService - ok
12:20:28.0222 4932 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:20:28.0230 4932 UNS - ok
12:20:28.0240 4932 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:20:28.0242 4932 upnphost - ok
12:20:28.0302 4932 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:20:28.0303 4932 USBAAPL - ok
12:20:28.0353 4932 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:20:28.0354 4932 usbccgp - ok
12:20:28.0409 4932 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:20:28.0410 4932 usbcir - ok
12:20:28.0459 4932 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:20:28.0460 4932 usbehci - ok
12:20:28.0486 4932 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:20:28.0487 4932 usbhub - ok
12:20:28.0495 4932 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:20:28.0496 4932 usbohci - ok
12:20:28.0506 4932 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:20:28.0506 4932 usbprint - ok
12:20:28.0516 4932 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:20:28.0517 4932 USBSTOR - ok
12:20:28.0519 4932 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:20:28.0520 4932 usbuhci - ok
12:20:28.0540 4932 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:20:28.0541 4932 UxSms - ok
12:20:28.0549 4932 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:20:28.0550 4932 VaultSvc - ok
12:20:28.0570 4932 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:20:28.0571 4932 vdrvroot - ok
12:20:28.0631 4932 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:20:28.0634 4932 vds - ok
12:20:28.0644 4932 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:20:28.0644 4932 vga - ok
12:20:28.0655 4932 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:20:28.0655 4932 VgaSave - ok
12:20:28.0667 4932 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:20:28.0668 4932 vhdmp - ok
12:20:28.0681 4932 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:20:28.0682 4932 viaagp - ok
12:20:28.0704 4932 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:20:28.0704 4932 ViaC7 - ok
12:20:28.0722 4932 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:20:28.0722 4932 viaide - ok
12:20:28.0736 4932 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:20:28.0737 4932 vmbus - ok
12:20:28.0752 4932 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:20:28.0752 4932 VMBusHID - ok
12:20:28.0755 4932 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:20:28.0755 4932 volmgr - ok
12:20:28.0774 4932 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:20:28.0776 4932 volmgrx - ok
12:20:28.0790 4932 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:20:28.0791 4932 volsnap - ok
12:20:28.0819 4932 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:20:28.0820 4932 vsmraid - ok
12:20:28.0875 4932 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:20:28.0880 4932 VSS - ok
12:20:28.0904 4932 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:20:28.0904 4932 vwifibus - ok
12:20:28.0922 4932 [ EBBC126F8EF5F9A148DEC7A5CE8B29B9 ] WacHidRouter C:\Windows\system32\DRIVERS\wachidrouter.sys
12:20:28.0922 4932 WacHidRouter - ok
12:20:28.0970 4932 [ C3B03ED7B06657A3355F620BC02ACFB6 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
12:20:28.0970 4932 wacmoumonitor - ok
12:20:28.0981 4932 wacommousefilter - ok
12:20:28.0992 4932 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:20:28.0992 4932 WacomPen - ok
12:20:29.0066 4932 [ 7B6E1D56AADEC74AF5C1DD6C36FE1238 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
12:20:29.0066 4932 wacomrouterfilter - ok
12:20:29.0077 4932 wacomvhid - ok
12:20:29.0084 4932 WacomVKHid - ok
12:20:29.0148 4932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:20:29.0149 4932 WANARP - ok
12:20:29.0151 4932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:20:29.0152 4932 Wanarpv6 - ok
12:20:29.0228 4932 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:20:29.0233 4932 WatAdminSvc - ok
12:20:29.0260 4932 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:20:29.0266 4932 wbengine - ok
12:20:29.0285 4932 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:20:29.0287 4932 WbioSrvc - ok
12:20:29.0347 4932 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:20:29.0349 4932 wcncsvc - ok
12:20:29.0358 4932 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:20:29.0360 4932 WcsPlugInService - ok
12:20:29.0368 4932 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:20:29.0368 4932 Wd - ok
12:20:29.0427 4932 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
12:20:29.0427 4932 WDC_SAM - ok
12:20:29.0453 4932 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:20:29.0455 4932 Wdf01000 - ok
12:20:29.0462 4932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:20:29.0464 4932 WdiServiceHost - ok
12:20:29.0467 4932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:20:29.0468 4932 WdiSystemHost - ok
12:20:29.0528 4932 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:20:29.0530 4932 WebClient - ok
12:20:29.0545 4932 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:20:29.0547 4932 Wecsvc - ok
12:20:29.0553 4932 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:20:29.0555 4932 wercplsupport - ok
12:20:29.0577 4932 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:20:29.0579 4932 WerSvc - ok
12:20:29.0602 4932 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:20:29.0602 4932 WfpLwf - ok
12:20:29.0606 4932 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:20:29.0606 4932 WIMMount - ok
12:20:29.0651 4932 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:20:29.0654 4932 WinDefend - ok
12:20:29.0657 4932 WinHttpAutoProxySvc - ok
12:20:29.0695 4932 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:20:29.0696 4932 Winmgmt - ok
12:20:29.0756 4932 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:20:29.0762 4932 WinRM - ok
12:20:29.0836 4932 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:20:29.0836 4932 WinUsb - ok
12:20:29.0868 4932 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:20:29.0872 4932 Wlansvc - ok
12:20:29.0922 4932 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:20:29.0922 4932 WmiAcpi - ok
12:20:29.0946 4932 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:20:29.0947 4932 wmiApSrv - ok
12:20:29.0992 4932 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:20:29.0997 4932 WMPNetworkSvc - ok
12:20:30.0006 4932 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:20:30.0007 4932 WPCSvc - ok
12:20:30.0064 4932 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:20:30.0066 4932 WPDBusEnum - ok
12:20:30.0098 4932 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:20:30.0099 4932 ws2ifsl - ok
12:20:30.0112 4932 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
12:20:30.0113 4932 wscsvc - ok
12:20:30.0170 4932 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
12:20:30.0171 4932 WSDPrintDevice - ok
12:20:30.0173 4932 WSearch - ok
12:20:30.0247 4932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:20:30.0255 4932 wuauserv - ok
12:20:30.0308 4932 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:20:30.0308 4932 WudfPf - ok
12:20:30.0363 4932 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:20:30.0364 4932 WUDFRd - ok
12:20:30.0432 4932 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:20:30.0434 4932 wudfsvc - ok
12:20:30.0454 4932 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:20:30.0457 4932 WwanSvc - ok
12:20:30.0459 4932 ================ Scan global ===============================
12:20:30.0511 4932 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:20:30.0565 4932 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:20:30.0570 4932 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
12:20:30.0585 4932 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:20:30.0599 4932 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:20:30.0602 4932 [Global] - ok
12:20:30.0602 4932 ================ Scan MBR ==================================
12:20:30.0614 4932 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:20:30.0831 4932 \Device\Harddisk0\DR0 - ok
12:20:30.0835 4932 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
12:20:30.0981 4932 \Device\Harddisk1\DR1 - ok
12:20:30.0981 4932 ================ Scan VBR ==================================
12:20:30.0982 4932 [ 929686B29EA9536891ADB86AD3A9E7D6 ] \Device\Harddisk0\DR0\Partition1
12:20:30.0984 4932 \Device\Harddisk0\DR0\Partition1 - ok
12:20:30.0986 4932 [ FDF8C06FE11C09DA647E042A0F1F276D ] \Device\Harddisk1\DR1\Partition1
12:20:30.0987 4932 \Device\Harddisk1\DR1\Partition1 - ok
12:20:30.0988 4932 ============================================================
12:20:30.0988 4932 Scan finished
12:20:30.0988 4932 ============================================================
12:20:30.0993 1940 Detected object count: 1
12:20:30.0993 1940 Actual detected object count: 1
12:20:43.0020 1940 c:\program files\common files\akamai/netsession_win_5891ae0.dll - copied to quarantine
12:20:46.0484 1940 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine

Ran aswMBR successfully
Log File:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 12:25:30
-----------------------------
12:25:30.377 OS Version: Windows 6.1.7601 Service Pack 1
12:25:30.377 Number of processors: 8 586 0x1E05
12:25:30.377 ComputerName: computer UserName: user
12:25:30.812 Initialize success
12:26:14.176 AVAST engine defs: 12092700
12:33:19.473 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:33:19.475 Disk 0 Vendor: SAMSUNG_ 1AJ1 Size: 238418MB BusType: 3
12:33:19.489 Disk 0 MBR read successfully
12:33:19.492 Disk 0 MBR scan
12:33:19.496 Disk 0 Windows 7 default MBR code
12:33:19.500 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
12:33:19.517 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238322 MB offset 176715
12:33:19.548 Disk 0 scanning sectors +488281234
12:33:19.618 Disk 0 scanning C:\Windows\system32\drivers
12:33:35.500 Service scanning
12:33:53.934 Service MpKslfb34ff35 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71C01EC0-6703-43BE-A87C-569AD518F6F1}\MpKslfb34ff35.sys **LOCKED** 32
12:34:10.807 Modules scanning
12:34:47.045 Disk 0 trace - called modules:
12:34:47.064 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86795998]<<
12:34:47.069 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x886998f0]
12:34:47.074 3 CLASSPNP.SYS[8bda459e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86afc028]
12:34:47.082 \Driver\iaStor[0x86ac3a68] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86795998
12:34:47.387 AVAST engine scan C:\Windows
12:34:49.893 AVAST engine scan C:\Windows\system32
12:38:02.480 AVAST engine scan C:\Windows\system32\drivers
12:38:20.115 AVAST engine scan C:\Users\user
12:40:16.703 AVAST engine scan C:\ProgramData
12:44:19.582 Scan finished successfully
12:47:28.905 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:47:28.960 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 27 September 2012 - 02:54 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

#9 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 27 September 2012 - 05:49 PM

MBAM log:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.27.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: computer [administrator]

9/27/2012 1:22:38 PM
mbam-log-2012-09-27 (13-22-38).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 617358
Time elapsed: 1 hour(s), 49 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\TDSSKiller_Quarantine\27.09.2012_12.18.11\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.09.2012_12.18.11\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.
C:\TDSSKiller_Quarantine\27.09.2012_12.18.11\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Quarantined and deleted successfully.

(end)

Mini Toolbox log:

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (administrator) on 27-09-2012 at 13:15:50
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : computer
Primary Dns Suffix . . . . . . . : company.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : A4-BA-DB-FA-32-CE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::985d:51ed:d220:63f4%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, September 27, 2012 1:13:11 PM
Lease Expires . . . . . . . . . . : Friday, September 28, 2012 1:13:12 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-30-18-D9-A4-BA-DB-FA-32-CE
DNS Servers . . . . . . . . . . . : 192.168.1.22
208.67.222.222
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{929FE8BC-794E-4FC3-AE99-32D9D9BC0FAD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dc01.company.com
Address: 192.168.1.22

Name: google.com
Addresses: 2607:f8b0:4007:801::1005
74.125.239.8
74.125.239.9
74.125.239.6
74.125.239.5
74.125.239.2
74.125.239.1
74.125.239.4
74.125.239.14
74.125.239.7
74.125.239.3
74.125.239.0


Pinging google.com [74.125.239.8] with 32 bytes of data:
Reply from 74.125.239.8: bytes=32 time=14ms TTL=54
Reply from 74.125.239.8: bytes=32 time=15ms TTL=54

Ping statistics for 74.125.239.8:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 15ms, Average = 14ms
Server: dc01.company.com
Address: 192.168.1.22

Name: yahoo.com
Addresses: 98.139.183.24
98.138.253.109
72.30.38.140


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=832ms TTL=46
Reply from 98.139.183.24: bytes=32 time=766ms TTL=46

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 766ms, Maximum = 832ms, Average = 799ms
Server: dc01.company.com
Address: 192.168.1.22

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...a4 ba db fa 32 ce ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.112 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.112 266
192.168.1.112 255.255.255.255 On-link 192.168.1.112 266
192.168.1.255 255.255.255.255 On-link 192.168.1.112 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.112 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.112 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::985d:51ed:d220:63f4/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/27/2012 09:52:31 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1034

Start Time: 01cd9c359fdd50ef

Termination Time: 60000

Application Path: C:\Windows\Explorer.EXE

Report Id: 73810e65-08c3-11e2-b02b-a4badbfa32ce

Error: (09/17/2012 01:58:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16448, time stamp: 0x4fecf1b7
Faulting module name: D3D10Warp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7af
Exception code: 0xc0000005
Fault offset: 0x0002b4fc
Faulting process id: 0xc64
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (09/17/2012 11:34:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: flash.exe, version: 9.0.0.494, time stamp: 0x46015140
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x567e5840
Faulting process id: 0x1b44
Faulting application start time: 0xflash.exe0
Faulting application path: flash.exe1
Faulting module path: flash.exe2
Report Id: flash.exe3

Error: (09/07/2012 03:04:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/07/2012 03:04:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2012 03:04:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2012 03:04:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2012 01:00:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2012 01:00:34 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/05/2012 00:03:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: mso.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fe1743b
Exception code: 0xc0000005
Fault offset: 0x639d75e4
Faulting process id: 0xf38
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3


System errors:
=============
Error: (09/27/2012 01:13:09 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.

Error: (09/27/2012 01:11:49 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service has reported an invalid current state 32.

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2709630).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 (KB2705219).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2741355).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2699779).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Update for Windows 7 (KB2729094).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 (KB2676562).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows 7 (KB2698365).

Error: (09/27/2012 10:09:17 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070020: Cumulative Security Update for Internet Explorer 9 for Windows 7 (KB2744842).


Microsoft Office Sessions:
=========================
Error: (06/09/2011 03:47:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash.

Error: (06/09/2011 03:45:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 311 seconds with 240 seconds of active time. This session ended with a crash.

Error: (05/09/2011 03:31:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15868 seconds with 300 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Add or Remove Adobe Creative Suite 3 Design Standard (Version: 1.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash CS3 Professional (Version: 9.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Media Player (Version: 1.8)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Akamai NetSession Interface Service
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.14 (Unicode)
BlackBerry Desktop Software 6.1 (Version: 6.1.0.35)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.33.02)
CCleaner (Version: 3.19)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.10)
DigiDelivery (Version: 2.1.1)
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
HASP HL Device Driver
iCloud (Version: 2.0.2.187)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
iTunes (Version: 10.7.0.21)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Kies mini (Version: 1.00.0000)
LogMeIn (Version: 4.1.1552)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Outlook 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
NVIDIA Drivers (Version: 1.9)
Offline Course Player (Version: 04.0000.0008)
PDF Combine
PDF Settings (Version: 1.0)
PDF Settings CS5 (Version: 10.0)
QuickTime (Version: 7.72.80.56)
RarZilla Free Unrar (Version: 3.31)
Realtek High Definition Audio Driver (Version: 6.0.1.5919)
Safari (Version: 5.34.57.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.1800.0)
Skype™ 5.10 (Version: 5.10.116)
System Requirements Lab CYRI (Version: 4.5.1.0)
The Dude
Toon Boom Storyboard Pro (Version: 8.6.4797)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Wacom Tablet (Version: 6.3.1w3)
WebTablet FB Plugin (Version: 2.0.0.6)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
Yontoo 1.10.02 (Version: 1.10.02)
YouSendIt Express (Version: 2.11.2)

========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 3031.11 MB
Available physical RAM: 2199.88 MB
Total Pagefile: 6060.51 MB
Available Pagefile: 5175.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.41 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:232.74 GB) (Free:24.16 GB) NTFS
3 Drive g: (VOYAGER) (Removable) (Total:30.23 GB) (Free:17.74 GB) FAT32

========================= Users: ========================================

User accounts for \\computer

Administrator user3 Guest
LogMeInRemoteUser

========================= Restore Points ==================================


**** End of log ****

FSS log:

Farbar Service Scanner Version: 19-09-2012
Ran by user (administrator) on 27-09-2012 at 15:31:39
Running from "C:\Users\user\Desktop\Bleeping Computer Help"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Adware Cleaner log:

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 15:33:00
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : user - computer
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\Bleeping Computer Help\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Funmoods
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\user2\AppData\Roaming\Mozilla\Firefox\Profiles\uris2fhg.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y2n1cmim.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5862 octets] - [27/09/2012 15:33:00]

########## EOF - C:\AdwCleaner[S1].txt - [5922 octets] ##########

Junkware Removal Tool log:

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.1 (09.27.2012)
OS: Windows 7 Professional x86
Ran by user on Thu 09/27/2012 at 15:42:02.94
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

ERROR: Access is denied.Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files:

Failed to delete: [FILE-LOCKED!] C:\eula.1028.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1031.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1033.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1036.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1040.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1041.txt
Failed to delete: [FILE-LOCKED!] C:\eula.1042.txt
Failed to delete: [FILE-LOCKED!] C:\eula.2052.txt
Failed to delete: [FILE-LOCKED!] C:\install.res.1028.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1031.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1033.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1036.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1040.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1041.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.1042.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.2052.dll
Failed to delete: [FILE-LOCKED!] C:\install.res.3082.dll



*** Folders: 0 Detections



*** Ask Toolbar: - Remnants removed



*** FireFox detected and repaired:

The below lines were deleted from [FF prefs.js]

=============================

=============================



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Thu 09/27/2012 at 15:42:05.22
End of Report

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 27 September 2012 - 06:35 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#11 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 27 September 2012 - 06:45 PM

rkill log:

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/27/2012 04:37:36 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* W32Time [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 09/27/2012 04:37:45 PM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)

Autoruns log:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "AdobeCS5ServiceManager" "Adobe CS5 Service Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft device center\ipoint.exe"
+ "IntelliType Pro" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft device center\itype.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "RtHDVCpl" "Realtek HD Audio Manager" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\rthdvcpl.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files\common files\adobe\switchboard\switchboard.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files\common files\apple\internet services\shellstreams.dll"
+ "YsiShellExt" "YsiExt" "YouSendIt.com" "c:\program files\yousendit\express\version2\ysiext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "YsiShellExt" "YsiExt" "YouSendIt.com" "c:\program files\yousendit\express\version2\ysiext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\TabletPC\InputPersonalization" "Input Personalization Server" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ink\inputpersonalization.exe"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_devicecenter_exe" "Microsoft Mouse and Keyboard Center" "Microsoft" "c:\program files\microsoft device center\devicecenter.exe"
+ "\Microsoft_Hardware_Launch_ipoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft device center\ipoint.exe"
+ "\Microsoft_Hardware_Launch_itype_exe" "IType.exe" "Microsoft Corporation" "c:\program files\microsoft device center\itype.exe"
+ "\{FE7B268E-AE3D-4589-B563-D242129FAA13}" "Internet Explorer" "Microsoft Corporation" "c:\program files\internet explorer\iexplore.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Akamai" "Provides networking protocol and file transfer technologies. If the service is stopped, those applications that depend on the service may fail to transfer files or otherwise function properly." "Akamai Technologies, Inc." "c:\program files\common files\akamai/netsession_win_5891ae0.dll"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files\intel\intel® management engine components\lms\lms.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aksfridge" "SafeNet Inc. Sentinel Ancillary Function Driver" "SafeNet Inc." "c:\windows\system32\drivers\aksfridge.sys"
+ "akshasp" "AKSHASP Device Driver" "Aladdin Knowledge Systems Ltd." "c:\windows\system32\drivers\akshasp.sys"
+ "akshhl" "Sentinel HL Device Driver" "SafeNet Inc." "c:\windows\system32\drivers\akshhl.sys"
+ "aksusb" "SafeNet-Inc. Sentinel USB Key Driver" "SafeNet Inc." "c:\windows\system32\drivers\aksusb.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "aqynujqv" "" "" "File not found: C:\Windows\system32\drivers\aqynujqv.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "Hardlock" "Sentinel Hardlock Device Driver for Windows NT" "SafeNet Inc." "c:\windows\system32\drivers\hardlock.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECI" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\heci.sys"
+ "hidkmdf" "Filter Driver for HID-KMDF Interface" "Windows ® Win 7 DDK provider" "c:\windows\system32\drivers\hidkmdf.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x86" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "k57nd60x" "Broadcom NetLink ™ Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57nd60x.sys"
+ "k57w2k" "Broadcom NetLink ™ Gigabit Ethernet NDIS5.1 Driver." "Broadcom Corporation" "c:\windows\system32\drivers\k57xp32.sys"
+ "LMIInfo" "RemotelyAnywhere Kernel Information Provider" "LogMeIn, Inc." "c:\program files\logmein\x86\rainfo.sys"
+ "lmimirr" "LogMeIn Mirror Miniport Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmimirr.sys"
+ "LMIRfsDriver" "LogMeIn Rfs Drivemap Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\lmirfsdriver.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda32v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 191.04 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "" "" "File not found: System32\Drivers\RimUsb.sys"
+ "RimVSerPort" "RIM Virtual Serial Driver" "Research in Motion Ltd" "c:\windows\system32\drivers\rimserial.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "ssadbus" "SAMSUNG Android USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl" "SAMSUNG Android USB Modem (Filter)" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm" "SAMSUNG Android USB Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdm.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "tgfpqsvk" "" "" "File not found: C:\Windows\system32\drivers\tgfpqsvk.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WacHidRouter" "Wacom HID Router" "Wacom Technology" "c:\windows\system32\drivers\wachidrouter.sys"
+ "wacmoumonitor" "Wacom HID Mouse Monitor Filter Driver" "Wacom Technology" "c:\windows\system32\drivers\wacmoumonitor.sys"
+ "wacommousefilter" "" "" "File not found: system32\DRIVERS\wacommousefilter.sys"
+ "wacomrouterfilter" "Wacom Router Filter Driver" "Wacom Technology" "c:\windows\system32\drivers\wacomrouterfilter.sys"
+ "wacomvhid" "" "" "File not found: system32\DRIVERS\wacomvhid.sys"
+ "WacomVKHid" "" "" "File not found: system32\DRIVERS\WacomVKHid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "LogMeIn Video Decoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "LogMeIn Video Encoder" "LogMeIn Video Codec" "LogMeIn, Inc." "c:\program files\logmein\x86\racodec.ax"
+ "MainConcept AAC Decoder" "AAC audio decoder filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_aac_ds.ax"
+ "MainConcept AMR Decoder" "AMR Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_amr_ds.ax"
+ "MainConcept Audio Converter" "Audio Converter DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_audio_converter_ds.ax"
+ "MainConcept Audio Resampler" "Audio Resampler Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_audio_samplerate_ds.ax"
+ "MainConcept AVC/H.264 Video Decoder" "AVC/H.264 Decoder DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_avc_ds.ax"
+ "MainConcept Color Space Converter" "Color Space Converter DirectShow Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_colorspace_ds.ax"
+ "MainConcept Frame Rate Converter" "Frame Rate Converter DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_framerate_ds.ax"
+ "MainConcept ImageScaler" "ImageScaler DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_trans_video_imagescaler_ds.ax"
+ "MainConcept Layer II Audio Decoder" "Layer II Audio Decoder" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mpa_ds.ax"
+ "MainConcept MP4 Demultiplexer" "MP4 Demultiplexer Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp4_ds.ax"
+ "MainConcept MPEG Demultiplexer" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax"
+ "MainConcept MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mp2v_ds.ax"
+ "MainConcept MPEG-4 Video Decoder" "MPEG-4 Video Decoder Direct Show Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_dec_mp4v_ds.ax"
+ "MainConcept Sink Filter" "Sink DS Filter" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_render_fileindex_ds.ax"
+ "MainConcept Stream Parser" "MPEG-1/2 Demultiplexer" "MainConcept GmbH" "c:\program files\research in motion\blackberry desktop\codecs\mc_demux_mp2_ds.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "LogMeInCredProv" "LogMeIn Remote Control Helper" "LogMeIn, Inc." "c:\windows\system32\lmiinit.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LogMeIn Printer Port Monitor" "RemotelyAnywhere Printer Port Monitor" "LogMeIn, Inc." "c:\windows\system32\lmiport.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "LMIRfsClientNP" "LogMeIn Virtual Disk Network" "LogMeIn, Inc." "c:\windows\system32\lmirfsclientnp.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 27 September 2012 - 06:51 PM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP-http://support.microsoft.com/kb/310405

Vista & windows 7-http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#13 lolcats

lolcats
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:36 AM

Posted 27 September 2012 - 07:41 PM

Thanks again for the help with this.
I noticed a bunch of junk was removed during this process.
I'll read the links you provided pertaining to how I got infected and how to prevent becoming infected.
I'm usually pretty good about updating and running scans regularly.
As I mentioned, this is an inherited work computer at my new gig.

I have a question I hope you can answer.
Regarding user profiles for people no longer employed with the Company.
Is deleting C:\Users\FormerEmployee enough or are there Registry entries that should be deleted as well?
If the Registry needs to be modified, is there a utility that will perform this task?

Many thanks

Edited by lolcats, 27 September 2012 - 07:43 PM.


#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:36 AM

Posted 27 September 2012 - 08:43 PM

Click on controlpanel-user accounts

Delete the specific account.While deleting it you will be asked to keep or delete files.If you dont need any files related to the account you can remove them or save it to desktop.

good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users