Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I might be infected, AVG popped up an ALERT**TROJAN HORSE***


  • Please log in to reply
9 replies to this topic

#1 sandman512

sandman512

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 11 October 2012 - 05:05 PM

So, my AVG alerted me to a possible Trojan Horse and now I think I may be infected. Any help would be appreciated!
Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:17 AM

Posted 11 October 2012 - 05:07 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 sandman512

sandman512
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 11 October 2012 - 08:39 PM

Thanks for the assistance. Here are two logs, I was unable to run aswMBR, my machine would keep rebooting. I tried to put into safe mode, no luck. It was a black screen with no icons.

TDSSkiller Log:

18:32:40.0417 3284 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:32:40.0781 3284 ============================================================
18:32:40.0781 3284 Current date / time: 2012/10/11 18:32:40.0781
18:32:40.0781 3284 SystemInfo:
18:32:40.0781 3284
18:32:40.0781 3284 OS Version: 6.1.7601 ServicePack: 1.0
18:32:40.0781 3284 Product type: Workstation
18:32:40.0782 3284 ComputerName: SANDY-PC
18:32:40.0782 3284 UserName: Sandy
18:32:40.0782 3284 Windows directory: C:\Windows
18:32:40.0782 3284 System windows directory: C:\Windows
18:32:40.0782 3284 Processor architecture: Intel x86
18:32:40.0782 3284 Number of processors: 2
18:32:40.0782 3284 Page size: 0x1000
18:32:40.0782 3284 Boot type: Normal boot
18:32:40.0782 3284 ============================================================
18:32:42.0384 3284 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:32:42.0388 3284 ============================================================
18:32:42.0389 3284 \Device\Harddisk0\DR0:
18:32:42.0389 3284 MBR partitions:
18:32:42.0389 3284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0xDF6C800
18:32:42.0389 3284 ============================================================
18:32:42.0421 3284 C: <-> \Device\Harddisk0\DR0\Partition1
18:32:42.0422 3284 ============================================================
18:32:42.0422 3284 Initialize success
18:32:42.0422 3284 ============================================================
18:33:10.0938 5620 ============================================================
18:33:10.0938 5620 Scan started
18:33:10.0938 5620 Mode: Manual; TDLFS;
18:33:10.0938 5620 ============================================================
18:33:11.0409 5620 ================ Scan system memory ========================
18:33:11.0409 5620 System memory - ok
18:33:11.0410 5620 ================ Scan services =============================
18:33:11.0659 5620 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:33:11.0664 5620 1394ohci - ok
18:33:11.0703 5620 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:33:11.0711 5620 ACPI - ok
18:33:11.0736 5620 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:33:11.0738 5620 AcpiPmi - ok
18:33:11.0861 5620 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:33:11.0868 5620 AdobeFlashPlayerUpdateSvc - ok
18:33:11.0939 5620 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:33:11.0960 5620 adp94xx - ok
18:33:12.0007 5620 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:33:12.0016 5620 adpahci - ok
18:33:12.0061 5620 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:33:12.0066 5620 adpu320 - ok
18:33:12.0123 5620 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:33:12.0126 5620 AeLookupSvc - ok
18:33:12.0169 5620 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:33:12.0179 5620 AFD - ok
18:33:12.0215 5620 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:33:12.0218 5620 agp440 - ok
18:33:12.0241 5620 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
18:33:12.0245 5620 aic78xx - ok
18:33:12.0261 5620 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:33:12.0264 5620 ALG - ok
18:33:12.0285 5620 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:33:12.0288 5620 aliide - ok
18:33:12.0453 5620 [ FF6F0F6A2D72065AE4300426FA414693 ] Amazon Download Agent C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
18:33:12.0464 5620 Amazon Download Agent - ok
18:33:12.0491 5620 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:33:12.0494 5620 amdagp - ok
18:33:12.0519 5620 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:33:12.0523 5620 amdide - ok
18:33:12.0551 5620 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:33:12.0554 5620 AmdK8 - ok
18:33:12.0576 5620 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:33:12.0580 5620 AmdPPM - ok
18:33:12.0610 5620 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:33:12.0614 5620 amdsata - ok
18:33:12.0639 5620 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:33:12.0644 5620 amdsbs - ok
18:33:12.0669 5620 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:33:12.0672 5620 amdxata - ok
18:33:12.0706 5620 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
18:33:12.0709 5620 androidusb - ok
18:33:12.0731 5620 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:33:12.0735 5620 AppID - ok
18:33:12.0788 5620 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:33:12.0790 5620 AppIDSvc - ok
18:33:12.0822 5620 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:33:12.0825 5620 Appinfo - ok
18:33:13.0001 5620 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:33:13.0005 5620 Apple Mobile Device - ok
18:33:13.0066 5620 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
18:33:13.0071 5620 AppMgmt - ok
18:33:13.0088 5620 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
18:33:13.0092 5620 arc - ok
18:33:13.0110 5620 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:33:13.0114 5620 arcsas - ok
18:33:13.0139 5620 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:33:13.0142 5620 AsyncMac - ok
18:33:13.0176 5620 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:33:13.0178 5620 atapi - ok
18:33:13.0233 5620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:33:13.0254 5620 AudioEndpointBuilder - ok
18:33:13.0271 5620 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:33:13.0278 5620 Audiosrv - ok
18:33:13.0515 5620 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:33:13.0672 5620 AVGIDSAgent - ok
18:33:13.0723 5620 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
18:33:13.0726 5620 AVGIDSDriver - ok
18:33:13.0757 5620 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
18:33:13.0759 5620 AVGIDSFilter - ok
18:33:13.0793 5620 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
18:33:13.0795 5620 AVGIDSHX - ok
18:33:13.0829 5620 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
18:33:13.0831 5620 AVGIDSShim - ok
18:33:13.0855 5620 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
18:33:13.0862 5620 Avgldx86 - ok
18:33:13.0886 5620 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
18:33:13.0889 5620 Avgmfx86 - ok
18:33:13.0902 5620 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
18:33:13.0904 5620 Avgrkx86 - ok
18:33:13.0926 5620 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
18:33:13.0935 5620 Avgtdix - ok
18:33:13.0966 5620 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:33:13.0989 5620 avgwd - ok
18:33:14.0042 5620 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:33:14.0045 5620 AxInstSV - ok
18:33:14.0115 5620 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
18:33:14.0128 5620 b06bdrv - ok
18:33:14.0190 5620 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:33:14.0199 5620 b57nd60x - ok
18:33:14.0249 5620 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:33:14.0252 5620 bcm4sbxp - ok
18:33:14.0303 5620 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:33:14.0306 5620 BDESVC - ok
18:33:14.0318 5620 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:33:14.0321 5620 Beep - ok
18:33:14.0362 5620 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:33:14.0383 5620 BFE - ok
18:33:14.0427 5620 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:33:14.0462 5620 BITS - ok
18:33:14.0475 5620 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:33:14.0479 5620 blbdrive - ok
18:33:14.0592 5620 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:33:14.0601 5620 Bonjour Service - ok
18:33:14.0636 5620 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:33:14.0640 5620 bowser - ok
18:33:14.0659 5620 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:33:14.0662 5620 BrFiltLo - ok
18:33:14.0686 5620 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:33:14.0688 5620 BrFiltUp - ok
18:33:14.0719 5620 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:33:14.0723 5620 Browser - ok
18:33:14.0764 5620 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:33:14.0774 5620 Brserid - ok
18:33:14.0794 5620 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:33:14.0798 5620 BrSerWdm - ok
18:33:14.0813 5620 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:33:14.0816 5620 BrUsbMdm - ok
18:33:14.0830 5620 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:33:14.0833 5620 BrUsbSer - ok
18:33:14.0865 5620 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:33:14.0867 5620 BthEnum - ok
18:33:14.0882 5620 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:33:14.0886 5620 BTHMODEM - ok
18:33:14.0944 5620 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:33:14.0947 5620 BthPan - ok
18:33:14.0978 5620 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:33:14.0984 5620 BTHPORT - ok
18:33:15.0053 5620 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:33:15.0056 5620 bthserv - ok
18:33:15.0074 5620 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:33:15.0076 5620 BTHUSB - ok
18:33:15.0132 5620 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
18:33:15.0135 5620 btusbflt - ok
18:33:15.0202 5620 [ E4F2FF5B6BEFE0872B5A4098EB5CACA9 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
18:33:15.0207 5620 BTWAMPFL - ok
18:33:15.0242 5620 [ C30935C27EB451586143B79B7DAD590F ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:33:15.0245 5620 btwaudio - ok
18:33:15.0280 5620 [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:33:15.0283 5620 btwavdt - ok
18:33:15.0349 5620 [ 7CAD1FF07B6AED945A34375FB1EF01F8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
18:33:15.0371 5620 btwdins - ok
18:33:15.0395 5620 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
18:33:15.0397 5620 btwl2cap - ok
18:33:15.0422 5620 [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:33:15.0423 5620 btwrchid - ok
18:33:15.0446 5620 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:33:15.0450 5620 cdfs - ok
18:33:15.0486 5620 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:33:15.0491 5620 cdrom - ok
18:33:15.0533 5620 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:33:15.0536 5620 CertPropSvc - ok
18:33:15.0586 5620 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:33:15.0589 5620 circlass - ok
18:33:15.0649 5620 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:33:15.0656 5620 CLFS - ok
18:33:15.0776 5620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:33:15.0780 5620 clr_optimization_v2.0.50727_32 - ok
18:33:15.0863 5620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:33:15.0867 5620 clr_optimization_v4.0.30319_32 - ok
18:33:15.0880 5620 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:33:15.0883 5620 CmBatt - ok
18:33:15.0912 5620 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:33:15.0916 5620 cmdide - ok
18:33:15.0960 5620 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
18:33:15.0971 5620 CNG - ok
18:33:15.0992 5620 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:33:15.0995 5620 Compbatt - ok
18:33:16.0018 5620 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:33:16.0021 5620 CompositeBus - ok
18:33:16.0031 5620 COMSysApp - ok
18:33:16.0066 5620 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:33:16.0068 5620 crcdisk - ok
18:33:16.0121 5620 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:33:16.0125 5620 CryptSvc - ok
18:33:16.0176 5620 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
18:33:16.0197 5620 CSC - ok
18:33:16.0242 5620 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
18:33:16.0263 5620 CscService - ok
18:33:16.0342 5620 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
18:33:16.0346 5620 ctxusbm - ok
18:33:16.0390 5620 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:33:16.0403 5620 DcomLaunch - ok
18:33:16.0459 5620 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:33:16.0467 5620 defragsvc - ok
18:33:16.0499 5620 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:33:16.0503 5620 DfsC - ok
18:33:16.0530 5620 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
18:33:16.0535 5620 dg_ssudbus - ok
18:33:16.0565 5620 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:33:16.0572 5620 Dhcp - ok
18:33:16.0620 5620 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:33:16.0623 5620 discache - ok
18:33:16.0644 5620 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:33:16.0647 5620 Disk - ok
18:33:16.0679 5620 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:33:16.0683 5620 Dnscache - ok
18:33:16.0721 5620 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:33:16.0728 5620 dot3svc - ok
18:33:16.0765 5620 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:33:16.0770 5620 DPS - ok
18:33:16.0824 5620 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:33:16.0826 5620 drmkaud - ok
18:33:16.0877 5620 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:33:16.0912 5620 DXGKrnl - ok
18:33:16.0969 5620 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:33:16.0974 5620 EapHost - ok
18:33:17.0114 5620 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
18:33:17.0220 5620 ebdrv - ok
18:33:17.0246 5620 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:33:17.0249 5620 EFS - ok
18:33:17.0341 5620 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:33:17.0364 5620 ehRecvr - ok
18:33:17.0417 5620 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:33:17.0421 5620 ehSched - ok
18:33:17.0453 5620 [ 9C64C2A950195F9BC3A09A499648B01C ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
18:33:17.0456 5620 ElRawDisk - ok
18:33:17.0527 5620 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:33:17.0548 5620 elxstor - ok
18:33:17.0564 5620 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:33:17.0566 5620 ErrDev - ok
18:33:17.0656 5620 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:33:17.0664 5620 EventSystem - ok
18:33:17.0696 5620 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:33:17.0702 5620 exfat - ok
18:33:17.0733 5620 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:33:17.0738 5620 fastfat - ok
18:33:17.0793 5620 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:33:17.0817 5620 Fax - ok
18:33:17.0867 5620 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:33:17.0870 5620 fdc - ok
18:33:17.0894 5620 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:33:17.0897 5620 fdPHost - ok
18:33:17.0914 5620 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:33:17.0917 5620 FDResPub - ok
18:33:17.0935 5620 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:33:17.0938 5620 FileInfo - ok
18:33:17.0961 5620 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:33:17.0963 5620 Filetrace - ok
18:33:17.0980 5620 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:33:17.0991 5620 flpydisk - ok
18:33:18.0028 5620 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:33:18.0033 5620 FltMgr - ok
18:33:18.0074 5620 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:33:18.0096 5620 FontCache - ok
18:33:18.0187 5620 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:33:18.0189 5620 FontCache3.0.0.0 - ok
18:33:18.0211 5620 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:33:18.0214 5620 FsDepends - ok
18:33:18.0250 5620 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:33:18.0253 5620 Fs_Rec - ok
18:33:18.0297 5620 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:33:18.0303 5620 fvevol - ok
18:33:18.0322 5620 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:33:18.0326 5620 gagp30kx - ok
18:33:18.0381 5620 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:33:18.0385 5620 GEARAspiWDM - ok
18:33:18.0440 5620 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:33:18.0462 5620 gpsvc - ok
18:33:18.0484 5620 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:33:18.0487 5620 hcw85cir - ok
18:33:18.0530 5620 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:33:18.0538 5620 HdAudAddService - ok
18:33:18.0578 5620 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:33:18.0582 5620 HDAudBus - ok
18:33:18.0603 5620 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:33:18.0606 5620 HidBatt - ok
18:33:18.0629 5620 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:33:18.0633 5620 HidBth - ok
18:33:18.0654 5620 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:33:18.0657 5620 HidIr - ok
18:33:18.0707 5620 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:33:18.0711 5620 hidserv - ok
18:33:18.0736 5620 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:33:18.0740 5620 HidUsb - ok
18:33:18.0773 5620 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:33:18.0777 5620 hkmsvc - ok
18:33:18.0816 5620 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:33:18.0823 5620 HomeGroupListener - ok
18:33:18.0853 5620 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:33:18.0862 5620 HomeGroupProvider - ok
18:33:18.0883 5620 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:33:18.0886 5620 HpSAMD - ok
18:33:18.0938 5620 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:33:18.0959 5620 HTTP - ok
18:33:18.0974 5620 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:33:18.0976 5620 hwpolicy - ok
18:33:18.0992 5620 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:33:18.0997 5620 i8042prt - ok
18:33:19.0034 5620 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:33:19.0043 5620 iaStorV - ok
18:33:19.0149 5620 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:33:19.0152 5620 IDriverT - ok
18:33:19.0211 5620 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:33:19.0247 5620 idsvc - ok
18:33:19.0518 5620 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
18:33:19.0673 5620 igfx - ok
18:33:19.0739 5620 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:33:19.0742 5620 iirsp - ok
18:33:19.0775 5620 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:33:19.0797 5620 IKEEXT - ok
18:33:19.0826 5620 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:33:19.0829 5620 intelide - ok
18:33:19.0847 5620 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:33:19.0849 5620 intelppm - ok
18:33:19.0942 5620 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:33:19.0944 5620 IntuitUpdateService - ok
18:33:20.0027 5620 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
18:33:20.0029 5620 IntuitUpdateServiceV4 - ok
18:33:20.0102 5620 [ E499643AA5319F5FB6876682E4DDC00C ] ioloSystemService C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
18:33:20.0136 5620 ioloSystemService - ok
18:33:20.0190 5620 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:33:20.0194 5620 IPBusEnum - ok
18:33:20.0248 5620 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:33:20.0252 5620 IpFilterDriver - ok
18:33:20.0286 5620 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:33:20.0308 5620 iphlpsvc - ok
18:33:20.0335 5620 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:33:20.0339 5620 IPMIDRV - ok
18:33:20.0366 5620 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:33:20.0370 5620 IPNAT - ok
18:33:20.0438 5620 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:33:20.0474 5620 iPod Service - ok
18:33:20.0535 5620 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys
18:33:20.0537 5620 iPodDrv - ok
18:33:20.0551 5620 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:33:20.0554 5620 IRENUM - ok
18:33:20.0597 5620 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:33:20.0600 5620 isapnp - ok
18:33:20.0632 5620 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:33:20.0640 5620 iScsiPrt - ok
18:33:20.0661 5620 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:33:20.0664 5620 kbdclass - ok
18:33:20.0687 5620 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:33:20.0689 5620 kbdhid - ok
18:33:20.0703 5620 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:33:20.0706 5620 KeyIso - ok
18:33:20.0748 5620 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:33:20.0752 5620 KSecDD - ok
18:33:20.0793 5620 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:33:20.0798 5620 KSecPkg - ok
18:33:20.0861 5620 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:33:20.0871 5620 KtmRm - ok
18:33:20.0919 5620 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:33:20.0927 5620 LanmanServer - ok
18:33:20.0957 5620 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:33:20.0965 5620 LanmanWorkstation - ok
18:33:21.0032 5620 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:33:21.0035 5620 lltdio - ok
18:33:21.0086 5620 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:33:21.0093 5620 lltdsvc - ok
18:33:21.0115 5620 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:33:21.0119 5620 lmhosts - ok
18:33:21.0153 5620 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:33:21.0157 5620 LSI_FC - ok
18:33:21.0179 5620 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:33:21.0183 5620 LSI_SAS - ok
18:33:21.0206 5620 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:33:21.0209 5620 LSI_SAS2 - ok
18:33:21.0227 5620 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:33:21.0232 5620 LSI_SCSI - ok
18:33:21.0258 5620 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:33:21.0262 5620 luafv - ok
18:33:21.0294 5620 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:33:21.0299 5620 Mcx2Svc - ok
18:33:21.0387 5620 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:33:21.0396 5620 MDM - ok
18:33:21.0436 5620 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:33:21.0439 5620 megasas - ok
18:33:21.0471 5620 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:33:21.0478 5620 MegaSR - ok
18:33:21.0578 5620 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:33:21.0581 5620 Microsoft Office Groove Audit Service - ok
18:33:21.0638 5620 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:33:21.0642 5620 MMCSS - ok
18:33:21.0663 5620 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:33:21.0665 5620 Modem - ok
18:33:21.0682 5620 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:33:21.0684 5620 monitor - ok
18:33:21.0717 5620 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:33:21.0721 5620 mouclass - ok
18:33:21.0742 5620 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:33:21.0744 5620 mouhid - ok
18:33:21.0774 5620 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:33:21.0778 5620 mountmgr - ok
18:33:21.0885 5620 [ 4256F4C8607AFF934B972FFC869E40FC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:33:21.0889 5620 MozillaMaintenance - ok
18:33:21.0918 5620 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:33:21.0923 5620 mpio - ok
18:33:21.0945 5620 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:33:21.0949 5620 mpsdrv - ok
18:33:21.0990 5620 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:33:22.0024 5620 MpsSvc - ok
18:33:22.0058 5620 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:33:22.0062 5620 MRxDAV - ok
18:33:22.0096 5620 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:22.0100 5620 mrxsmb - ok
18:33:22.0130 5620 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:22.0137 5620 mrxsmb10 - ok
18:33:22.0161 5620 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:22.0165 5620 mrxsmb20 - ok
18:33:22.0195 5620 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:33:22.0198 5620 msahci - ok
18:33:22.0222 5620 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:33:22.0227 5620 msdsm - ok
18:33:22.0254 5620 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:33:22.0260 5620 MSDTC - ok
18:33:22.0295 5620 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:33:22.0298 5620 Msfs - ok
18:33:22.0313 5620 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:33:22.0314 5620 mshidkmdf - ok
18:33:22.0342 5620 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:33:22.0344 5620 msisadrv - ok
18:33:22.0402 5620 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:33:22.0406 5620 MSiSCSI - ok
18:33:22.0417 5620 msiserver - ok
18:33:22.0480 5620 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:33:22.0483 5620 MSKSSRV - ok
18:33:22.0510 5620 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:22.0512 5620 MSPCLOCK - ok
18:33:22.0528 5620 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:33:22.0530 5620 MSPQM - ok
18:33:22.0552 5620 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:33:22.0556 5620 MsRPC - ok
18:33:22.0583 5620 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:33:22.0585 5620 mssmbios - ok
18:33:22.0599 5620 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:33:22.0602 5620 MSTEE - ok
18:33:22.0623 5620 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:33:22.0625 5620 MTConfig - ok
18:33:22.0645 5620 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:33:22.0648 5620 Mup - ok
18:33:22.0684 5620 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:33:22.0693 5620 napagent - ok
18:33:22.0752 5620 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:33:22.0760 5620 NativeWifiP - ok
18:33:22.0826 5620 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:33:22.0861 5620 NDIS - ok
18:33:22.0883 5620 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:22.0886 5620 NdisCap - ok
18:33:22.0903 5620 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:22.0906 5620 NdisTapi - ok
18:33:22.0949 5620 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:22.0952 5620 Ndisuio - ok
18:33:22.0981 5620 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:22.0986 5620 NdisWan - ok
18:33:23.0019 5620 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:33:23.0022 5620 NDProxy - ok
18:33:23.0046 5620 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:33:23.0049 5620 NetBIOS - ok
18:33:23.0087 5620 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:33:23.0093 5620 NetBT - ok
18:33:23.0117 5620 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:33:23.0121 5620 Netlogon - ok
18:33:23.0191 5620 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:33:23.0201 5620 Netman - ok
18:33:23.0238 5620 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:33:23.0259 5620 netprofm - ok
18:33:23.0290 5620 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:33:23.0295 5620 NetTcpPortSharing - ok
18:33:23.0460 5620 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
18:33:23.0593 5620 netw5v32 - ok
18:33:23.0840 5620 [ D4EF7A9767C05905500EC312CB29EF46 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
18:33:24.0046 5620 NETwLv32 - ok
18:33:24.0108 5620 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:33:24.0111 5620 nfrd960 - ok
18:33:24.0144 5620 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:33:24.0150 5620 NlaSvc - ok
18:33:24.0167 5620 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:33:24.0169 5620 Npfs - ok
18:33:24.0221 5620 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:33:24.0226 5620 nsi - ok
18:33:24.0238 5620 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:33:24.0241 5620 nsiproxy - ok
18:33:24.0336 5620 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:33:24.0383 5620 Ntfs - ok
18:33:24.0417 5620 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:33:24.0419 5620 Null - ok
18:33:24.0443 5620 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:33:24.0448 5620 nvraid - ok
18:33:24.0483 5620 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:33:24.0487 5620 nvstor - ok
18:33:24.0516 5620 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:33:24.0519 5620 nv_agp - ok
18:33:24.0614 5620 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:33:24.0634 5620 odserv - ok
18:33:24.0670 5620 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:33:24.0673 5620 ohci1394 - ok
18:33:24.0744 5620 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:33:24.0748 5620 ose - ok
18:33:24.0815 5620 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:33:24.0823 5620 p2pimsvc - ok
18:33:24.0881 5620 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:33:24.0892 5620 p2psvc - ok
18:33:24.0953 5620 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:33:24.0957 5620 Parport - ok
18:33:24.0994 5620 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:33:24.0997 5620 partmgr - ok
18:33:25.0023 5620 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
18:33:25.0026 5620 Parvdm - ok
18:33:25.0047 5620 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:33:25.0054 5620 PcaSvc - ok
18:33:25.0099 5620 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:33:25.0104 5620 pci - ok
18:33:25.0127 5620 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:33:25.0130 5620 pciide - ok
18:33:25.0154 5620 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:33:25.0160 5620 pcmcia - ok
18:33:25.0181 5620 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:33:25.0184 5620 pcw - ok
18:33:25.0227 5620 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:33:25.0250 5620 PEAUTH - ok
18:33:25.0338 5620 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:33:25.0374 5620 PeerDistSvc - ok
18:33:25.0476 5620 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:33:25.0528 5620 pla - ok
18:33:25.0597 5620 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:33:25.0608 5620 PlugPlay - ok
18:33:25.0674 5620 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:33:25.0678 5620 PNRPAutoReg - ok
18:33:25.0704 5620 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:33:25.0713 5620 PNRPsvc - ok
18:33:25.0744 5620 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:33:25.0753 5620 PolicyAgent - ok
18:33:25.0804 5620 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:33:25.0812 5620 Power - ok
18:33:25.0875 5620 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:33:25.0879 5620 PptpMiniport - ok
18:33:25.0939 5620 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:33:25.0942 5620 Processor - ok
18:33:25.0977 5620 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:33:25.0985 5620 ProfSvc - ok
18:33:26.0021 5620 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:33:26.0025 5620 ProtectedStorage - ok
18:33:26.0089 5620 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:33:26.0092 5620 Psched - ok
18:33:26.0120 5620 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
18:33:26.0123 5620 PSI - ok
18:33:26.0219 5620 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:33:26.0297 5620 ql2300 - ok
18:33:26.0327 5620 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:33:26.0332 5620 ql40xx - ok
18:33:26.0395 5620 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:33:26.0404 5620 QWAVE - ok
18:33:26.0423 5620 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:33:26.0426 5620 QWAVEdrv - ok
18:33:26.0452 5620 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:33:26.0454 5620 RasAcd - ok
18:33:26.0509 5620 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:26.0512 5620 RasAgileVpn - ok
18:33:26.0536 5620 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:33:26.0544 5620 RasAuto - ok
18:33:26.0574 5620 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:26.0578 5620 Rasl2tp - ok
18:33:26.0625 5620 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:33:26.0635 5620 RasMan - ok
18:33:26.0666 5620 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:26.0669 5620 RasPppoe - ok
18:33:26.0684 5620 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:33:26.0687 5620 RasSstp - ok
18:33:26.0723 5620 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:33:26.0728 5620 rdbss - ok
18:33:26.0790 5620 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:33:26.0792 5620 rdpbus - ok
18:33:26.0819 5620 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:26.0820 5620 RDPCDD - ok
18:33:26.0853 5620 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:33:26.0859 5620 RDPDR - ok
18:33:26.0882 5620 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:33:26.0884 5620 RDPENCDD - ok
18:33:26.0907 5620 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:33:26.0910 5620 RDPREFMP - ok
18:33:26.0944 5620 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:33:26.0949 5620 RDPWD - ok
18:33:26.0980 5620 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:33:26.0984 5620 rdyboost - ok
18:33:27.0050 5620 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:33:27.0054 5620 RemoteAccess - ok
18:33:27.0093 5620 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:33:27.0098 5620 RemoteRegistry - ok
18:33:27.0131 5620 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:33:27.0135 5620 RFCOMM - ok
18:33:27.0195 5620 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:33:27.0198 5620 rimmptsk - ok
18:33:27.0219 5620 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:33:27.0221 5620 rimsptsk - ok
18:33:27.0242 5620 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:33:27.0245 5620 rismxdp - ok
18:33:27.0266 5620 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:33:27.0271 5620 RpcEptMapper - ok
18:33:27.0328 5620 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:33:27.0331 5620 RpcLocator - ok
18:33:27.0360 5620 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:33:27.0367 5620 RpcSs - ok
18:33:27.0420 5620 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:33:27.0423 5620 rspndr - ok
18:33:27.0459 5620 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:33:27.0462 5620 s3cap - ok
18:33:27.0479 5620 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:33:27.0481 5620 SamSs - ok
18:33:27.0568 5620 [ 5BF35C4EA3F00FA8D3F1E5BF03D24584 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:33:27.0571 5620 SASDIFSV - ok
18:33:27.0610 5620 [ A22F08C98AC2F44587BF3A1FB52BF8CD ] SASENUM C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:33:27.0612 5620 SASENUM - ok
18:33:27.0651 5620 [ C7D81C10D3BEFEEE41F3408714637438 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:33:27.0654 5620 SASKUTIL - ok
18:33:27.0682 5620 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:33:27.0686 5620 sbp2port - ok
18:33:27.0791 5620 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:33:27.0828 5620 SBSDWSCService - ok
18:33:27.0892 5620 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:33:27.0899 5620 SCardSvr - ok
18:33:27.0929 5620 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:33:27.0933 5620 scfilter - ok
18:33:27.0984 5620 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:33:28.0018 5620 Schedule - ok
18:33:28.0050 5620 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:33:28.0051 5620 SCPolicySvc - ok
18:33:28.0072 5620 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:33:28.0075 5620 sdbus - ok
18:33:28.0109 5620 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:33:28.0114 5620 SDRSVC - ok
18:33:28.0161 5620 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:33:28.0163 5620 secdrv - ok
18:33:28.0182 5620 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:33:28.0185 5620 seclogon - ok
18:33:28.0258 5620 [ 5B66DB4877BBAC9F7493AA8D84421E49 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
18:33:28.0290 5620 Secunia PSI Agent - ok
18:33:28.0317 5620 [ 0E88FDF474F2CDD370A4A6CE77D018F0 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
18:33:28.0326 5620 Secunia Update Agent - ok
18:33:28.0343 5620 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:33:28.0348 5620 SENS - ok
18:33:28.0393 5620 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:33:28.0397 5620 SensrSvc - ok
18:33:28.0425 5620 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:33:28.0427 5620 Serenum - ok
18:33:28.0451 5620 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:33:28.0454 5620 Serial - ok
18:33:28.0480 5620 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:33:28.0482 5620 sermouse - ok
18:33:28.0545 5620 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:33:28.0550 5620 SessionEnv - ok
18:33:28.0580 5620 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:33:28.0582 5620 sffdisk - ok
18:33:28.0609 5620 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:33:28.0612 5620 sffp_mmc - ok
18:33:28.0623 5620 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:33:28.0626 5620 sffp_sd - ok
18:33:28.0654 5620 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:33:28.0656 5620 sfloppy - ok
18:33:28.0734 5620 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:33:28.0743 5620 SharedAccess - ok
18:33:28.0798 5620 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:33:28.0807 5620 ShellHWDetection - ok
18:33:28.0831 5620 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:33:28.0834 5620 sisagp - ok
18:33:28.0862 5620 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:33:28.0865 5620 SiSRaid2 - ok
18:33:28.0893 5620 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:33:28.0896 5620 SiSRaid4 - ok
18:33:28.0924 5620 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:33:28.0927 5620 Smb - ok
18:33:29.0001 5620 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:33:29.0006 5620 SNMPTRAP - ok
18:33:29.0025 5620 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:33:29.0027 5620 spldr - ok
18:33:29.0068 5620 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:33:29.0075 5620 Spooler - ok
18:33:29.0202 5620 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:33:29.0326 5620 sppsvc - ok
18:33:29.0362 5620 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:33:29.0368 5620 sppuinotify - ok
18:33:29.0416 5620 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:33:29.0424 5620 srv - ok
18:33:29.0446 5620 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:33:29.0454 5620 srv2 - ok
18:33:29.0520 5620 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:33:29.0527 5620 SrvHsfHDA - ok
18:33:29.0576 5620 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:33:29.0612 5620 SrvHsfV92 - ok
18:33:29.0658 5620 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:33:29.0692 5620 SrvHsfWinac - ok
18:33:29.0735 5620 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:33:29.0740 5620 srvnet - ok
18:33:29.0781 5620 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
18:33:29.0786 5620 ssadbus - ok
18:33:29.0815 5620 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
18:33:29.0818 5620 ssadmdfl - ok
18:33:29.0848 5620 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
18:33:29.0853 5620 ssadmdm - ok
18:33:29.0883 5620 [ FFE42941E0326C322F40B0B79A46493C ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:33:29.0887 5620 sscdbus - ok
18:33:29.0915 5620 [ A68E7D87ADFBB8C50D88CD58230C6819 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:33:29.0918 5620 sscdmdfl - ok
18:33:29.0944 5620 [ B534B24151281856EC2F69ED3D6D60DD ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:33:29.0949 5620 sscdmdm - ok
18:33:30.0013 5620 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:33:30.0022 5620 SSDPSRV - ok
18:33:30.0073 5620 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:33:30.0081 5620 SstpSvc - ok
18:33:30.0143 5620 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
18:33:30.0149 5620 ssudmdm - ok
18:33:30.0211 5620 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:33:30.0215 5620 stexstor - ok
18:33:30.0244 5620 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:33:30.0247 5620 StillCam - ok
18:33:30.0275 5620 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:33:30.0296 5620 StiSvc - ok
18:33:30.0312 5620 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:33:30.0315 5620 storflt - ok
18:33:30.0371 5620 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
18:33:30.0377 5620 StorSvc - ok
18:33:30.0411 5620 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:33:30.0413 5620 storvsc - ok
18:33:30.0433 5620 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
18:33:30.0436 5620 swenum - ok
18:33:30.0504 5620 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:33:30.0515 5620 swprv - ok
18:33:30.0581 5620 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:33:30.0629 5620 SysMain - ok
18:33:30.0652 5620 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:33:30.0657 5620 TabletInputService - ok
18:33:30.0693 5620 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:33:30.0701 5620 TapiSrv - ok
18:33:30.0766 5620 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:33:30.0772 5620 TBS - ok
18:33:30.0848 5620 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:33:30.0906 5620 Tcpip - ok
18:33:30.0963 5620 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:33:30.0980 5620 TCPIP6 - ok
18:33:31.0007 5620 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:33:31.0009 5620 tcpipreg - ok
18:33:31.0047 5620 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:33:31.0049 5620 TDPIPE - ok
18:33:31.0078 5620 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:33:31.0080 5620 TDTCP - ok
18:33:31.0105 5620 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:33:31.0108 5620 tdx - ok
18:33:31.0262 5620 [ 33966A658FF37E0C65D46E59F37E2380 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
18:33:31.0380 5620 TeamViewer7 - ok
18:33:31.0408 5620 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:33:31.0411 5620 TermDD - ok
18:33:31.0443 5620 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:33:31.0464 5620 TermService - ok
18:33:31.0521 5620 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:33:31.0526 5620 Themes - ok
18:33:31.0552 5620 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:33:31.0556 5620 THREADORDER - ok
18:33:31.0578 5620 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:33:31.0583 5620 TrkWks - ok
18:33:31.0654 5620 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:33:31.0659 5620 TrustedInstaller - ok
18:33:31.0709 5620 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:31.0713 5620 tssecsrv - ok
18:33:31.0734 5620 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:33:31.0738 5620 TsUsbFlt - ok
18:33:31.0767 5620 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:33:31.0772 5620 tunnel - ok
18:33:31.0824 5620 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:33:31.0828 5620 uagp35 - ok
18:33:31.0863 5620 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:33:31.0871 5620 udfs - ok
18:33:31.0958 5620 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:33:31.0964 5620 UI0Detect - ok
18:33:32.0001 5620 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:33:32.0005 5620 uliagpkx - ok
18:33:32.0053 5620 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:33:32.0057 5620 umbus - ok
18:33:32.0079 5620 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:33:32.0081 5620 UmPass - ok
18:33:32.0126 5620 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
18:33:32.0134 5620 UmRdpService - ok
18:33:32.0164 5620 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:33:32.0174 5620 upnphost - ok
18:33:32.0252 5620 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:33:32.0256 5620 USBAAPL - ok
18:33:32.0290 5620 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
18:33:32.0294 5620 usbccgp - ok
18:33:32.0337 5620 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:33:32.0341 5620 usbcir - ok
18:33:32.0388 5620 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:33:32.0391 5620 usbehci - ok
18:33:32.0429 5620 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:33:32.0436 5620 usbhub - ok
18:33:32.0465 5620 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:33:32.0468 5620 usbohci - ok
18:33:32.0496 5620 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:33:32.0499 5620 usbprint - ok
18:33:32.0523 5620 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:32.0527 5620 USBSTOR - ok
18:33:32.0575 5620 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:33:32.0578 5620 usbuhci - ok
18:33:32.0637 5620 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:33:32.0643 5620 UxSms - ok
18:33:32.0665 5620 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:33:32.0668 5620 VaultSvc - ok
18:33:32.0687 5620 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:33:32.0689 5620 vdrvroot - ok
18:33:32.0725 5620 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:33:32.0735 5620 vds - ok
18:33:32.0761 5620 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:32.0764 5620 vga - ok
18:33:32.0787 5620 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:33:32.0789 5620 VgaSave - ok
18:33:32.0822 5620 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:33:32.0826 5620 vhdmp - ok
18:33:32.0850 5620 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:33:32.0852 5620 viaagp - ok
18:33:32.0871 5620 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
18:33:32.0873 5620 ViaC7 - ok
18:33:32.0898 5620 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:33:32.0900 5620 viaide - ok
18:33:32.0932 5620 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:33:32.0937 5620 vmbus - ok
18:33:32.0965 5620 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:33:32.0967 5620 VMBusHID - ok
18:33:32.0995 5620 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:33:32.0997 5620 volmgr - ok
18:33:33.0029 5620 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:33:33.0036 5620 volmgrx - ok
18:33:33.0063 5620 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:33:33.0068 5620 volsnap - ok
18:33:33.0181 5620 [ E4D2305EBB9DE0871A1E13294D0F349B ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
18:33:33.0204 5620 vpnagent - ok
18:33:33.0272 5620 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:33:33.0277 5620 vsmraid - ok
18:33:33.0338 5620 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:33:33.0385 5620 VSS - ok
18:33:33.0425 5620 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:33:33.0429 5620 vwifibus - ok
18:33:33.0505 5620 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:33:33.0516 5620 W32Time - ok
18:33:33.0558 5620 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:33:33.0560 5620 WacomPen - ok
18:33:33.0591 5620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:33:33.0594 5620 WANARP - ok
18:33:33.0604 5620 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:33:33.0605 5620 Wanarpv6 - ok
18:33:33.0713 5620 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:33:33.0762 5620 WatAdminSvc - ok
18:33:33.0838 5620 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:33:33.0886 5620 wbengine - ok
18:33:33.0914 5620 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:33:33.0923 5620 WbioSrvc - ok
18:33:33.0966 5620 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:33:33.0977 5620 wcncsvc - ok
18:33:34.0019 5620 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:33:34.0025 5620 WcsPlugInService - ok
18:33:34.0104 5620 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:33:34.0107 5620 Wd - ok
18:33:34.0149 5620 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:33:34.0169 5620 Wdf01000 - ok
18:33:34.0195 5620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:33:34.0201 5620 WdiServiceHost - ok
18:33:34.0219 5620 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:33:34.0226 5620 WdiSystemHost - ok
18:33:34.0275 5620 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:33:34.0284 5620 WebClient - ok
18:33:34.0312 5620 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:33:34.0319 5620 Wecsvc - ok
18:33:34.0338 5620 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:33:34.0343 5620 wercplsupport - ok
18:33:34.0408 5620 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:33:34.0415 5620 WerSvc - ok
18:33:34.0479 5620 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:34.0483 5620 WfpLwf - ok
18:33:34.0532 5620 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:33:34.0535 5620 WIMMount - ok
18:33:34.0645 5620 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:33:34.0666 5620 WinDefend - ok
18:33:34.0691 5620 WinHttpAutoProxySvc - ok
18:33:34.0792 5620 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:33:34.0798 5620 Winmgmt - ok
18:33:34.0858 5620 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
18:33:34.0906 5620 WinRM - ok
18:33:34.0985 5620 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:33:34.0989 5620 WinUsb - ok
18:33:35.0078 5620 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:33:35.0114 5620 Wlansvc - ok
18:33:35.0321 5620 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:33:35.0381 5620 wlidsvc - ok
18:33:35.0425 5620 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:33:35.0427 5620 WmiAcpi - ok
18:33:35.0507 5620 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:33:35.0512 5620 wmiApSrv - ok
18:33:35.0628 5620 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:33:35.0664 5620 WMPNetworkSvc - ok
18:33:35.0693 5620 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:33:35.0699 5620 WPCSvc - ok
18:33:35.0734 5620 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:33:35.0745 5620 WPDBusEnum - ok
18:33:35.0811 5620 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:33:35.0814 5620 ws2ifsl - ok
18:33:35.0853 5620 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:33:35.0861 5620 wscsvc - ok
18:33:35.0902 5620 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:33:35.0905 5620 WSDPrintDevice - ok
18:33:35.0922 5620 WSearch - ok
18:33:36.0042 5620 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:33:36.0124 5620 wuauserv - ok
18:33:36.0179 5620 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:33:36.0183 5620 WudfPf - ok
18:33:36.0247 5620 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:33:36.0253 5620 WUDFRd - ok
18:33:36.0277 5620 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:33:36.0285 5620 wudfsvc - ok
18:33:36.0350 5620 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:33:36.0359 5620 WwanSvc - ok
18:33:36.0554 5620 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:33:36.0608 5620 YahooAUService - ok
18:33:36.0666 5620 ================ Scan global ===============================
18:33:36.0734 5620 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:33:36.0783 5620 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:33:36.0806 5620 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
18:33:36.0853 5620 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:33:36.0921 5620 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:33:36.0929 5620 [Global] - ok
18:33:36.0930 5620 ================ Scan MBR ==================================
18:33:36.0940 5620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:33:37.0395 5620 \Device\Harddisk0\DR0 - ok
18:33:37.0396 5620 ================ Scan VBR ==================================
18:33:37.0401 5620 [ 6B48A0A0B636AEAE6A09BDB905E60DC1 ] \Device\Harddisk0\DR0\Partition1
18:33:37.0403 5620 \Device\Harddisk0\DR0\Partition1 - ok
18:33:37.0405 5620 ============================================================
18:33:37.0405 5620 Scan finished
18:33:37.0405 5620 ============================================================
18:33:37.0425 4084 Detected object count: 0
18:33:37.0425 4084 Actual detected object count: 0
18:34:31.0857 5048 Deinitialize success

ESET online scanner

C:\Users\Sandy\Downloads\asc-setup(1).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Sandy\Downloads\asc-setup(3).exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Sandy\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:17 AM

Posted 11 October 2012 - 08:40 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 sandman512

sandman512
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 13 October 2012 - 07:35 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Sandy :: SANDY-PC [administrator]

10/13/2012 1:30:00 AM
mbam-log-2012-10-13 (01-30-00).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319951
Time elapsed: 2 hour(s), 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MiniToolBox by Farbar Version: 23-07-2012
Ran by Sandy (administrator) on 12-10-2012 at 06:48:00
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Hardware not present)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="ethernet_11" forwarding=enabled advertise=enabled metric=1 nud=enabled
set subinterface interface=? subinterface=ethernet_9 mtu=1477


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Sandy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1B-77-D9-48-F5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2964:c8d0:6cba:b28d%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, October 12, 2012 6:23:19 AM
Lease Expires . . . . . . . . . . : Saturday, October 13, 2012 6:23:23 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184556407
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-DE-D2-6E-00-1C-23-A3-2E-A5
DNS Servers . . . . . . . . . . . : 167.206.254.2
167.206.254.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1C-26-F2-5D-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c56:2926:ba85:38ab(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c56:2926:ba85:38ab%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{D673E355-1B8B-4662-92BC-9AD3981E6302}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: google.com
Addresses: 2607:f8b0:4006:803::1000
173.194.43.37
173.194.43.33
173.194.43.35
173.194.43.38
173.194.43.46
173.194.43.41
173.194.43.32
173.194.43.39
173.194.43.36
173.194.43.40
173.194.43.34


Pinging google.com [173.194.43.35] with 32 bytes of data:
Request timed out.
Reply from 173.194.43.35: bytes=32 time=26ms TTL=55

Ping statistics for 173.194.43.35:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 26ms, Average = 26ms
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: yahoo.com
Addresses: 98.138.253.109
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Reply from 98.139.183.24: bytes=32 time=178ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 178ms, Maximum = 178ms, Average = 178ms
Server: vdns2.srv.hcvlny.cv.net
Address: 167.206.254.2

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...00 1b 77 d9 48 f5 ......Intel® PRO/Wireless 3945ABG Network Connection
12...00 1c 26 f2 5d e7 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 281
192.168.1.107 255.255.255.255 On-link 192.168.1.107 281
192.168.1.255 255.255.255.255 On-link 192.168.1.107 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:9d38:6ab8:1c56:2926:ba85:38ab/128
On-link
20 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::1c56:2926:ba85:38ab/128
On-link
20 281 fe80::2964:c8d0:6cba:b28d/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
20 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 10 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/12/2012 06:24:13 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.

Error: (10/12/2012 06:24:13 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.107:5353 22 Sandy-PC._printershare._tcp.local. SRV 0 0 25654 Sandy-PC.local.

Error: (10/12/2012 06:24:12 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.

Error: (10/12/2012 06:24:12 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.

Error: (10/12/2012 06:24:12 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00AE6F08 Pkt Record: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 25654 Sandy-PC.local.

Error: (10/12/2012 06:24:11 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.

Error: (10/12/2012 06:24:11 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00AE6F08 Pkt Record: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 25654 Sandy-PC.local.

Error: (10/12/2012 06:24:11 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 2 won: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 25654 Sandy-PC.local.

Error: (10/12/2012 06:24:11 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00AE6F08 Pkt Record: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.

Error: (10/12/2012 06:24:11 AM) (Source: Bonjour Service) (User: )
Description: ResolveSimultaneousProbe: 00000000 Our Record 3 lost: CA102CCA 22 Sandy-PC._printershare._tcp.local. SRV 0 0 13924 Sandy-PC.local.


System errors:
=============
Error: (10/12/2012 06:24:35 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/12/2012 06:23:05 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/12/2012 06:23:16 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:21:21 AM on ?10/?12/?2012 was unexpected.

Error: (10/12/2012 06:22:39 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/12/2012 06:22:39 AM) (Source: volmgr) (User: )
Description: Crash dump initialization failed!

Error: (10/12/2012 06:21:21 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/12/2012 06:21:17 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/12/2012 06:21:13 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/12/2012 06:21:09 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (10/12/2012 06:21:04 AM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ACDSee Photo Manager 2009 (Version: 11.0.108)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.6 (Version: 11.6.7.637)
Advanced WMA Workshop version 2.7.2 (Version: 2.7.2)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
Amazon MP3 Uploader (Version: 1.0.1)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-490CW (Version: 1.0.1.0)
CCleaner (Version: 3.23)
Cisco AnyConnect VPN Client (Version: 2.4.0202)
Cisco Connect (Version: 1.4.11299.0)
Citrix online plug-in - web (Version: 12.1.0.30)
Citrix online plug-in (DV) (Version: 12.1.0.30)
Citrix online plug-in (HDX) (Version: 12.1.0.30)
Citrix online plug-in (USB) (Version: 12.1.0.30)
Citrix online plug-in (Web) (Version: 12.1.0.30)
CleanUp!
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Driver Download Manager (Version: 2.1.0.0)
doubleTwist (Version: 3.1.0.9758)
ESET Online Scanner v3
Fast DVD Ripper 1.1
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
File Uploader (Version: 1.2.5)
Free RAR Extract Frog (Version: 2.15)
Google Chrome (Version: 22.0.1229.94)
HandBrake 0.9.5 (Version: 0.9.5)
HijackThis 2.0.2 (Version: 2.0.2)
iCloud (Version: 2.0.2.187)
InfraRecorder
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel® TV Wizard
iolo technologies' System Mechanic (Version: 10.7.6)
iTunes (Version: 10.7.0.21)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Juniper Networks Setup Client (Version: 2.2.5.9755)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox (3.6.25) (Version: 3.6.25 (en-GB))
Mozilla Firefox 16.0 (x86 en-US) (Version: 16.0)
Mozilla Maintenance Service (Version: 16.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
Norton Security Scan (Version: 3.7.2.5)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Package: Samsung Galaxy S3 ToolKit (Version: 2.3.0.0)
PrinterShare 2.3.06 (Version: 2.3.6.0)
QuickTime (Version: 7.72.80.56)
Remote Control USB Driver (Version: 2.3.2.317)
Revo Uninstaller 1.93 (Version: 1.93)
Safari (Version: 5.34.57.2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.800.0)
SDFormatter (Version: 3.0.0)
Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware Free Edition (Version: 4.33.0.1000)
swMSM (Version: 12.0.0.1)
System Requirements Lab for Intel (Version: 4.4.24.0)
TeamViewer 7 (Version: 7.0.12313)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3535)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0425)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0202)
TurboTax 2010 wnyiper (Version: 010.000.1240)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2727)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0436)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0210)
TurboTax 2011 wnyiper (Version: 011.000.1464)
TurboTax 2011 wrapper (Version: 011.000.0120)
Unity Web Player (Version: 2.6.0f7_29850)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.11 (Version: 1.1.11)
WavePad Sound Editor
WBFS Manager 3.0 (Version: 3.0)
WIDCOMM Bluetooth Software (Version: 6.3.0.6900)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinPatrol 2009 (Version: 17.0.2010.0)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinX DVD Copy Pro 2.0.0
WinX DVD Ripper Platinum 6.0.2
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3574.04 MB
Available physical RAM: 2435.51 MB
Total Pagefile: 7146.38 MB
Available Pagefile: 5726.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.16 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.71 GB) (Free:27.2 GB) NTFS

========================= Users: ========================================

User accounts for \\SANDY-PC

Administrator Guest Sandy

========================= Restore Points ==================================

27-09-2012 11:07:35 Windows Update
04-10-2012 12:31:16 Scheduled Checkpoint
10-10-2012 11:54:04 Windows Update

**** End of log ****

Farbar Service Scanner Version: 07-10-2012
Ran by Sandy (administrator) on 12-10-2012 at 06:51:03
Running from "C:\Users\Sandy\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is offline
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-12 06:25] - [2012-08-22 13:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 07:07] - [2012-06-02 00:36] - 0140288 ____A (Microsoft Corporation) 96C0E38905CFD788313BE8E11DAE3F2F

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 06:52:45
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Sandy - SANDY-PC
# Boot Mode : Normal
# Running from : C:\Users\Sandy\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\cd6ze7t3.default\searchplugins\Askcom.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default
File : C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\cd6ze7t3.default\prefs.js

C:\Users\Sandy\AppData\Roaming\Mozilla\Firefox\Profiles\cd6ze7t3.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Sandy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1698 octets] - [12/10/2012 06:52:45]

########## EOF - C:\AdwCleaner[S1].txt - [1758 octets] ##########


Junkware Removal Tool (JRT) by Thisisu
Version: 1.4.9 (10.12.2012)
OS: Windows 7 Professional x86
Ran by Sandy on Fri 10/12/2012 at 7:49:12.16
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files:

Successfully deleted: [FILE] C:\Program Files\coupons\Coupons.ico
Successfully deleted: [FILE] C:\Program Files\coupons\CouponsDotCom.url
Successfully deleted: [FILE] C:\Program Files\coupons\uninstall.exe



*** Folders:

Successfully deleted: [FOLDER] "C:\Program Files\coupons"



*** FireFox detected and repaired

Successfully deleted: [npCouponPrinter.dll] from [FF plugins]
Successfully deleted: [npMozCouponPrinter.dll] from [FF plugins]


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Fri 10/12/2012 at 7:54:48.42
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:17 AM

Posted 13 October 2012 - 07:38 AM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 sandman512

sandman512
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 13 October 2012 - 07:46 AM

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/13/2012 08:43:02 AM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
* HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

*
No issues found.

Program finished at: 10/13/2012 08:43:18 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AmazonGSDownloaderTray" "TaskTray Application" "Amazon.com" "c:\program files\amazon\amazon games & software downloader\amazongsdownloadertray.exe"
+ "AppleSyncNotifier" "AppleSyncNotifier" "Apple Inc." "c:\program files\common files\apple\mobile device support\applesyncnotifier.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgtray.exe"
+ "BrMfcWnd" "Brother Status Monitor Application" "Brother Industries, Ltd." "c:\program files\brother\brmfcmon\brmfcwnd.exe"
+ "ConnectionCenter" "Citrix online plug-in Connection Center" "Citrix Systems, Inc." "c:\program files\citrix\ica client\concentr.exe"
+ "ControlCenter3" "ControlCenter Program" "Brother Industries, Ltd." "c:\program files\brother\controlcenter3\brctrcen.exe"
+ "GrooveMonitor" "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovemonitor.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "iolo Startup" "iolo System component" "iolo technologies, LLC" "c:\program files\iolo\common\lib\iololmanager.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
+ "Malwarebytes Anti-Malware (reboot)" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbam.exe"
+ "Nikon Transfer Monitor" "Nikon Transfer Monitor" "Nikon Corporation" "c:\program files\common files\nikon\monitor\nkmonitor.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "WinPatrol" "WinPatrol System Monitor" "BillP Studios" "c:\program files\billp studios\winpatrol\winpatrol.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Secunia PSI Tray.lnk" "Secunia PSI Tray" "Secunia" "c:\program files\secunia\psi\psi_tray.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Device Detector" "Device Detector" "ACD Systems" "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\sandy\appdata\local\google\update\googleupdate.exe"
+ "MobileDocuments" "" "" "File not found: C:\Program Files\Common Files\Apple\Internet Services\ubd.exe"
+ "PrinterShare" "PrinterAnywhere Console" "PrinterAnywhere" "c:\program files\printershare\paconsole.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "SpybotSD TeaTimer" "System settings protector" "Safer-Networking Ltd." "c:\program files\spybot - search & destroy\teatimer.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "application/x-ica" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=euc-jp" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=ISO-8859-1" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=MS936" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=MS949" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=MS950" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=UTF-8" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica; charset=UTF8" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=euc-jp" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=ISO-8859-1" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=MS936" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=MS949" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=MS950" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=UTF-8" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "application/x-ica;charset=UTF8" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "ica" "Citrix online plug-in ICAMimeFilter DLL" "Citrix Systems, Inc." "c:\program files\citrix\ica client\icamimefilter.dll"
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "grooveLocalGWS" "GrooveSystemServices Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\groovesystemservices.dll"
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgpp.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "" "" "File not found: C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll"
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "AWMAWShlExt" "Advanced WMA Workshop shell extension" "LitexMedia, Inc." "c:\program files\litexmedia\advanced wma workshop\awmaw_shellext.dll"
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\system32\incinerator32.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files\common files\apple\internet services\shellstreams.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "Advanced SystemCare" "" "" "File not found: C:\Program Files\IObit\Advanced SystemCare 4\ASCv4ExtMenu.dll"
+ "AWMAWShlExt" "Advanced WMA Workshop shell extension" "LitexMedia, Inc." "c:\program files\litexmedia\advanced wma workshop\awmaw_shellext.dll"
+ "Incinerator" "iolo Incinerator ®" "iolo technologies, LLC" "c:\windows\system32\incinerator32.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btncopy.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgse.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "&Yahoo! Toolbar Helper" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn2\yt.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgssie.dll"
+ "Groove GFS Browser Helper" "GrooveShellExtensions Module" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveshellextensions.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "PodcastBHO Class" "1.0" "doubleTwist Corporation" "c:\program files\common files\doubletwist\iepodcastplugin.dll"
+ "SingleInstance Class" "Yahoo! Single Instance for Mail" "Yahoo! Inc" "c:\program files\yahoo!\companion\installs\cpn2\ytsingleinstance.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn2\yt.dll"
+ "YTNavAssist.YTNavAssistPlugin Class" "Yahoo! Toolbar Nav Assistant plugin" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn2\ytnavassist.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Yahoo! Toolbar" "Yahoo! Toolbar" "Yahoo! Inc." "c:\program files\yahoo!\companion\installs\cpn2\yt.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgdtiex.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe online update program" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\Google Updater and Installer" "Google Installer" "Google Inc." "c:\users\sandy\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3936711693-2318320187-3020378953-1000Core" "Google Installer" "Google Inc." "c:\users\sandy\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-3936711693-2318320187-3020378953-1000UA" "Google Installer" "Google Inc." "c:\users\sandy\appdata\local\google\update\googleupdate.exe"
+ "\Java Update Scheduler" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Norton Security Scan for Sandy" "Norton Security Scan" "Symantec Corporation" "c:\program files\norton security scan\engine\3.7.2.5\nss.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "Amazon Download Agent" "Amazon Games & Software Downloader Service" "Amazon.com" "c:\program files\amazon\amazon games & software downloader\amazongsdownloaderservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "btwdins" "Handles installation and removal of Bluetooth devices." "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwdins.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "IntuitUpdateServiceV4" "Helps Intuit applications automatically update themselves." "Intuit Inc." "c:\program files\common files\intuit\update service v4\intuitupdateservice.exe"
+ "ioloSystemService" "iolo System component" "iolo technologies, LLC" "c:\program files\iolo\common\lib\ioloservicemanager.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MDM" "Supports local and remote debugging for Visual Studio and script debuggers. If this service is stopped, the debuggers will not function properly." "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "Microsoft Office Groove Audit Service" "Groove Audit Service" "Microsoft Corporation" "c:\program files\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files\mozilla maintenance service\maintenanceservice.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "SBSDWSCService" "Spybot-S&D Security Center integration" "Safer Networking Ltd." "c:\program files\spybot - search & destroy\sdwinsec.exe"
+ "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\psia.exe"
+ "Secunia Update Agent" "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\sua.exe"
+ "TeamViewer7" "TeamViewer Remote Software" "TeamViewer GmbH" "c:\program files\teamviewer\version7\teamviewer_service.exe"
+ "vpnagent" "Cisco AnyConnect VPN Agent for Windows" "Cisco Systems, Inc." "c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aic78xx" "Adaptec Ultra SCSI miniport" "Adaptec, Inc." "c:\windows\system32\drivers\djsvs.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows family" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "androidusb" "ADB Interface" "Google Inc" "c:\windows\system32\drivers\ssadadb.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdriverx.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfilterx.sys"
+ "AVGIDSHX" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidshx.sys"
+ "AVGIDSShim" "AVG Technologies IDS Application Activity Monitor Shim Loader Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsshimx.sys"
+ "Avgldx86" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx86.sys"
+ "Avgmfx86" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx86.sys"
+ "Avgrkx86" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx86.sys"
+ "Avgtdix" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdix.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbdx.sys"
+ "b57nd60x" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60x.sys"
+ "bcm4sbxp" "Broadcom Corporation NDIS 5.1 ethernet driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcm4sbxp.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btusbflt" "Widcomm Bluetooth USB Filter for Windows XP" "Broadcom Corporation." "c:\windows\system32\drivers\btusbflt.sys"
+ "BTWAMPFL" "btwampfl Bluetooth filter driver" "Broadcom Corporation." "c:\windows\system32\drivers\btwampfl.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ctxusbm" "Citrix USB Filter Driver" "Citrix Systems, Inc." "c:\windows\system32\drivers\ctxusbm.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbdx.sys"
+ "ElRawDisk" "RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008." "EldoS Corporation" "c:\windows\system32\drivers\elrawdsk.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "iPodDrv" "doubleTwist iPod Driver" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\ipoddrv.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7 for x86" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netw5v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw5v32.sys"
+ "NETwLv32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwlv32.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASENUM" "SASENUM.SYS" " SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasenum.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv3.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt3.sys"
+ "ssadbus" "SAMSUNG Android USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\ssadbus.sys"
+ "ssadmdfl" "SAMSUNG Android USB Modem (Filter)" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdfl.sys"
+ "ssadmdm" "SAMSUNG Android USB Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\ssadmdm.sys"
+ "sscdbus" "SAMSUNG USB Composite Device Driver" "MCCI Corporation" "c:\windows\system32\drivers\sscdbus.sys"
+ "sscdmdfl" "SAMSUNG Mobile Modem Filter" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdfl.sys"
+ "sscdmdm" "SAMSUNG Mobile Modem Drivers" "MCCI Corporation" "c:\windows\system32\drivers\sscdmdm.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "ACDEncodeQT" "ACD QuickTime Encoder" "ACD Systems" "c:\program files\common files\acd systems\video\acdencodeqt.ax"
+ "ACDFX Filter" "ACDFX DirectShow Transform Filter" "ACD Systems" "c:\program files\common files\acd systems\acdfx.ax"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\ffdshow\ffdshow.ax"
+ "FLV Source" "FLV Splitter" "Gabest" "c:\program files\ffdshow\flvsplitter.ax"
+ "FLV Splitter" "FLV Splitter" "Gabest" "c:\program files\ffdshow\flvsplitter.ax"
+ "FLV4 Video Decoder" "FLV Splitter" "Gabest" "c:\program files\ffdshow\flvsplitter.ax"
+ "MainConcept (Nikon) MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept (Nikon) MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikonesmpeg.ax"
+ "MainConcept (Nikon) MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG (Nikon)" "c:\program files\common files\nikon\mpeg\nikondsmpeg.ax"
+ "MainConcept MPEG Encoder" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files\acd systems\acdsee\11.0\mcesmpeg.ax"
+ "Matroska Source" "Matroska Splitter" "Gabest" "c:\program files\ffdshow\matroskasplitter.ax"
+ "Matroska Splitter" "Matroska Splitter" "Gabest" "c:\program files\ffdshow\matroskasplitter.ax"
+ "MP4 Source" "MP4 Splitter" "Gabest" "c:\program files\ffdshow\mp4splitter.ax"
+ "MP4 Splitter" "MP4 Splitter" "Gabest" "c:\program files\ffdshow\mp4splitter.ax"
+ "Mpeg Source" "Mpeg Splitter" "Gabest" "c:\program files\ffdshow\mpegsplitter.ax"
+ "Mpeg Splitter" "Mpeg Splitter" "Gabest" "c:\program files\ffdshow\mpegsplitter.ax"
+ "MPEG4 Video Source" "MP4 Splitter" "Gabest" "c:\program files\ffdshow\mp4splitter.ax"
+ "MPEG4 Video Splitter" "MP4 Splitter" "Gabest" "c:\program files\ffdshow\mp4splitter.ax"
+ "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
+ "muvee WAV Encoder" "mvWavEncoder Filter (Sample)" "Microsoft Corporation" "c:\program files\common files\muvee technologies\030625\mvwavenc.ax"
+ "Ogg Source" "Ogg Splitter" "Gabest" "c:\program files\ffdshow\oggsplitter.ax"
+ "Ogg Splitter" "Ogg Splitter" "Gabest" "c:\program files\ffdshow\oggsplitter.ax"
+ "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files\avg\avg2012\avgrsx.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "BtwCredentialProvider" "BtwCP DLL" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\btwcp.dll"
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"C:\Users\Sandy\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"

Edited by sandman512, 13 October 2012 - 07:47 AM.


#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:17 AM

Posted 13 October 2012 - 08:45 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#9 sandman512

sandman512
  • Topic Starter

  • Members
  • 120 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:17 AM

Posted 13 October 2012 - 10:28 AM

Thank you!

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:17 AM

Posted 13 October 2012 - 10:29 AM

You're welcome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users