Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Ransom Virus - how do I fix?


  • Please log in to reply
19 replies to this topic

#1 InfectedRansomVirus

InfectedRansomVirus

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 29 September 2012 - 04:53 PM

Hello,

Five days ago I was infected with a ransom virus. My computer booted up and then immediately loads a fake fbi warnings screen demanding that I pay $200 to unlock my computer.

I am running Windows 7 Home Premium 64-bit on a Lenovo laptop.

I tried restoring to a earlier restore point but my computer kept returning an unspecified error. This was attempted 5 different times. Although, I can successfully restore to a restore point that was created AFTER the infection.

Next, I tried booting in safemode and I ran the following anti-malware programs:

1)Malwarebytes
2)Emsissoft
3)roguekiller
4)TDSSkiller

The programs quarantined various infections but presented a new problem.

When I try booting up in normal mode the computer screen either boots to my desktop but doesn't allow me to click on anything, even the start button, or the computer boots to a black screen with a cursor that is manipulable.

I have run out of ideas about how to clean and restore my computer. I have spent three days reading forum posts and trying solutions like changing the programs that initiate upon startup, but I don't feel competent enough to fool around with registry values or do anything more difficult than running an automated program.

I hope that an expert on this forum can guide me through using some more advanced cleaning techniques.

Thank you,
InfectedRandomVirus

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 29 September 2012 - 05:21 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 29 September 2012 - 09:30 PM

Thank you for replying!!!

In the meantime since I first posted to the forum I turned off all systems and programs in startup (using the msconfig). The computer started in normal mode and I ran malwarebytes again and deleted three Trojan viruses. Then I started to slowly add back, program by program, the programs and systems that begin at startup. I left some programs that I don't recognize, like wwancfg.exe, unchecked so that they don't begin at startup.

The computer seems to startup now but it is extremely slow and after about 5 minutes it stops responding. This might be caused by Mcaffee or malwarebytes or their interaction.

Below are the logs that you have requested.


1) TDSS LOG

17:10:42.0366 1784 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:10:43.0006 1784 ============================================================
17:10:43.0006 1784 Current date / time: 2012/09/29 17:10:43.0006
17:10:43.0006 1784 SystemInfo:
17:10:43.0006 1784
17:10:43.0006 1784 OS Version: 6.1.7601 ServicePack: 1.0
17:10:43.0006 1784 Product type: Workstation
17:10:43.0006 1784 ComputerName: EVAN_LENOVO-PC
17:10:43.0006 1784 UserName: Evan_lenovo
17:10:43.0006 1784 Windows directory: C:\windows
17:10:43.0006 1784 System windows directory: C:\windows
17:10:43.0006 1784 Running under WOW64
17:10:43.0006 1784 Processor architecture: Intel x64
17:10:43.0006 1784 Number of processors: 2
17:10:43.0006 1784 Page size: 0x1000
17:10:43.0006 1784 Boot type: Safe boot with network
17:10:43.0006 1784 ============================================================
17:10:45.0233 1784 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:10:45.0233 1784 ============================================================
17:10:45.0233 1784 \Device\Harddisk0\DR0:
17:10:45.0233 1784 MBR partitions:
17:10:45.0233 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
17:10:45.0233 1784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x108B1000
17:10:45.0264 1784 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10916000, BlocksNum 0x3BFA800
17:10:45.0280 1784 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14511800, BlocksNum 0xF19A000
17:10:45.0280 1784 ============================================================
17:10:45.0327 1784 C: <-> \Device\Harddisk0\DR0\Partition2
17:10:45.0389 1784 E: <-> \Device\Harddisk0\DR0\Partition4
17:10:45.0420 1784 D: <-> \Device\Harddisk0\DR0\Partition3
17:10:45.0420 1784 ============================================================
17:10:45.0420 1784 Initialize success
17:10:45.0420 1784 ============================================================
17:10:53.0704 2168 ============================================================
17:10:53.0704 2168 Scan started
17:10:53.0704 2168 Mode: Manual; TDLFS;
17:10:53.0704 2168 ============================================================
17:10:56.0325 2168 ================ Scan system memory ========================
17:10:56.0325 2168 System memory - ok
17:10:56.0325 2168 ================ Scan services =============================
17:10:56.0496 2168 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:10:56.0512 2168 1394ohci - ok
17:10:56.0559 2168 62290691 - ok
17:10:56.0762 2168 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA E:\Desktop\Misc Projects\EmsisoftEmergencyKit\Run\a2ddax64.sys
17:10:56.0777 2168 A2DDA - ok
17:10:56.0824 2168 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:10:56.0824 2168 ACPI - ok
17:10:56.0855 2168 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:10:56.0855 2168 AcpiPmi - ok
17:10:56.0902 2168 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
17:10:56.0902 2168 ACPIVPC - ok
17:10:56.0949 2168 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:10:56.0949 2168 adp94xx - ok
17:10:56.0996 2168 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:10:56.0996 2168 adpahci - ok
17:10:57.0027 2168 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:10:57.0027 2168 adpu320 - ok
17:10:57.0074 2168 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:10:57.0074 2168 AeLookupSvc - ok
17:10:57.0136 2168 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\windows\system32\drivers\afd.sys
17:10:57.0152 2168 AFD - ok
17:10:57.0183 2168 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:10:57.0183 2168 agp440 - ok
17:10:57.0198 2168 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:10:57.0198 2168 ALG - ok
17:10:57.0230 2168 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:10:57.0230 2168 aliide - ok
17:10:57.0276 2168 [ 310F88A93C3B02E3D1F906FB57B9E01E ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
17:10:57.0292 2168 AMD External Events Utility - ok
17:10:57.0292 2168 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:10:57.0292 2168 amdide - ok
17:10:57.0323 2168 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:10:57.0339 2168 AmdK8 - ok
17:10:57.0557 2168 [ 62DDF55680F8C53E4B8DDE4189ADA0B8 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
17:10:57.0760 2168 amdkmdag - ok
17:10:57.0807 2168 [ 51F027DFFEDFB8D763FABFFA06B56E6D ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
17:10:57.0807 2168 amdkmdap - ok
17:10:57.0854 2168 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
17:10:57.0854 2168 AmdPPM - ok
17:10:57.0900 2168 [ CC3021D064EB6D3C2F949530E2B0BA47 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
17:10:57.0900 2168 amdsata - ok
17:10:57.0947 2168 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:10:57.0947 2168 amdsbs - ok
17:10:57.0978 2168 [ FFC5A0F6263574EF0D5467496B721F77 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:10:57.0978 2168 amdxata - ok
17:10:58.0034 2168 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:10:58.0034 2168 AppID - ok
17:10:58.0084 2168 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:10:58.0084 2168 AppIDSvc - ok
17:10:58.0104 2168 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:10:58.0104 2168 Appinfo - ok
17:10:58.0204 2168 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:10:58.0214 2168 Apple Mobile Device - ok
17:10:58.0254 2168 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:10:58.0264 2168 arc - ok
17:10:58.0304 2168 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:10:58.0304 2168 arcsas - ok
17:10:58.0324 2168 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:10:58.0324 2168 AsyncMac - ok
17:10:58.0354 2168 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:10:58.0354 2168 atapi - ok
17:10:58.0434 2168 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
17:10:58.0434 2168 AtiHDAudioService - ok
17:10:58.0484 2168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:10:58.0494 2168 AudioEndpointBuilder - ok
17:10:58.0544 2168 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:10:58.0554 2168 AudioSrv - ok
17:10:58.0604 2168 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:10:58.0614 2168 AxInstSV - ok
17:10:58.0674 2168 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:10:58.0684 2168 b06bdrv - ok
17:10:58.0734 2168 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:10:58.0744 2168 b57nd60a - ok
17:10:58.0784 2168 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:10:58.0784 2168 BDESVC - ok
17:10:58.0804 2168 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:10:58.0804 2168 Beep - ok
17:10:58.0864 2168 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:10:58.0884 2168 BFE - ok
17:10:58.0924 2168 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
17:10:58.0964 2168 BITS - ok
17:10:59.0004 2168 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:10:59.0004 2168 blbdrive - ok
17:10:59.0084 2168 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:10:59.0084 2168 Bonjour Service - ok
17:10:59.0114 2168 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:10:59.0124 2168 bowser - ok
17:10:59.0154 2168 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
17:10:59.0154 2168 BPntDrv - ok
17:10:59.0184 2168 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:10:59.0194 2168 BrFiltLo - ok
17:10:59.0204 2168 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:10:59.0204 2168 BrFiltUp - ok
17:10:59.0254 2168 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
17:10:59.0254 2168 Browser - ok
17:10:59.0294 2168 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:10:59.0294 2168 Brserid - ok
17:10:59.0314 2168 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:10:59.0314 2168 BrSerWdm - ok
17:10:59.0344 2168 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:10:59.0344 2168 BrUsbMdm - ok
17:10:59.0354 2168 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:10:59.0354 2168 BrUsbSer - ok
17:10:59.0404 2168 [ 832B121E4532919CC49F2438F1DCAA21 ] BthAvrcp C:\windows\system32\DRIVERS\BthAvrcp.sys
17:10:59.0414 2168 BthAvrcp - ok
17:10:59.0464 2168 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys
17:10:59.0474 2168 BthEnum - ok
17:10:59.0484 2168 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
17:10:59.0484 2168 BTHMODEM - ok
17:10:59.0534 2168 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
17:10:59.0554 2168 BthPan - ok
17:10:59.0734 2168 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
17:10:59.0744 2168 BTHPORT - ok
17:10:59.0824 2168 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:10:59.0824 2168 bthserv - ok
17:10:59.0864 2168 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
17:10:59.0864 2168 BTHUSB - ok
17:10:59.0944 2168 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:10:59.0944 2168 cdfs - ok
17:11:00.0024 2168 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:11:00.0024 2168 cdrom - ok
17:11:00.0075 2168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:11:00.0091 2168 CertPropSvc - ok
17:11:00.0138 2168 [ ED0263B2EB24F0F4E3898036FA1D28A1 ] cfwids C:\windows\system32\drivers\cfwids.sys
17:11:00.0138 2168 cfwids - ok
17:11:00.0184 2168 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:11:00.0184 2168 circlass - ok
17:11:00.0216 2168 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:11:00.0231 2168 CLFS - ok
17:11:00.0340 2168 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:11:00.0340 2168 clr_optimization_v2.0.50727_32 - ok
17:11:00.0403 2168 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:11:00.0403 2168 clr_optimization_v2.0.50727_64 - ok
17:11:00.0465 2168 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
17:11:00.0465 2168 clwvd - ok
17:11:00.0512 2168 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:11:00.0512 2168 CmBatt - ok
17:11:00.0543 2168 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:11:00.0543 2168 cmdide - ok
17:11:00.0590 2168 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys
17:11:00.0606 2168 CNG - ok
17:11:00.0715 2168 [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
17:11:00.0762 2168 CnxtHdAudService - ok
17:11:00.0840 2168 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:11:00.0840 2168 Compbatt - ok
17:11:00.0886 2168 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:11:00.0886 2168 CompositeBus - ok
17:11:00.0918 2168 COMSysApp - ok
17:11:00.0949 2168 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:11:00.0949 2168 crcdisk - ok
17:11:01.0027 2168 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\windows\system32\cryptsvc.dll
17:11:01.0027 2168 CryptSvc - ok
17:11:01.0074 2168 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\windows\system32\CxAudMsg64.exe
17:11:01.0074 2168 CxAudMsg - ok
17:11:01.0152 2168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:11:01.0167 2168 DcomLaunch - ok
17:11:01.0230 2168 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:11:01.0230 2168 defragsvc - ok
17:11:01.0292 2168 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:11:01.0292 2168 DfsC - ok
17:11:01.0354 2168 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:11:01.0354 2168 Dhcp - ok
17:11:01.0386 2168 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:11:01.0401 2168 discache - ok
17:11:01.0401 2168 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:11:01.0417 2168 Disk - ok
17:11:01.0432 2168 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:11:01.0448 2168 Dnscache - ok
17:11:01.0479 2168 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:11:01.0479 2168 dot3svc - ok
17:11:01.0557 2168 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
17:11:01.0573 2168 Dot4 - ok
17:11:01.0604 2168 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
17:11:01.0620 2168 Dot4Print - ok
17:11:01.0635 2168 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
17:11:01.0635 2168 dot4usb - ok
17:11:01.0666 2168 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:11:01.0666 2168 DPS - ok
17:11:01.0744 2168 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:11:01.0744 2168 drmkaud - ok
17:11:01.0807 2168 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:11:01.0822 2168 DXGKrnl - ok
17:11:01.0885 2168 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:11:01.0885 2168 EapHost - ok
17:11:01.0994 2168 [ 70B997B168AE99C900B3F6B00FB231D3 ] EaseUS Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
17:11:02.0010 2168 EaseUS Agent - ok
17:11:02.0103 2168 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:11:02.0197 2168 ebdrv - ok
17:11:02.0228 2168 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:11:02.0244 2168 EFS - ok
17:11:02.0322 2168 [ 2C1A297638E4319179A1112D4D6522B8 ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
17:11:02.0337 2168 EgisTec Service - ok
17:11:02.0415 2168 [ 0AC3BAA7DF250C76DD9BCFC51565CB5F ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
17:11:02.0415 2168 EgisTec Service Help - ok
17:11:02.0462 2168 [ 7745AAFFB61438C28C75E18CE98D4E64 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
17:11:02.0478 2168 EgisTec Ticket Service - ok
17:11:02.0540 2168 [ 33708C6D915F8DE734CF3ABB0731515B ] EgisTecFF C:\windows\system32\DRIVERS\EgisTecFF.sys
17:11:02.0540 2168 EgisTecFF - ok
17:11:02.0618 2168 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:11:02.0634 2168 ehRecvr - ok
17:11:02.0665 2168 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:11:02.0665 2168 ehSched - ok
17:11:02.0712 2168 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:11:02.0727 2168 elxstor - ok
17:11:02.0727 2168 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:11:02.0743 2168 ErrDev - ok
17:11:02.0790 2168 [ AFB8764E629E81E6F4BDD9252B67AEF3 ] EUBAKUP C:\windows\system32\drivers\eubakup.sys
17:11:02.0805 2168 EUBAKUP - ok
17:11:02.0852 2168 [ 4DC80FC28D27053497ABC7B1C423CAA7 ] EUBKMON C:\windows\system32\drivers\EUBKMON.sys
17:11:02.0852 2168 EUBKMON - ok
17:11:02.0883 2168 [ 962150F74FF131A330B9C9DD502526AC ] EUDSKACS C:\windows\system32\drivers\eudskacs.sys
17:11:02.0883 2168 EUDSKACS - ok
17:11:02.0914 2168 [ 1B55D6F38343904F0D26A5B0744B6BD8 ] EUFDDISK C:\windows\system32\drivers\EuFdDisk.sys
17:11:02.0930 2168 EUFDDISK - ok
17:11:02.0992 2168 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:11:03.0008 2168 EventSystem - ok
17:11:03.0039 2168 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:11:03.0055 2168 exfat - ok
17:11:03.0086 2168 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:11:03.0086 2168 fastfat - ok
17:11:03.0117 2168 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:11:03.0133 2168 Fax - ok
17:11:03.0180 2168 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\windows\system32\drivers\fbfmon.sys
17:11:03.0180 2168 fbfmon - ok
17:11:03.0180 2168 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:11:03.0195 2168 fdc - ok
17:11:03.0211 2168 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:11:03.0211 2168 fdPHost - ok
17:11:03.0242 2168 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:11:03.0242 2168 FDResPub - ok
17:11:03.0273 2168 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:11:03.0289 2168 FileInfo - ok
17:11:03.0304 2168 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:11:03.0304 2168 Filetrace - ok
17:11:03.0304 2168 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:11:03.0304 2168 flpydisk - ok
17:11:03.0351 2168 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:11:03.0351 2168 FltMgr - ok
17:11:03.0382 2168 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:11:03.0429 2168 FontCache - ok
17:11:03.0476 2168 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:11:03.0476 2168 FontCache3.0.0.0 - ok
17:11:03.0523 2168 [ 721A1C957BD23829C6D2BE5C7CDC1012 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
17:11:03.0523 2168 FPSensor - ok
17:11:03.0554 2168 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:11:03.0554 2168 FsDepends - ok
17:11:03.0570 2168 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:11:03.0570 2168 Fs_Rec - ok
17:11:03.0632 2168 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:11:03.0632 2168 fvevol - ok
17:11:03.0663 2168 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:11:03.0679 2168 gagp30kx - ok
17:11:03.0726 2168 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:11:03.0726 2168 GEARAspiWDM - ok
17:11:03.0757 2168 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:11:03.0788 2168 gpsvc - ok
17:11:03.0850 2168 [ A09BD5E75C4BDACA295F9F1D9C5DFE38 ] Guard Agent C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
17:11:03.0882 2168 Guard Agent - ok
17:11:03.0928 2168 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\windows\system32\drivers\hcmon.sys
17:11:03.0944 2168 hcmon - ok
17:11:03.0975 2168 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:11:03.0975 2168 hcw85cir - ok
17:11:04.0022 2168 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:11:04.0022 2168 HdAudAddService - ok
17:11:04.0069 2168 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:11:04.0069 2168 HDAudBus - ok
17:11:04.0069 2168 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:11:04.0069 2168 HidBatt - ok
17:11:04.0084 2168 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:11:04.0084 2168 HidBth - ok
17:11:04.0100 2168 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:11:04.0100 2168 HidIr - ok
17:11:04.0131 2168 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
17:11:04.0131 2168 hidserv - ok
17:11:04.0162 2168 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:11:04.0178 2168 HidUsb - ok
17:11:04.0209 2168 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:11:04.0209 2168 hkmsvc - ok
17:11:04.0225 2168 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:11:04.0240 2168 HomeGroupListener - ok
17:11:04.0287 2168 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:11:04.0287 2168 HomeGroupProvider - ok
17:11:04.0287 2168 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:11:04.0303 2168 HpSAMD - ok
17:11:04.0350 2168 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:11:04.0365 2168 HTTP - ok
17:11:04.0381 2168 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:11:04.0381 2168 hwpolicy - ok
17:11:04.0412 2168 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:11:04.0428 2168 i8042prt - ok
17:11:04.0459 2168 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:11:04.0459 2168 iaStorV - ok
17:11:04.0537 2168 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:11:04.0552 2168 idsvc - ok
17:11:04.0552 2168 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:11:04.0568 2168 iirsp - ok
17:11:04.0615 2168 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:11:04.0630 2168 IKEEXT - ok
17:11:04.0646 2168 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:11:04.0646 2168 intelide - ok
17:11:04.0662 2168 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
17:11:04.0677 2168 intelppm - ok
17:11:04.0693 2168 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:11:04.0693 2168 IPBusEnum - ok
17:11:04.0708 2168 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:11:04.0708 2168 IpFilterDriver - ok
17:11:04.0724 2168 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:11:04.0740 2168 iphlpsvc - ok
17:11:04.0771 2168 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:11:04.0771 2168 IPMIDRV - ok
17:11:04.0786 2168 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:11:04.0802 2168 IPNAT - ok
17:11:04.0849 2168 [ 4472C8825B5E41D8697D5962F47AB1C9 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:11:04.0864 2168 iPod Service - ok
17:11:04.0896 2168 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:11:04.0896 2168 IRENUM - ok
17:11:04.0911 2168 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:11:04.0911 2168 isapnp - ok
17:11:04.0927 2168 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:11:04.0942 2168 iScsiPrt - ok
17:11:04.0974 2168 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:11:04.0974 2168 kbdclass - ok
17:11:05.0020 2168 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:11:05.0020 2168 kbdhid - ok
17:11:05.0052 2168 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:11:05.0067 2168 KeyIso - ok
17:11:05.0083 2168 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:11:05.0098 2168 KSecDD - ok
17:11:05.0114 2168 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:11:05.0114 2168 KSecPkg - ok
17:11:05.0130 2168 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:11:05.0145 2168 ksthunk - ok
17:11:05.0176 2168 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:11:05.0176 2168 KtmRm - ok
17:11:05.0223 2168 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
17:11:05.0239 2168 LanmanServer - ok
17:11:05.0270 2168 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:11:05.0286 2168 LanmanWorkstation - ok
17:11:05.0301 2168 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
17:11:05.0301 2168 LHDmgr - ok
17:11:05.0348 2168 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:11:05.0348 2168 lltdio - ok
17:11:05.0379 2168 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:11:05.0395 2168 lltdsvc - ok
17:11:05.0410 2168 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:11:05.0410 2168 lmhosts - ok
17:11:05.0457 2168 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:11:05.0457 2168 LSI_FC - ok
17:11:05.0488 2168 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:11:05.0488 2168 LSI_SAS - ok
17:11:05.0504 2168 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:11:05.0520 2168 LSI_SAS2 - ok
17:11:05.0520 2168 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:11:05.0520 2168 LSI_SCSI - ok
17:11:05.0551 2168 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:11:05.0551 2168 luafv - ok
17:11:05.0613 2168 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
17:11:05.0613 2168 MBAMProtector - ok
17:11:05.0691 2168 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:11:05.0691 2168 MBAMScheduler - ok
17:11:05.0738 2168 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:11:05.0738 2168 MBAMService - ok
17:11:05.0800 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:11:05.0800 2168 McAfee SiteAdvisor Service - ok
17:11:05.0894 2168 [ F48571922079BBAB289C57BAFEFE88F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
17:11:05.0894 2168 McAWFwk - ok
17:11:05.0910 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
17:11:05.0925 2168 McMPFSvc - ok
17:11:05.0941 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:11:05.0941 2168 mcmscsvc - ok
17:11:05.0956 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:11:05.0956 2168 McNaiAnn - ok
17:11:05.0972 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:11:05.0988 2168 McNASvc - ok
17:11:06.0034 2168 [ C6232488CDBF063CE077FC7F8F8C248C ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
17:11:06.0050 2168 McODS - ok
17:11:06.0050 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:11:06.0066 2168 McOobeSv - ok
17:11:06.0066 2168 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
17:11:06.0081 2168 McProxy - ok
17:11:06.0128 2168 [ 325B166BF78D8A8AD93E44CA7A6FC332 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:11:06.0144 2168 McShield - ok
17:11:06.0175 2168 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:11:06.0175 2168 Mcx2Svc - ok
17:11:06.0222 2168 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
17:11:06.0237 2168 MDM - ok
17:11:06.0268 2168 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:11:06.0268 2168 megasas - ok
17:11:06.0315 2168 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:11:06.0315 2168 MegaSR - ok
17:11:06.0362 2168 [ EF3ACFB7E3F82D5F7CDE9EF5F0A4E2E2 ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
17:11:06.0362 2168 mfeapfk - ok
17:11:06.0378 2168 [ E7A60BDB4365B561D896019B82FB7DD0 ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
17:11:06.0378 2168 mfeavfk - ok
17:11:06.0424 2168 [ 7D8FDC43972D059907E09EE4022F77E8 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
17:11:06.0424 2168 mfefire - ok
17:11:06.0456 2168 [ 670DFFE55E2F9AB99D9169C428BCECE9 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
17:11:06.0471 2168 mfefirek - ok
17:11:06.0534 2168 [ 1892616B7F9291FD77C3FA0A5811FE9F ] mfehidk C:\windows\system32\drivers\mfehidk.sys
17:11:06.0534 2168 mfehidk - ok
17:11:06.0565 2168 [ 1721261C77F6E7A9E0CB51B7D9F31B60 ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
17:11:06.0565 2168 mfenlfk - ok
17:11:06.0612 2168 [ 65776BD8029E409935B90DE30BF99526 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
17:11:06.0612 2168 mferkdet - ok
17:11:06.0643 2168 [ 8A78905057308B084EAA29A9FE1B4F58 ] mfevtp C:\windows\system32\mfevtps.exe
17:11:06.0658 2168 mfevtp - ok
17:11:06.0674 2168 [ 4F17D8B85B903D96EF7033BB6EF50516 ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
17:11:06.0674 2168 mfewfpk - ok
17:11:06.0721 2168 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:11:06.0721 2168 MMCSS - ok
17:11:06.0736 2168 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:11:06.0752 2168 Modem - ok
17:11:06.0799 2168 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:11:06.0799 2168 monitor - ok
17:11:06.0846 2168 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:11:06.0846 2168 mouclass - ok
17:11:06.0892 2168 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:11:06.0892 2168 mouhid - ok
17:11:06.0939 2168 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:11:06.0939 2168 mountmgr - ok
17:11:07.0017 2168 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:11:07.0033 2168 MozillaMaintenance - ok
17:11:07.0048 2168 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:11:07.0064 2168 mpio - ok
17:11:07.0080 2168 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:11:07.0080 2168 mpsdrv - ok
17:11:07.0126 2168 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:11:07.0142 2168 MpsSvc - ok
17:11:07.0173 2168 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:11:07.0173 2168 MRxDAV - ok
17:11:07.0189 2168 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:11:07.0204 2168 mrxsmb - ok
17:11:07.0236 2168 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:11:07.0251 2168 mrxsmb10 - ok
17:11:07.0267 2168 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:11:07.0267 2168 mrxsmb20 - ok
17:11:07.0282 2168 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
17:11:07.0282 2168 msahci - ok
17:11:07.0314 2168 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:11:07.0314 2168 msdsm - ok
17:11:07.0345 2168 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:11:07.0345 2168 MSDTC - ok
17:11:07.0360 2168 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:11:07.0360 2168 Msfs - ok
17:11:07.0392 2168 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:11:07.0392 2168 mshidkmdf - ok
17:11:07.0407 2168 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:11:07.0407 2168 msisadrv - ok
17:11:07.0454 2168 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:11:07.0454 2168 MSiSCSI - ok
17:11:07.0454 2168 msiserver - ok
17:11:07.0485 2168 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:11:07.0485 2168 MSKSSRV - ok
17:11:07.0501 2168 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:11:07.0501 2168 MSPCLOCK - ok
17:11:07.0532 2168 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:11:07.0532 2168 MSPQM - ok
17:11:07.0563 2168 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:11:07.0563 2168 MsRPC - ok
17:11:07.0594 2168 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:11:07.0594 2168 mssmbios - ok
17:11:07.0610 2168 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:11:07.0610 2168 MSTEE - ok
17:11:07.0610 2168 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:11:07.0610 2168 MTConfig - ok
17:11:07.0641 2168 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:11:07.0641 2168 Mup - ok
17:11:07.0672 2168 [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter C:\windows\system32\DRIVERS\mwlPSDFilter.sys
17:11:07.0672 2168 mwlPSDFilter - ok
17:11:07.0688 2168 [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ C:\windows\system32\DRIVERS\mwlPSDNServ.sys
17:11:07.0688 2168 mwlPSDNServ - ok
17:11:07.0704 2168 [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk C:\windows\system32\DRIVERS\mwlPSDVDisk.sys
17:11:07.0704 2168 mwlPSDVDisk - ok
17:11:07.0750 2168 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:11:07.0750 2168 napagent - ok
17:11:07.0813 2168 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:11:07.0813 2168 NativeWifiP - ok
17:11:07.0875 2168 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
17:11:07.0891 2168 NDIS - ok
17:11:07.0922 2168 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:11:07.0922 2168 NdisCap - ok
17:11:07.0938 2168 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:11:07.0953 2168 NdisTapi - ok
17:11:07.0984 2168 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:11:07.0984 2168 Ndisuio - ok
17:11:08.0016 2168 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:11:08.0016 2168 NdisWan - ok
17:11:08.0031 2168 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:11:08.0031 2168 NDProxy - ok
17:11:08.0078 2168 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:11:08.0088 2168 Net Driver HPZ12 - ok
17:11:08.0108 2168 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:11:08.0108 2168 NetBIOS - ok
17:11:08.0148 2168 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:11:08.0148 2168 NetBT - ok
17:11:08.0198 2168 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:11:08.0198 2168 Netlogon - ok
17:11:08.0248 2168 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:11:08.0258 2168 Netman - ok
17:11:08.0298 2168 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:11:08.0308 2168 netprofm - ok
17:11:08.0388 2168 [ 813B7C722BA97E703D375ABA170E16CC ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
17:11:08.0398 2168 netr28x - ok
17:11:08.0428 2168 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:11:08.0428 2168 NetTcpPortSharing - ok
17:11:08.0468 2168 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:11:08.0478 2168 nfrd960 - ok
17:11:08.0518 2168 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:11:08.0528 2168 NlaSvc - ok
17:11:08.0538 2168 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:11:08.0538 2168 Npfs - ok
17:11:08.0558 2168 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:11:08.0568 2168 nsi - ok
17:11:08.0588 2168 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:11:08.0588 2168 nsiproxy - ok
17:11:08.0638 2168 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:11:08.0678 2168 Ntfs - ok
17:11:08.0698 2168 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:11:08.0698 2168 Null - ok
17:11:08.0748 2168 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:11:08.0748 2168 nvraid - ok
17:11:08.0768 2168 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:11:08.0778 2168 nvstor - ok
17:11:08.0808 2168 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:11:08.0818 2168 nv_agp - ok
17:11:08.0848 2168 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:11:08.0848 2168 ohci1394 - ok
17:11:08.0888 2168 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:11:08.0888 2168 ose - ok
17:11:08.0938 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:11:08.0938 2168 p2pimsvc - ok
17:11:08.0978 2168 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:11:08.0988 2168 p2psvc - ok
17:11:08.0998 2168 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:11:08.0998 2168 Parport - ok
17:11:09.0018 2168 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\windows\system32\drivers\partmgr.sys
17:11:09.0018 2168 partmgr - ok
17:11:09.0038 2168 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:11:09.0048 2168 PcaSvc - ok
17:11:09.0078 2168 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:11:09.0078 2168 pci - ok
17:11:09.0098 2168 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
17:11:09.0098 2168 pciide - ok
17:11:09.0108 2168 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:11:09.0118 2168 pcmcia - ok
17:11:09.0138 2168 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:11:09.0138 2168 pcw - ok
17:11:09.0168 2168 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:11:09.0178 2168 PEAUTH - ok
17:11:09.0278 2168 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:11:09.0298 2168 PerfHost - ok
17:11:09.0358 2168 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:11:09.0398 2168 pla - ok
17:11:09.0438 2168 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:11:09.0448 2168 PlugPlay - ok
17:11:09.0508 2168 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:11:09.0518 2168 Pml Driver HPZ12 - ok
17:11:09.0558 2168 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:11:09.0558 2168 PNRPAutoReg - ok
17:11:09.0588 2168 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:11:09.0598 2168 PNRPsvc - ok
17:11:09.0638 2168 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:11:09.0648 2168 PolicyAgent - ok
17:11:09.0708 2168 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
17:11:09.0718 2168 Power - ok
17:11:09.0798 2168 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:11:09.0808 2168 PptpMiniport - ok
17:11:09.0838 2168 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:11:09.0838 2168 Processor - ok
17:11:09.0888 2168 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
17:11:09.0898 2168 ProfSvc - ok
17:11:09.0918 2168 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:11:09.0918 2168 ProtectedStorage - ok
17:11:09.0958 2168 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:11:09.0968 2168 Psched - ok
17:11:10.0038 2168 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:11:10.0068 2168 ql2300 - ok
17:11:10.0088 2168 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:11:10.0088 2168 ql40xx - ok
17:11:10.0108 2168 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:11:10.0118 2168 QWAVE - ok
17:11:10.0118 2168 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:11:10.0128 2168 QWAVEdrv - ok
17:11:10.0148 2168 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:11:10.0148 2168 RasAcd - ok
17:11:10.0198 2168 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:11:10.0198 2168 RasAgileVpn - ok
17:11:10.0218 2168 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:11:10.0218 2168 RasAuto - ok
17:11:10.0238 2168 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:11:10.0248 2168 Rasl2tp - ok
17:11:10.0268 2168 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:11:10.0278 2168 RasMan - ok
17:11:10.0298 2168 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:11:10.0298 2168 RasPppoe - ok
17:11:10.0318 2168 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:11:10.0318 2168 RasSstp - ok
17:11:10.0338 2168 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:11:10.0348 2168 rdbss - ok
17:11:10.0378 2168 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:11:10.0378 2168 rdpbus - ok
17:11:10.0398 2168 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:11:10.0398 2168 RDPCDD - ok
17:11:10.0438 2168 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:11:10.0438 2168 RDPENCDD - ok
17:11:10.0468 2168 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:11:10.0468 2168 RDPREFMP - ok
17:11:10.0488 2168 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:11:10.0488 2168 RDPWD - ok
17:11:10.0538 2168 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:11:10.0538 2168 rdyboost - ok
17:11:10.0568 2168 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:11:10.0578 2168 RemoteAccess - ok
17:11:10.0628 2168 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:11:10.0638 2168 RemoteRegistry - ok
17:11:10.0698 2168 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
17:11:10.0718 2168 RFCOMM - ok
17:11:10.0788 2168 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
17:11:10.0808 2168 RimUsb - ok
17:11:10.0888 2168 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:11:10.0898 2168 RpcEptMapper - ok
17:11:10.0948 2168 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:11:10.0968 2168 RpcLocator - ok
17:11:11.0038 2168 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:11:11.0048 2168 RpcSs - ok
17:11:11.0108 2168 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:11:11.0118 2168 rspndr - ok
17:11:11.0208 2168 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
17:11:11.0208 2168 RSUSBVSTOR - ok
17:11:11.0308 2168 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:11:11.0318 2168 RTL8167 - ok
17:11:11.0358 2168 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:11:11.0358 2168 SamSs - ok
17:11:11.0398 2168 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:11:11.0398 2168 sbp2port - ok
17:11:11.0438 2168 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:11:11.0458 2168 SCardSvr - ok
17:11:11.0478 2168 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:11:11.0478 2168 scfilter - ok
17:11:11.0518 2168 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:11:11.0558 2168 Schedule - ok
17:11:11.0588 2168 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:11:11.0588 2168 SCPolicySvc - ok
17:11:11.0618 2168 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:11:11.0618 2168 SDRSVC - ok
17:11:11.0668 2168 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:11:11.0668 2168 secdrv - ok
17:11:11.0688 2168 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:11:11.0698 2168 seclogon - ok
17:11:11.0708 2168 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
17:11:11.0718 2168 SENS - ok
17:11:11.0728 2168 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:11:11.0738 2168 SensrSvc - ok
17:11:11.0758 2168 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:11:11.0758 2168 Serenum - ok
17:11:11.0778 2168 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:11:11.0778 2168 Serial - ok
17:11:11.0808 2168 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:11:11.0818 2168 sermouse - ok
17:11:11.0838 2168 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:11:11.0848 2168 SessionEnv - ok
17:11:11.0868 2168 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:11:11.0868 2168 sffdisk - ok
17:11:11.0878 2168 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:11:11.0878 2168 sffp_mmc - ok
17:11:11.0888 2168 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:11:11.0888 2168 sffp_sd - ok
17:11:11.0898 2168 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:11:11.0898 2168 sfloppy - ok
17:11:11.0928 2168 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:11:11.0938 2168 SharedAccess - ok
17:11:11.0958 2168 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:11:11.0968 2168 ShellHWDetection - ok
17:11:11.0988 2168 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:11:11.0998 2168 SiSRaid2 - ok
17:11:12.0018 2168 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:11:12.0018 2168 SiSRaid4 - ok
17:11:12.0178 2168 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:11:12.0248 2168 Skype C2C Service - ok
17:11:12.0328 2168 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:11:12.0328 2168 SkypeUpdate - ok
17:11:12.0368 2168 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:11:12.0368 2168 Smb - ok
17:11:12.0448 2168 [ 06DC2FDC6282F0D68910417B1150C848 ] SMS_v3_2_0 C:\ProgramData\Rosetta Stone\SMS v3.2.0\wrapper.exe
17:11:12.0458 2168 SMS_v3_2_0 - ok
17:11:12.0518 2168 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:11:12.0518 2168 SNMPTRAP - ok
17:11:12.0538 2168 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:11:12.0548 2168 spldr - ok
17:11:12.0578 2168 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
17:11:12.0588 2168 Spooler - ok
17:11:12.0668 2168 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:11:12.0738 2168 sppsvc - ok
17:11:12.0768 2168 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:11:12.0768 2168 sppuinotify - ok
17:11:12.0818 2168 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:11:12.0828 2168 srv - ok
17:11:12.0848 2168 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:11:12.0858 2168 srv2 - ok
17:11:12.0878 2168 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:11:12.0888 2168 srvnet - ok
17:11:12.0938 2168 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:11:12.0948 2168 SSDPSRV - ok
17:11:12.0958 2168 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:11:12.0968 2168 SstpSvc - ok
17:11:13.0008 2168 StarOpen - ok
17:11:13.0048 2168 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:11:13.0058 2168 stexstor - ok
17:11:13.0138 2168 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:11:13.0158 2168 stisvc - ok
17:11:13.0188 2168 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:11:13.0188 2168 swenum - ok
17:11:13.0218 2168 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:11:13.0228 2168 swprv - ok
17:11:13.0308 2168 [ 08425CD92972C6430F350A9697F4A553 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:11:13.0318 2168 SynTP - ok
17:11:13.0378 2168 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:11:13.0428 2168 SysMain - ok
17:11:13.0448 2168 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:11:13.0448 2168 TabletInputService - ok
17:11:13.0488 2168 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:11:13.0498 2168 TapiSrv - ok
17:11:13.0548 2168 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:11:13.0548 2168 TBS - ok
17:11:13.0638 2168 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:11:13.0688 2168 Tcpip - ok
17:11:13.0748 2168 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:11:13.0768 2168 TCPIP6 - ok
17:11:13.0818 2168 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:11:13.0818 2168 tcpipreg - ok
17:11:13.0848 2168 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:11:13.0848 2168 TDPIPE - ok
17:11:13.0858 2168 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:11:13.0858 2168 TDTCP - ok
17:11:13.0908 2168 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:11:13.0908 2168 tdx - ok
17:11:13.0928 2168 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:11:13.0928 2168 TermDD - ok
17:11:13.0968 2168 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:11:13.0988 2168 TermService - ok
17:11:14.0018 2168 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:11:14.0028 2168 Themes - ok
17:11:14.0048 2168 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:11:14.0048 2168 THREADORDER - ok
17:11:14.0058 2168 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:11:14.0068 2168 TrkWks - ok
17:11:14.0118 2168 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:11:14.0118 2168 TrustedInstaller - ok
17:11:14.0158 2168 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:11:14.0158 2168 tssecsrv - ok
17:11:14.0198 2168 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:11:14.0208 2168 TsUsbFlt - ok
17:11:14.0228 2168 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:11:14.0238 2168 TsUsbGD - ok
17:11:14.0278 2168 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:11:14.0278 2168 tunnel - ok
17:11:14.0308 2168 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:11:14.0308 2168 uagp35 - ok
17:11:14.0348 2168 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:11:14.0348 2168 udfs - ok
17:11:14.0418 2168 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:11:14.0418 2168 UI0Detect - ok
17:11:14.0458 2168 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:11:14.0468 2168 uliagpkx - ok
17:11:14.0508 2168 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:11:14.0518 2168 umbus - ok
17:11:14.0558 2168 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:11:14.0558 2168 UmPass - ok
17:11:14.0588 2168 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:11:14.0598 2168 upnphost - ok
17:11:14.0658 2168 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
17:11:14.0658 2168 USBAAPL64 - ok
17:11:14.0688 2168 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:11:14.0688 2168 usbccgp - ok
17:11:14.0708 2168 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:11:14.0708 2168 usbcir - ok
17:11:14.0728 2168 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:11:14.0738 2168 usbehci - ok
17:11:14.0788 2168 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
17:11:14.0788 2168 usbfilter - ok
17:11:14.0838 2168 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:11:14.0848 2168 usbhub - ok
17:11:14.0868 2168 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
17:11:14.0868 2168 usbohci - ok
17:11:14.0888 2168 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:11:14.0888 2168 usbprint - ok
17:11:14.0928 2168 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:11:14.0928 2168 usbscan - ok
17:11:14.0958 2168 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:11:14.0958 2168 USBSTOR - ok
17:11:14.0978 2168 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:11:14.0988 2168 usbuhci - ok
17:11:15.0018 2168 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:11:15.0028 2168 usbvideo - ok
17:11:15.0058 2168 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:11:15.0068 2168 UxSms - ok
17:11:15.0078 2168 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:11:15.0088 2168 VaultSvc - ok
17:11:15.0118 2168 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:11:15.0118 2168 vdrvroot - ok
17:11:15.0188 2168 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:11:15.0198 2168 vds - ok
17:11:15.0228 2168 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:11:15.0238 2168 vga - ok
17:11:15.0248 2168 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:11:15.0258 2168 VgaSave - ok
17:11:15.0288 2168 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:11:15.0288 2168 vhdmp - ok
17:11:15.0318 2168 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:11:15.0318 2168 viaide - ok
17:11:15.0368 2168 [ 5CB80AFA98111FC6ED6E8702A0D7AC5B ] vm2uvcflt C:\windows\system32\Drivers\vm2uvcflt.sys
17:11:15.0378 2168 vm2uvcflt - ok
17:11:15.0428 2168 [ FE75ED0244AEDFF9B278A2A09AC06CA9 ] vm332avs C:\windows\system32\Drivers\vm332avs.sys
17:11:15.0428 2168 vm332avs - ok
17:11:15.0518 2168 [ 1562A089B46C821487AFF8D01EE5547E ] VMAuthdService C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
17:11:15.0538 2168 VMAuthdService - ok
17:11:15.0588 2168 [ 87FC1DD880E8CAC4FAEBB84AF61A87C4 ] vmci C:\windows\system32\DRIVERS\vmci.sys
17:11:15.0598 2168 vmci - ok
17:11:15.0618 2168 [ DE41918B7ABAE9056EB1E62540D229D3 ] vmkbd C:\windows\system32\drivers\VMkbd.sys
17:11:15.0618 2168 vmkbd - ok
17:11:15.0638 2168 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
17:11:15.0638 2168 VMnetAdapter - ok
17:11:15.0658 2168 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
17:11:15.0658 2168 VMnetBridge - ok
17:11:15.0668 2168 VMnetDHCP - ok
17:11:15.0728 2168 [ 0AB32D9F175C015D97EB712F5E636313 ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
17:11:15.0728 2168 VMnetuserif - ok
17:11:15.0778 2168 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
17:11:15.0788 2168 VMUSBArbService - ok
17:11:15.0798 2168 VMware NAT Service - ok
17:11:15.0858 2168 [ 840DD8AD9B1E26F82C598242369EA770 ] vmx86 C:\windows\system32\drivers\vmx86.sys
17:11:15.0858 2168 vmx86 - ok
17:11:15.0888 2168 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:11:15.0898 2168 volmgr - ok
17:11:15.0928 2168 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:11:15.0928 2168 volmgrx - ok
17:11:15.0978 2168 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
17:11:15.0988 2168 volsnap - ok
17:11:16.0028 2168 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:11:16.0028 2168 vsmraid - ok
17:11:16.0088 2168 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:11:16.0128 2168 VSS - ok
17:11:16.0158 2168 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:11:16.0158 2168 vwifibus - ok
17:11:16.0178 2168 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:11:16.0178 2168 vwififlt - ok
17:11:16.0238 2168 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
17:11:16.0238 2168 vwifimp - ok
17:11:16.0298 2168 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:11:16.0308 2168 W32Time - ok
17:11:16.0328 2168 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:11:16.0328 2168 WacomPen - ok
17:11:16.0378 2168 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:11:16.0378 2168 WANARP - ok
17:11:16.0394 2168 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:11:16.0409 2168 Wanarpv6 - ok
17:11:16.0487 2168 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:11:16.0534 2168 WatAdminSvc - ok
17:11:16.0581 2168 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:11:16.0628 2168 wbengine - ok
17:11:16.0659 2168 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:11:16.0659 2168 WbioSrvc - ok
17:11:16.0674 2168 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:11:16.0690 2168 wcncsvc - ok
17:11:16.0706 2168 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:11:16.0706 2168 WcsPlugInService - ok
17:11:16.0737 2168 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:11:16.0752 2168 Wd - ok
17:11:16.0768 2168 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:11:16.0784 2168 Wdf01000 - ok
17:11:16.0799 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:11:16.0815 2168 WdiServiceHost - ok
17:11:16.0815 2168 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:11:16.0815 2168 WdiSystemHost - ok
17:11:16.0846 2168 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:11:16.0846 2168 WebClient - ok
17:11:16.0862 2168 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:11:16.0877 2168 Wecsvc - ok
17:11:16.0893 2168 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:11:16.0893 2168 wercplsupport - ok
17:11:16.0940 2168 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:11:16.0940 2168 WerSvc - ok
17:11:16.0971 2168 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:11:16.0971 2168 WfpLwf - ok
17:11:17.0002 2168 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:11:17.0018 2168 WIMMount - ok
17:11:17.0018 2168 WinDefend - ok
17:11:17.0033 2168 WinHttpAutoProxySvc - ok
17:11:17.0096 2168 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:11:17.0111 2168 Winmgmt - ok
17:11:17.0174 2168 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:11:17.0220 2168 WinRM - ok
17:11:17.0298 2168 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
17:11:17.0298 2168 WinUsb - ok
17:11:17.0361 2168 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:11:17.0392 2168 Wlansvc - ok
17:11:17.0501 2168 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:11:17.0501 2168 wlcrasvc - ok
17:11:17.0610 2168 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:11:17.0673 2168 wlidsvc - ok
17:11:17.0720 2168 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
17:11:17.0720 2168 WmiAcpi - ok
17:11:17.0751 2168 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:11:17.0751 2168 wmiApSrv - ok
17:11:17.0813 2168 WMPNetworkSvc - ok
17:11:17.0860 2168 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:11:17.0860 2168 WPCSvc - ok
17:11:17.0891 2168 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:11:17.0891 2168 WPDBusEnum - ok
17:11:17.0954 2168 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:11:17.0954 2168 ws2ifsl - ok
17:11:18.0000 2168 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
17:11:18.0000 2168 wscsvc - ok
17:11:18.0016 2168 WSearch - ok
17:11:18.0094 2168 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
17:11:18.0094 2168 wsvd - ok
17:11:18.0172 2168 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:11:18.0234 2168 wuauserv - ok
17:11:18.0266 2168 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:11:18.0266 2168 WudfPf - ok
17:11:18.0328 2168 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:11:18.0328 2168 WUDFRd - ok
17:11:18.0359 2168 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:11:18.0359 2168 wudfsvc - ok
17:11:18.0375 2168 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
17:11:18.0390 2168 WwanSvc - ok
17:11:18.0468 2168 ================ Scan global ===============================
17:11:18.0500 2168 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:11:18.0531 2168 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:11:18.0562 2168 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
17:11:18.0593 2168 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:11:18.0640 2168 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:11:18.0640 2168 [Global] - ok
17:11:18.0640 2168 ================ Scan MBR ==================================
17:11:18.0656 2168 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:11:19.0139 2168 \Device\Harddisk0\DR0 - ok
17:11:19.0155 2168 ================ Scan VBR ==================================
17:11:19.0155 2168 [ BA46AFA7D34BBF1F4A84C6BFAC309B6E ] \Device\Harddisk0\DR0\Partition1
17:11:19.0155 2168 \Device\Harddisk0\DR0\Partition1 - ok
17:11:19.0202 2168 [ E770499988BDD87D5C5D9EC0832E0E73 ] \Device\Harddisk0\DR0\Partition2
17:11:19.0202 2168 \Device\Harddisk0\DR0\Partition2 - ok
17:11:19.0233 2168 [ 49F47FEEA4B8841B71A4C925AA51607F ] \Device\Harddisk0\DR0\Partition3
17:11:19.0233 2168 \Device\Harddisk0\DR0\Partition3 - ok
17:11:19.0264 2168 [ EED74660E1E21F07710CAB13A58AF037 ] \Device\Harddisk0\DR0\Partition4
17:11:19.0264 2168 \Device\Harddisk0\DR0\Partition4 - ok
17:11:19.0264 2168 ============================================================
17:11:19.0264 2168 Scan finished
17:11:19.0264 2168 ============================================================
17:11:19.0280 0424 Detected object count: 0
17:11:19.0280 0424 Actual detected object count: 0




2)ASW MBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 17:15:05
-----------------------------
17:15:05.329 OS Version: Windows x64 6.1.7601 Service Pack 1
17:15:05.329 Number of processors: 2 586 0x200
17:15:05.329 ComputerName: EVAN_LENOVO-PC UserName: Evan_lenovo
17:15:06.171 Initialize success
17:18:44.898 AVAST engine defs: 12092901
17:21:41.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007d
17:21:41.693 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
17:21:41.724 Disk 0 MBR read successfully
17:21:41.724 Disk 0 MBR scan
17:21:41.724 Disk 0 Windows 7 default MBR code
17:21:41.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
17:21:41.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 135522 MB offset 411648
17:21:41.755 Disk 0 Partition - 00 0F Extended LBA 154413 MB offset 277960704
17:21:41.787 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
17:21:41.833 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 30709 MB offset 277962752
17:21:41.849 Disk 0 Partition - 00 05 Extended 123701 MB offset 340856832
17:21:41.865 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 123700 MB offset 340858880
17:21:41.896 Disk 0 scanning C:\windows\system32\drivers
17:21:53.643 Service scanning
17:22:21.411 Modules scanning
17:22:21.411 Disk 0 trace - called modules:
17:22:21.426 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys
17:22:21.442 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045b6060]
17:22:21.442 3 CLASSPNP.SYS[fffff88001af743f] -> nt!IofCallDriver -> [0xfffffa80039f7040]
17:22:21.442 5 amdxata.sys[fffff880011077a8] -> nt!IofCallDriver -> [0xfffffa800433a760]
17:22:21.473 7 ACPI.sys[fffff88000f847a1] -> nt!IofCallDriver -> \Device\0000007d[0xfffffa800398a060]
17:22:22.269 AVAST engine scan C:\windows
17:22:25.685 AVAST engine scan C:\windows\system32
17:25:23.247 AVAST engine scan C:\windows\system32\drivers
17:25:39.786 AVAST engine scan C:\Users\Evan_lenovo
17:25:50.612 File: C:\Users\Evan_lenovo\AppData\Local\Microsoft\Windows\4807\wwancfg.exe **INFECTED** Win32:Downloader-QQE [Trj]
17:33:10.666 AVAST engine scan C:\ProgramData
17:34:18.573 Scan finished successfully
17:36:34.075 Disk 0 MBR has been saved successfully to "C:\Users\Evan_lenovo\Desktop\MBR.dat"
17:36:34.090 The log file has been saved successfully to "C:\Users\Evan_lenovo\Desktop\aswMBR.txt"



3) ESET log (I only ran scan. I did not have program remove found threats)

C:\Users\Evan_lenovo\AppData\Local\Microsoft\Windows\4807\wwancfg.exe a variant of Win32/Kryptik.AMIP trojan
C:\Users\Evan_lenovo\AppData\Local\Temp\is1774899824\FunmoodsLatest.exe a variant of Win32/Toolbar.Funmoods application
C:\Users\Evan_lenovo\AppData\Roaming\spynsc.dll a variant of Win32/Medfos.DY trojan
C:\Users\Evan_lenovo\Downloads\setupalarm.exe a variant of Win32/InstallCore.AJ application
E:\E6400\Documents and Settings\Evan\Application Data\BE28AFB2CB813DEB23EAC757861CF0CD\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
E:\E6400\Documents and Settings\Evan\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\mbcfflgieocfjmkimclenllninmcenjm\contentscript.js Win32/TrojanDownloader.Tracur.F trojan


Thank you.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 29 September 2012 - 09:41 PM

You have skipped removing infections detected by ESET.Please run ESET scanner again and remove the infections.

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

Launch it and after scan gets completed,post the generated log here.

NOTE: For vista and windows 7 right click on the tool and select run as administrator

#5 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 29 September 2012 - 10:02 PM

Could you please suggest how to kill McAffee and WindowsDefender so they don't interfere with the other anti-malware/virus program scans?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 30 September 2012 - 03:57 AM

You can uninstall mcafee and install it later.

#7 gamma1

gamma1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:50 PM

Posted 30 September 2012 - 06:10 AM

Well this certainly sounds like a lot of fun. I am infected with version 4 of this trojan. Think I will pay the money and drop it at geeksquad. OUCH

#8 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 01 October 2012 - 03:19 AM

1) MBAM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Evan_lenovo :: EVAN_LENOVO-PC [administrator]

9/29/2012 9:05:48 PM
mbam-log-2012-09-29 (21-05-48).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 340659
Time elapsed: 1 hour(s), 33 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




2)ADWARE CLEANER

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 01:15:44
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Evan_lenovo - EVAN_LENOVO-PC
# Boot Mode : Normal
# Running from : C:\Users\Evan_lenovo\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\Partner

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Evan_lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\9ul9afsy.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Evan_lenovo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1045 octets] - [01/10/2012 01:14:47]
AdwCleaner[R2].txt - [978 octets] - [01/10/2012 01:15:44]

########## EOF - C:\AdwCleaner[R2].txt - [1037 octets] ##########



3)JRT
Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.7 (09.29.2012)
OS: Windows 7 Home Premium x64
Ran by Evan_lenovo on Mon 10/01/2012 at 1:08:40.13
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ERROR: Access is denied.

Failed to delete: [KEY-LOCKED!] hkey_local_machine\software\wow6432node\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files:

Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app Launcher.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app.application
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app.lnk
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\BestBuyPcAppDetector.ocx
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\ClickOnceSetup.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\ClickOnceUninstaller.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\npBestBuyPcAppDetector.dll
Failed to delete: [FILE-LOCKED!] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



*** Folders:

Failed to delete: [FOLDER-LOCKED!] "C:\ProgramData\best buy pc app"



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 10/01/2012 at 1:09:46.42
End of Report


4)FABER
rsion: 19-09-2012
Ran by Evan_lenovo (administrator) on 01-10-2012 at 01:13:16
Running from "C:\Users\Evan_lenovo\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


5)MINITOOLBAR

MiniToolBox by Farbar Version: 23-07-2012
Ran by Evan_lenovo (administrator) on 29-09-2012 at 20:10:44
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", ""
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Ralink RT3090 802.11n WiFi Adapter = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="VMware Network Adapter VMnet8" address=192.168.78.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet1" address=192.168.223.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Evan_lenovo-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 94-39-E5-4E-45-83
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : F0-DE-F1-94-39-3B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Ralink RT3090 802.11n WiFi Adapter
Physical Address. . . . . . . . . : 94-39-E5-4E-45-82
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9c83:3798:61d7:980b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 29, 2012 7:33:50 PM
Lease Expires . . . . . . . . . . : Sunday, September 30, 2012 7:33:50 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 194263525
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-15-7F-E8-94-39-E5-4E-45-82
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::886d:1b0c:718e:b461%21(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.223.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 453005398
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-15-7F-E8-94-39-E5-4E-45-82
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::75a9:7e23:ebc0:89a7%22(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.78.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 469782614
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-15-7F-E8-94-39-E5-4E-45-82
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4E857874-B8B9-499F-978F-57C5F8490390}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{07C79E18-AEAF-4FB2-AD04-45F9BB89FC27}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2001:4860:4007:800::1002
74.125.239.4
74.125.239.5
74.125.239.6
74.125.239.7
74.125.239.8
74.125.239.9
74.125.239.14
74.125.239.0
74.125.239.1
74.125.239.2
74.125.239.3


Pinging google.com [74.125.224.198] with 32 bytes of data:
Reply from 74.125.224.198: bytes=32 time=671ms TTL=50
Reply from 74.125.224.198: bytes=32 time=26ms TTL=50

Ping statistics for 74.125.224.198:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 671ms, Average = 348ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=179ms TTL=39
Reply from 98.139.183.24: bytes=32 time=163ms TTL=41

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 163ms, Maximum = 179ms, Average = 171ms
Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
18...94 39 e5 4e 45 83 ......Microsoft Virtual WiFi Miniport Adapter
12...f0 de f1 94 39 3b ......Realtek PCIe GBE Family Controller
11...94 39 e5 4e 45 82 ......Ralink RT3090 802.11n WiFi Adapter
21...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
22...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
192.168.78.0 255.255.255.0 On-link 192.168.78.1 276
192.168.78.1 255.255.255.255 On-link 192.168.78.1 276
192.168.78.255 255.255.255.255 On-link 192.168.78.1 276
192.168.223.0 255.255.255.0 On-link 192.168.223.1 276
192.168.223.1 255.255.255.255 On-link 192.168.223.1 276
192.168.223.255 255.255.255.255 On-link 192.168.223.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.223.1 276
224.0.0.0 240.0.0.0 On-link 192.168.78.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.223.1 276
255.255.255.255 255.255.255.255 On-link 192.168.78.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
21 276 fe80::/64 On-link
22 276 fe80::/64 On-link
11 281 fe80::/64 On-link
22 276 fe80::75a9:7e23:ebc0:89a7/128
On-link
21 276 fe80::886d:1b0c:718e:b461/128
On-link
11 281 fe80::9c83:3798:61d7:980b/128
On-link
1 306 ff00::/8 On-link
21 276 ff00::/8 On-link
22 276 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\vsocklib.dll [63088] (VMware, Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 10 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\vsocklib.dll [67184] (VMware, Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/29/2012 07:48:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:48:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:48:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 07:34:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2012 05:15:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 05:10:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/29/2012 05:06:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/29/2012 07:34:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (09/29/2012 07:32:50 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/29/2012 07:32:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/29/2012 07:48:13 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:48:08 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:48:08 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:47:12 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 07:34:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/29/2012 05:15:54 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 05:10:36 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Evan_lenovo\Downloads\esetsmartinstaller_enu.exe

Error: (09/29/2012 05:06:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Reader 9.4.0 (Version: 9.4.0)
Alarm Clock version 1.0 (Version: 1.0)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Media Foundation Decoders (Version: 1.0.60628.2255)
AMD VISION Engine Control Center (Version: 2011.0628.2340.40663)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10628)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Best Buy pc app (Version: 3.2.0.0)
BioExcess (Version: 7.0.67.0)
BlackBerry Device Software Updater (Version: 7.0.0.31)
Bonjour (Version: 3.0.0.10)
CalltoNET (Version: 2.0.003)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
Catalyst Control Center Profiles Mobile (Version: 2011.0628.2340.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HD Audio (Version: 8.54.4.50)
CyberLink YouCam (Version: 3.1.3728)
D3DX10 (Version: 15.4.2368.0902)
EaseUS Todo Backup Free 3.5 (Version: 3.5.0.1)
EgisTec ES603 WDM Driver (Version: 3.0.20.0)
EndNote X2 (Version: 12.0.1.3514)
Energy Management (Version: 6.0.2.1)
ESET Online Scanner v3
Foxit Reader 5.1 (Version: 5.1.3.1201)
Free Alarm Clock 2.7.0 (Version: 2.7)
ISI ResearchSoft - Export Helper
iTunes (Version: 10.5.1.42)
IU Secure Configuration Wizard for Windows 7 (Version: 1.1.3.0)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Junk Mail filter update (Version: 15.4.3502.0922)
Lenovo EasyCamera (Version: 1.10.1209.1)
Lenovo EE Boot Optimizer (Version: 0.0.1.7)
Lenovo OneKey Recovery (Version: 7.0.0.2525)
Lenovo Security Suite (Version: 2.0.13.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mathematica Extras 8.0 (2609412) (Version: 8.0.4)
McAfee AntiVirus Plus (Version: 11.0.623)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Port Locker (Version: 1.0.5.24)
Power2Go (Version: 5.6.0.7303)
PowerXpressHybrid (Version: 1.00.0000)
Printer Finder (Version: 04.00.06)
QFolder (Version: 1.00.0000)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.30)
RealSpeak_Solo_Common_for_Panasonic (Version: 1.0.0)
RealSpeak_Solo_English_for_Panasonic (Version: 1.0.0)
Realtek Ethernet Controller Driver (Version: 7.42.304.2011)
Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10008)
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 (Version: 3.0.0.90503)
Samsung PC Studio 3 (Version: 3.2.3.90503)
SAPI5_English (Version: 1.0.0)
Skype Click to Call (Version: 6.2.10687)
Skype™ 5.10 (Version: 5.10.115)
Student Management System v3.2.0
Synaptics Pointing Device Driver (Version: 15.2.7.0)
UserGuide (Version: 1.0.0.6)
VeriFace (Version: 4.0.0.1224)
VmciSockets (Version: 9.1.54.1)
VMware Player (Version: 4.0.4.30409)
Voice Editing
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 3686.11 MB
Available physical RAM: 2320.09 MB
Total Pagefile: 7370.41 MB
Available Pagefile: 5550.54 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.61 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:132.35 GB) (Free:86.45 GB) NTFS
2 Drive d: (Lenovo) (Fixed) (Total:29.99 GB) (Free:5.38 GB) NTFS
3 Drive e: (Data) (Fixed) (Total:120.8 GB) (Free:29.22 GB) NTFS

========================= Users: ========================================

User accounts for \\EVAN_LENOVO-PC

Administrator Evan_lenovo Guest

========================= Restore Points ==================================

26-09-2012 08:08:25 Windows Defender Checkpoint
26-09-2012 08:11:09 Windows Update
29-09-2012 00:27:22 1
30-09-2012 02:59:01 Windows Update

**** End of log ****

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 01 October 2012 - 03:25 AM

.

Edited by narenxp, 01 October 2012 - 03:49 AM.


#10 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 01 October 2012 - 03:27 AM

The previous Adaware log was for a scan function. Below is the log for the delete function, like you requested

ADAWARE Delete log:

# AdwCleaner v2.003 - Logfile created 10/01/2012 at 01:21:32
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Evan_lenovo - EVAN_LENOVO-PC
# Boot Mode : Normal
# Running from : C:\Users\Evan_lenovo\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Evan_lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\9ul9afsy.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Evan_lenovo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1045 octets] - [01/10/2012 01:14:47]
AdwCleaner[R2].txt - [1106 octets] - [01/10/2012 01:15:44]
AdwCleaner[S2].txt - [1655 octets] - [01/10/2012 01:21:32]

########## EOF - C:\AdwCleaner[S2].txt - [1715 octets] ##########

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 01 October 2012 - 03:50 AM

Right click on JUNKWARE tool-select run as administrator and post the new log

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#12 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 01 October 2012 - 03:37 PM

1) RKILL
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2012 02:22:54 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe (PID: 1504) [Mal-GEN]
* C:\ProgramData\Rosetta Stone\SMS v3.2.0\wrapper.exe (PID: 2616) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Evan_lenovo\Desktop\rkill\rkill-10-01-2012-02-24-00.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-21-120019867-2853928271-682909227-1000\$23ddab595691e2ed590857a829cc7015\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/01/2012 02:24:25 AM
Execution time: 0 hours(s), 1 minute(s), and 31 seconds(s)



2) AUTORUNS


"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Energy Management" "Lenovo Energy Management Software 6.0" "Lenovo (Beijing) Limited" "c:\program files (x86)\lenovo\energy management\energy management.exe"
+ "EnergyUtility" "Lenovo Battery Management Software Ver 6.0" "Lenovo(beijing) Limited" "c:\program files (x86)\lenovo\energy management\utility.exe"
+ "Lenovo EE Boot Optimizer" "Lenovo EE Boot Optimizer Software" "Lenovo" "c:\program files (x86)\lenovo\boot optimizer\popwnd.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "EaseUs Tray" "EaseUS Todo Backup Application" "CHENGDU YIWO Tech Development Co., Ltd" "c:\program files (x86)\easeus\todo backup\bin\traynotify.exe"
+ "EaseUs Watch" "EaseUS Todo Backup Application" "CHENGDU YIWO Tech Development Co., Ltd" "c:\program files (x86)\easeus\todo backup\bin\euwatch.exe"
+ "EgisTecPMMUpdate" "PMM Update Application" "Egis Technology Inc." "c:\program files (x86)\egistec ips\pmmupdate.exe"
+ "EgisUpdate" "EgisUpdate Release Application" "Egis Technology Inc." "c:\program files (x86)\egistec ips\egisupdate.exe"
+ "HP Software Update" "" "" "File not found: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
+ "UpdateP2GShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\muitransfer\muistartmenu.exe"
+ "UpdatePRCShortCut" "MUI StartMenu Application" "CyberLink Corp." "c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HP Digital Imaging Monitor.lnk" "" "" "File not found: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-mfe-ipt" "McAfee MSC IE plugin DLL" "McAfee, Inc." "c:\program files\mcafee\msc\mcsniepl64.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
+ "SimpleShlExt" "EaseUS Todo Backup Application" "CHENGDU YIWO Tech Development Co.,Ltd" "c:\program files (x86)\easeus\todo backup\bin\x64\imagesh.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "EgisShellExt" "Shell Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\x64\egisshellext.dll"
+ "IkeyShlExt" "SimpleExt Module" "" "c:\windows\system32\simpleext.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "EgisShellExt" "Shell Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\egisshellext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "SimpleShlExt" "EaseUS Todo Backup Application" "CHENGDU YIWO Tech Development Co.,Ltd" "c:\program files (x86)\easeus\todo backup\bin\x64\imagesh.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenuFrmWrk" "McAfee ContextMenu Framework" "McAfee, Inc." "c:\program files\mcafee\msc\mcctxmenufrmwrk.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "VeriFace Enc" "" "" "c:\windows\system32\icnovrly.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "EgisPBIE Class" "Password bank for IE" "Egis Technology Inc." "c:\program files (x86)\egistec bioexcess\x64\egispbie.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\scriptsn.20111201182315.dll"
+ "Skype add-on for Internet Explorer" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "EgisPBIE Class" "Password bank for IE" "Egis Technology Inc." "c:\program files (x86)\egistec bioexcess\egispbie.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files (x86)\common files\mcafee\systemcore\scriptsn.20111203175658.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "McAfee SiteAdvisor Toolbar" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Skype Click to Call" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll"
"Task Scheduler" "" "" ""
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\MirageAgent" "YouCam Mirage" "CyberLink" "c:\program files (x86)\lenovo\youcam\ycmmirage.exe"
+ "\{2B030092-2F83-4DC3-BBEA-D18EB9B24070}" "" "" "File not found: F:\Setup.exe"
+ "\{8BCD0211-FCFE-489E-BDED-657E26086794}" "Microsoft Office Word" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office11\winword.exe"
+ "\{DC4CA23B-B559-4777-8FBA-A4CBB6BF3CBE}" "" "" "File not found: F:\Setup.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "CxAudMsg" "Monitors audio device events and forward them to subscribing application. If this service is stop. the aduio effects will not function properly." "Conexant Systems Inc." "c:\windows\system32\cxaudmsg64.exe"
+ "EaseUS Agent" "Provides service to backup files and image disks." "CHENGDU YIWO Tech Development Co., Ltd" "c:\program files (x86)\easeus\todo backup\bin\agent.exe"
+ "EgisTec Service" "Egis Service" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\egisservice.exe"
+ "EgisTec Service Help" "Egis USBLocker Service" "Egis Technology Inc. " "c:\program files (x86)\egistec port locker\egishlpsvc.exe"
+ "EgisTec Ticket Service" "Egis Ticket Service" "Egis Technology Inc. " "c:\program files (x86)\common files\egistec\services\egisticketservice.exe"
+ "Guard Agent" "Monitor EaseUS Todo Backup agent." "CHENGDU YIWO Tech Development Co., Ltd" "c:\program files (x86)\easeus\todo backup\bin\guardagent.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "McMPFSvc" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McNaiAnn" "McAfee VirusScan Announcer" "McAfee, Inc." "c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe"
+ "McShield" "McAfee OnAccess Scanner" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mcshield.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\vs7debug\mdm.exe"
+ "mfefire" "Provides firewall services to McAfee products" "McAfee, Inc." "c:\program files\common files\mcafee\systemcore\mfefire.exe"
+ "mfevtp" "Provides validation trust protection services" "McAfee, Inc." "c:\windows\system32\mfevtps.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "Skype C2C Service" "Skype Click to Call Update Service" "Skype Technologies S.A." "c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "SMS_v3_2_0" "SMS_Service" "" "c:\programdata\rosetta stone\sms v3.2.0\wrapper.exe"
+ "VMAuthdService" "Authorization and authentication service for starting and accessing virtual machines." "VMware, Inc." "c:\program files (x86)\vmware\vmware player\vmware-authd.exe"
+ "VMnetDHCP" "DHCP service for virtual networks." "VMware, Inc." "c:\windows\syswow64\vmnetdhcp.exe"
+ "VMUSBArbService" "Arbitration and enumeration of USB devices for virtual machines" "VMware, Inc." "c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe"
+ "VMware NAT Service" "Network address translation for virtual networks." "VMware, Inc." "c:\windows\syswow64\vmnat.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "62290691" "" "" "File not found: C:\windows\System32\Drivers\62290691.sys"
+ "A2DDA" "Emsisoft Direct Disk Access Support Driver" "Emsi Software GmbH" "e:\desktop\misc projects\emsisoftemergencykit\run\a2ddax64.sys"
+ "ACPIVPC" "ACPI Virtual Power Controller Driver" "Lenovo Corporation" "c:\windows\system32\drivers\acpivpc.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BPntDrv" "BpntDrv" "Lenovo" "c:\windows\system32\drivers\bpntdrv.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "BthAvrcp" "Bluetooth Remote Control Driver" "CSR, plc" "c:\windows\system32\drivers\bthavrcp.sys"
+ "cfwids" "McAfee Personal Firewall IDS Plugin" "McAfee, Inc." "c:\windows\system32\drivers\cfwids.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "CnxtHdAudService" "64-bit High Definition Audio Function Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\chdrt64.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "EgisTecFF" "EgisTecFF mini-filter driver" "Egis Technology Inc." "c:\windows\system32\drivers\egistecff.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EUBAKUP" "Disk Backup Driver" "CHENGDU YIWO Tech Development Co., Ltd" "c:\windows\system32\drivers\eubakup.sys"
+ "EUBKMON" "" "" "c:\windows\system32\drivers\eubkmon.sys"
+ "EUDSKACS" "Disk Access Driver" "CHENGDU YIWO Tech Development Co., Ltd" "c:\windows\system32\drivers\eudskacs.sys"
+ "EUFDDISK" "Disk Backup Image Preview Driver" "CHENGDU YIWO Tech Development Co., Ltd" "c:\windows\system32\drivers\eufddisk.sys"
+ "fbfmon" "FBfmon" "Lenovo" "c:\windows\system32\drivers\fbfmon.sys"
+ "FPSensor" "Fingerprint Sensor Driver" "Egis Technology Inc." "c:\windows\system32\drivers\fpsensor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcmon" "VMware USB Driver." "VMware, Inc." "c:\windows\system32\drivers\hcmon.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "LHDmgr" "HD Disk Driver" "Lenovo." "c:\windows\system32\drivers\lhdx64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfeavfk01" "" "" "File not found: C:\windows\System32\Drivers\mfeavfk01.sys"
+ "mfefirek" "McAfee Core Firewall Engine Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfefirek.sys"
+ "mfehidk" "McAfee Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mfenlfk" "McAfee NDIS Light Filter" "McAfee, Inc." "c:\windows\system32\drivers\mfenlfk.sys"
+ "mferkdet" "McAfee Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdet.sys"
+ "mfewfpk" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfewfpk.sys"
+ "mwlPSDFilter" "mwlPSDFilter Filter Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdfilter.sys"
+ "mwlPSDNServ" "mwlPSDNServ Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdnserv.sys"
+ "mwlPSDVDisk" "mwlPSDVdisk Driver" "Egis Technology Inc." "c:\windows\system32\drivers\mwlpsdvdisk.sys"
+ "netr28x" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28x.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RimUsb" "BlackBerry Device Driver" "Research In Motion Limited" "c:\windows\system32\drivers\rimusb_amd64.sys"
+ "RSUSBVSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsuvstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "StarOpen" "" "" "File not found: C:\windows\System32\Drivers\StarOpen.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vm2uvcflt" "Vimicro USB Camera Filter" "Vimicro Corporation" "c:\windows\system32\drivers\vm2uvcflt.sys"
+ "vm332avs" "VM0331 Digital Camera Driver" "Vimicro Corporation" "c:\windows\system32\drivers\vm332avs.sys"
+ "vmci" "VMware PCI VMCI Bus Device" "VMware, Inc." "c:\windows\system32\drivers\vmci.sys"
+ "vmkbd" "VMware Keyboard Driver." "VMware, Inc." "c:\windows\system32\drivers\vmkbd.sys"
+ "VMnetAdapter" "Driver for VMware's Virtual Ethernet Adapters Ver. 2" "VMware, Inc." "c:\windows\system32\drivers\vmnetadapter.sys"
+ "VMnetBridge" "VMware Bridge Protocol" "VMware, Inc." "c:\windows\system32\drivers\vmnetbridge.sys"
+ "VMnetuserif" "Allows VMware applications to use virtual networks." "VMware, Inc." "c:\windows\system32\drivers\vmnetuserif.sys"
+ "vmx86" "VMware Virtualization Driver." "VMware, Inc." "c:\windows\system32\drivers\vmx86.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "wsvd" "CyberLink Virtual Disk Driver" "CyberLink" "c:\windows\system32\drivers\wsvd.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.clmp3enc" "CLMP3Enc" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\clmp3enc.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.VMnc" "VMware Movie decoder" "VMware, Inc." "c:\windows\syswow64\vmnc.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ATI MPEG Audio Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG File Writer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Multiplexer" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Decoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI MPEG Video Encoder" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
+ "ATI Video Rotation Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "ATI Video Scaler Filter" "ATI MPEG Encoder" "Advanced Micro Devices Inc." "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CyberLink Audio Noise Reduction" "CLAuNR" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaunrwrapper.ax"
+ "CyberLink Audio Resampler" "CLAuRsmpl.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaursmpl.ax"
+ "CyberLink Audio VolumeBooster" "CyberLink Audio Volume Booster Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvb.ax"
+ "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudiocd.ax"
+ "Cyberlink Dump Dispatch Filter" "Cyberlink File Dump Dispatch Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdumpdispatch.ax"
+ "Cyberlink Dump Filter" "Cyberlink File Dump Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gdump.ax"
+ "CyberLink Editing Service 3.0 (Source)" "CES Kernel" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gedtkrn.dll"
+ "Cyberlink File Reader (Async.)" "Cyberlink MPEG File Reader" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2greader.ax"
+ "CyberLink Load Image Filter" "CLImage" "CyberLink" "c:\program files (x86)\cyberlink\shared files\climage.ax"
+ "CyberLink M2V Writer" "CLM2VWriter" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gm2vwriter.ax"
+ "CyberLink MP3/WAV Wrapper" "CyberLink MP3 Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmp3wrap.ax"
+ "CyberLink MPEG Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gmvd.ax"
+ "CyberLink MPEG Muxer" "MpgMux" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gmpgmux.ax"
+ "CyberLink MPEG Video Encoder" "CyberLink MPEG Video Encoder " "CyberLink Corp. " "c:\program files (x86)\lenovo\power2go\p2gvidenc.ax"
+ "CyberLink MPEG-1 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm1spliter.ax"
+ "CyberLink MPEG-2 Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gm2spliter.ax"
+ "CyberLink PCM Wrapper" "CyberLink PCM Wrapper" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gpcmenc.ax"
+ "CyberLink TimeStretch Filter (CES)" "CLAuTS.ax" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gauts.ax"
+ "CyberLink TL MPEG Splitter" "CyberLink MPEG Splitter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gtlmsplter.ax"
+ "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvidfx.ax"
+ "CyberLink Video Regulator" "CLRGL" "Cyberlink" "c:\program files (x86)\lenovo\power2go\p2grgl.ax"
+ "CyberLink Video Stabilizer" "CLVideoDeShaking" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gvideostabilizer.ax"
+ "FunBox Audio Codec Filter" "FunBox Audio Codec Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funaudiocodecfilter.ax"
+ "FunBox Audio EQ Filter" "FunBox Audio Equalizer Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funeqfilter.ax"
+ "FunBox Avi Source" "Avi Splitter" "Gabest" "c:\program files (x86)\samsung\samsung pc studio 3\funavisplitter.ax"
+ "FunBox Avi Splitter" "Avi Splitter" "Gabest" "c:\program files (x86)\samsung\samsung pc studio 3\funavisplitter.ax"
+ "FunBox Conversion Filter" "FunBox Conversion Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funconvfilter.ax"
+ "FunBox Image Decoder Filter" "FunImgFilter Dynamic Link Library" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funimgfilter.ax"
+ "FunBox Mp3 Decoder Filter" "FunBox MP3 Decoder Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funmp3decfilter.ax"
+ "FunBox MPEG Decoder Filter" "FunBox Decoder Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\fundecfilter.ax"
+ "FunBox MPEG Encoder Filter" "FunBox Encoder Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funencfilter.ax"
+ "FunBox Mpg Decoder Filter" "FunMpgDecFilter Dynamic Link Library" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funmpgdecfilter.ax"
+ "FunBox Mpg Grab Filter" "FunMpgGrabFilter Dynamic Link Library" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funmpggrabfilter.ax"
+ "FunBox Ogg Decoder Filter" "FunOggDecFilter Dynamic Link Library" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funoggdecfilter.ax"
+ "FunBox Sample Grabber Filter" "FunBox SampleGrabber Filter" "MobileLeader" "c:\program files (x86)\samsung\samsung pc studio 3\funsamplegrabberfilter.ax"
+ "FunBox Subtitle Filter" "FunBox Subtitle Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funsubfilter.ax"
+ "FunBox Video Adjust Filter" "FunBox Video Adjust Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funvideoadjustfilter.ax"
+ "FunBox Video Codec Filter" "FunBox Video Codec Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funvideocodecfilter.ax"
+ "FunBox Video Resize Filter" "FunBox Video Resize Filter" "Mobile Leader" "c:\program files (x86)\samsung\samsung pc studio 3\funvideoresizefilter.ax"
+ "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
+ "P2G Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gaud.ax"
+ "P2G Audio Encoder" "CyberLink Audio Encoder Filter" "Cyberlink Corp." "c:\program files (x86)\lenovo\power2go\p2gaudenc.ax"
+ "P2G Video Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files (x86)\lenovo\power2go\p2gvsd.ax"
+ "P2G Video Regulator" "CyberLink Video Regulator" "CyberLink" "c:\program files (x86)\lenovo\power2go\p2gresample.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SubPicture Filter" "SubPictu 동적 연결 라이브러리" "" "c:\program files (x86)\samsung\samsung pc studio 3\dexsubpicturefilter.dll"
+ "WAV Dest" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\samsung\samsung pc studio 3\wavdest.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "EgisCredentialProvider" "EgisCredentialProvider Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\x64\egiscredentialprovider.dll"
+ "ImageReog" "Lenovo VeriFace Vista Credential Library" "Lenovo" "c:\windows\system32\imagereog.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
+ "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
+ "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP Universal Print Monitor" "hpmpw081.dll" "Hewlett-Packard" "c:\windows\system32\hpmpw081.dll"
+ "HPPMOPJL" "Language Monitor for USB composite devices" "Hewlett-Packard Company" "c:\windows\system32\hppmopjl.dll"
+ "LIDIL hpzlllhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzlllhn.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages" "" "" ""
+ "EgisDSPwdFilter" "EgisDSPwdFilter Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\x64\egisdspwdfilter.dll"
+ "EgisPLPwdFilter" "EgisPwdFilter Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec port locker\x64\egisplpwdfilter.dll"
+ "EgisPwdFilter" "EgisPwdFilter Dynamic Link Library" "Egis Technology Inc. " "c:\program files (x86)\egistec bioexcess\x64\egispwdfilter.dll"
"C:\Users\Evan_lenovo\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "HP Photo Print" "Drag and drop photos to print." "Hewlett-Packard Corp" "C:\Users\Evan_lenovo\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\Gadget.xml"

#13 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 01 October 2012 - 03:39 PM

3) JUNKWARE run as administrator

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.7 (09.29.2012)
OS: Windows 7 Home Premium x64
Ran by Evan_lenovo on Mon 10/01/2012 at 2:04:33.93
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}



*** Files:

Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app Launcher.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app.application
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\Best Buy pc app.lnk
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\BestBuyPcAppDetector.ocx
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\ClickOnceSetup.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\ClickOnceUninstaller.exe
Successfully deleted: [FILE] C:\ProgramData\best buy pc app\npBestBuyPcAppDetector.dll
Successfully deleted: [FILE] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



*** Folders:

Successfully deleted: [FOLDER] "C:\ProgramData\best buy pc app"



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 10/01/2012 at 2:05:31.74
End of Report

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:50 PM

Posted 01 October 2012 - 09:59 PM

Now run RKILL given in previous instructions and post the new log

Edited by narenxp, 04 October 2012 - 07:02 PM.


#15 InfectedRansomVirus

InfectedRansomVirus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 04 October 2012 - 06:55 PM

Log of Rkill (scan of second run after running and deleting identified objects)


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Evan_lenovo [Admin rights]
Mode : Scan -- Date : 10/04/2012 16:54:06

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BPVT-24ZEST0 SATA Disk Device +++++
--- User ---
[MBR] b7a77ff272d23c8a21895cd8fdfea0e3
[BSP] 8cb2fe4f5e89582b217d4cf98ced7ec0 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 135522 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 277960704 | Size: 154413 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users