Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Police Virus


  • Please log in to reply
42 replies to this topic

#1 ConfusedGuy92

ConfusedGuy92

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 02:09 AM

I had got this before, and I easily solved it with safe mode > mbam, problem solved.

I got it again, this time a different variant, all in Irish. Same deal I'm assuming though as it has taken control of the screen and works the same way as before.

I did the usual, got 7 hits with mbam, got rid of them, restarted...nope, still there.

I've downloaded the free trial of AVG and am searching right now, but I'm getting a lot of errors on the command line scan with AVG in safe mode and in the first 5 minutes I already had 5 hits with mbam. I'm not sure if this is spreading but I'll post my complete scan results and hopefully one of you can give some further assistance. The command line closed itself so I can't post it's logs, but I do know that if found roughly 5 trojans and 2 lohe.boxed, all of which were healed (with the exception of a few broken digital sigs). I'll post my mbam log in my next post.

*Running XP

Thanks, CG

BC AdBot (Login to Remove)

 


#2 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 02:10 AM

Just noticed that it saved the command line's log to my desktop, this is what returned...

AVG 2013 Anti-Virus command line scanner
Copyright © 1992 - 2012 AVG Technologies
Program version 2013.0.2741, engine 2013.0.2614
Virus Database: Version 2614/5838 2012-10-17
06:13:23 New high severity detection:
HKU\S-1-5-21-2071956835-2444239964-2862127085-1000\Software\Microsoft\Windows\CurrentVersion\Run\\mlYyH
Description: Found registry key with reference to infected file C:\Users\Tony\AppData\Roaming\mSFco.exe

Successfully healed.
06:13:24 New high severity detection:
HKU\S-1-5-21-2071956835-2444239964-2862127085-1000\Software\Microsoft\Windows\CurrentVersion\Run\\omWDn
Description: Found registry key with reference to infected file C:\Users\Tony\AppData\Roaming\LrRyJ.exe

Successfully healed.
06:14:07 Error 0xc007045d:
C:\Windows\system32\DRIVERS\igdkmd64.sys
06:14:24 Error 0xe0010058:
c:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\
06:14:24 Error 0xe0010058:
c:\Documents and Settings\
06:20:42 Error 0xe0010058:
c:\ProgramData\Desktop\
06:20:42 Error 0xe0010058:
c:\ProgramData\Documents\
06:20:42 Error 0xe0010058:
c:\ProgramData\Favorites\
06:21:32 Error 0xe0010058:
c:\System Volume Information\
06:21:41 Error 0xe0010058:
c:\Users\Default\AppData\Local\History\
06:21:42 Error 0xe0010058:
c:\Users\Default\AppData\Local\Temporary Internet Files\
06:21:42 Error 0xe0010058:
c:\Users\Default\Cookies\
06:21:42 Error 0xe0010058:
c:\Users\Default\Documents\My Music\
06:21:42 Error 0xe0010058:
c:\Users\Default\Documents\My Pictures\
06:21:42 Error 0xe0010058:
c:\Users\Default\Documents\My Videos\
06:21:42 Error 0xe0010058:
c:\Users\Default\NetHood\
06:21:42 Error 0xe0010058:
c:\Users\Default\PrintHood\
06:21:42 Error 0xe0010058:
c:\Users\Default\Recent\
06:21:42 Error 0xe0010058:
c:\Users\Default\Templates\
06:21:42 Error 0xe0010058:
c:\Users\Public\Documents\My Music\
06:21:42 Error 0xe0010058:
c:\Users\Public\Documents\My Pictures\
06:21:42 Error 0xe0010058:
c:\Users\Public\Documents\My Videos\
06:21:55 Error 0xe0010058:
c:\Users\Tony\AppData\Local\History\
06:24:50 Error 0xe0010058:
c:\Users\Tony\Documents\My Music\
06:24:50 Error 0xe0010058:
c:\Users\Tony\Documents\My Pictures\
06:24:50 Error 0xe0010058:
c:\Users\Tony\Documents\My Videos\
06:24:54 Error 0xe0010058:
c:\Users\Tony\NetHood\
06:24:55 Error 0xe0010058:
c:\Users\Tony\PrintHood\
06:24:55 Error 0xe0010058:
c:\Users\Tony\Templates\
06:25:39 New high severity detection:
c:\Users\Tony\AppData\Local\Temp\tmp19a8ee2d\44.exe
Description: Trojan horse Agent3.CCQT

Successfully healed.
06:29:16 New low severity detection:
c:\Users\Tony\Documents\Tony\Dell Laptop Downloads\R78499.EXE
Description: The file is signed with a broken digital signature, issued by: Dell Inc.

Healing action failed with error 0xe0010002
06:29:19 New low severity detection:
c:\Users\Tony\Documents\Tony\Dell Laptop Downloads\R99254.EXE
Description: The file is signed with a broken digital signature, issued by: Dell Inc.

Healing action failed with error 0xe0010002
06:30:12 New low severity detection:
c:\Users\Tony\Documents\Tony\Dell Laptop Downloads\R114079.EXE
Description: The file is signed with a broken digital signature, issued by: Dell Inc.

Healing action failed with error 0xe0010002
06:31:02 New high severity detection:
c:\Users\Tony\AppData\Roaming\pJuGb.exe
Description: Trojan horse Agent3.CCQT

Successfully healed.
06:39:24 New high severity detection:
c:\Users\Tony\AppData\Local\Temp\tmp518b1b95\6.exe
Description: Trojan horse Agent3.CBTK

Successfully healed.
06:39:39 New high severity detection:
c:\Users\Tony\AppData\Roaming\uAlwp.exe
Description: Trojan horse PSW.Generic10.RZP

Successfully healed.
06:45:52 Error 0xe0010058:
c:\Windows\System32\LogFiles\WMI\RtBackup\
06:48:05 New high severity detection:
c:\Windows\Temp\tmp000072bf\tmp000093bc
Description: Found Luhe.Boxed.S

Successfully healed.
06:48:07 New high severity detection:
c:\Windows\Temp\tmp000072bf\tmp000093bd
Description: Found Luhe.Boxed.S

Successfully healed.
06:55:31 Error 0xe0010058:
d:\System Volume Information\

------------------------------------------------------------
Test started: 18.10.2012 6:13:01
Duration of test: 43 minute(s) 41 second(s)
------------------------------------------------------------
Objects scanned : 194987
Found infections : 11
Found high severity : 8
Found med severity : 0
Found info severity : 3
Fixed high severity : 8
Fixed med severity : 0
Fixed info severity : 0
------------------------------------------------------------

#3 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 02:22 AM

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.16.13

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Tony :: TONY-HP [administrator]

18/10/2012 07:15:44
mbam-log-2012-10-18 (07-15-44).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339863
Time elapsed: 1 hour(s), 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Tony\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 7
C:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\U\00000004.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\U\000000cb.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\U\80000000.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2071956835-2444239964-2862127085-1000\$12a17e12329f2f8711d8ca6e7b1dd358\U\80000064.@ (Trojan.0Access) -> Quarantined and deleted successfully.
C:\Users\Tony\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\Tony\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

#4 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 02:51 AM

No use. Upon starting it out of Safe Mode, I was given a message about my files being accessed by simultanious OfficeOrg programs, and that it could be someone else accessing them. The police message (Im assuming it is police, but in general it's the same pop up/ransom deal) still appears unlike it did before. It seems like this is a more extreme version, so I'll need held to get some more extreme means of cleaning out the infection. Responses greatly appreciated.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:12 PM

Posted 18 October 2012 - 03:55 AM

Do not run any tools unless instructed.Boot into safemode with networking

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#6 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 05:52 AM

Really appreciate the response man.

TDSSKiller Log

11:49:20.0665 1188 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:49:20.0915 1188 ============================================================
11:49:20.0915 1188 Current date / time: 2012/10/18 11:49:20.0915
11:49:20.0915 1188 SystemInfo:
11:49:20.0915 1188
11:49:20.0915 1188 OS Version: 6.1.7601 ServicePack: 1.0
11:49:20.0915 1188 Product type: Workstation
11:49:20.0915 1188 ComputerName: TONY-HP
11:49:20.0915 1188 UserName: Tony
11:49:20.0915 1188 Windows directory: C:\Windows
11:49:20.0915 1188 System windows directory: C:\Windows
11:49:20.0915 1188 Running under WOW64
11:49:20.0915 1188 Processor architecture: Intel x64
11:49:20.0915 1188 Number of processors: 4
11:49:20.0915 1188 Page size: 0x1000
11:49:20.0915 1188 Boot type: Safe boot with network
11:49:20.0915 1188 ============================================================
11:49:21.0430 1188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:49:21.0430 1188 ============================================================
11:49:21.0430 1188 \Device\Harddisk0\DR0:
11:49:21.0430 1188 MBR partitions:
11:49:21.0430 1188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:49:21.0430 1188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23856800
11:49:21.0430 1188 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x238BA800, BlocksNum 0x1B40000
11:49:21.0430 1188 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
11:49:21.0430 1188 ============================================================
11:49:21.0461 1188 C: <-> \Device\Harddisk0\DR0\Partition2
11:49:21.0523 1188 D: <-> \Device\Harddisk0\DR0\Partition3
11:49:21.0523 1188 ============================================================
11:49:21.0523 1188 Initialize success
11:49:21.0523 1188 ============================================================
11:49:50.0524 2492 ============================================================
11:49:50.0524 2492 Scan started
11:49:50.0524 2492 Mode: Manual; TDLFS;
11:49:50.0524 2492 ============================================================
11:49:51.0553 2492 ================ Scan system memory ========================
11:49:51.0553 2492 System memory - ok
11:49:51.0553 2492 ================ Scan services =============================
11:49:51.0803 2492 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:49:51.0819 2492 1394ohci - ok
11:49:51.0850 2492 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:49:51.0850 2492 ACPI - ok
11:49:51.0897 2492 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:49:51.0897 2492 AcpiPmi - ok
11:49:52.0006 2492 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:49:52.0021 2492 AdobeARMservice - ok
11:49:52.0224 2492 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:49:52.0224 2492 AdobeFlashPlayerUpdateSvc - ok
11:49:52.0333 2492 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:49:52.0333 2492 adp94xx - ok
11:49:52.0396 2492 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:49:52.0396 2492 adpahci - ok
11:49:52.0458 2492 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:49:52.0458 2492 adpu320 - ok
11:49:52.0489 2492 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:49:52.0489 2492 AeLookupSvc - ok
11:49:52.0552 2492 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:49:52.0552 2492 AFD - ok
11:49:52.0630 2492 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:49:52.0630 2492 agp440 - ok
11:49:52.0661 2492 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:49:52.0661 2492 ALG - ok
11:49:52.0723 2492 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:49:52.0723 2492 aliide - ok
11:49:52.0739 2492 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:49:52.0739 2492 amdide - ok
11:49:52.0786 2492 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
11:49:52.0786 2492 AmdK8 - ok
11:49:52.0801 2492 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:49:52.0817 2492 AmdPPM - ok
11:49:52.0895 2492 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:49:52.0895 2492 amdsata - ok
11:49:52.0926 2492 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:49:52.0926 2492 amdsbs - ok
11:49:52.0942 2492 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:49:52.0942 2492 amdxata - ok
11:49:53.0004 2492 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:49:53.0004 2492 AppID - ok
11:49:53.0035 2492 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:49:53.0035 2492 AppIDSvc - ok
11:49:53.0051 2492 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:49:53.0051 2492 Appinfo - ok
11:49:53.0082 2492 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
11:49:53.0098 2492 arc - ok
11:49:53.0113 2492 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:49:53.0113 2492 arcsas - ok
11:49:53.0160 2492 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:49:53.0160 2492 AsyncMac - ok
11:49:53.0207 2492 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:49:53.0207 2492 atapi - ok
11:49:53.0301 2492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:49:53.0316 2492 AudioEndpointBuilder - ok
11:49:53.0316 2492 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:49:53.0332 2492 AudioSrv - ok
11:49:53.0597 2492 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
11:49:53.0706 2492 AVGIDSAgent - ok
11:49:53.0784 2492 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:49:53.0784 2492 AVGIDSDriver - ok
11:49:53.0784 2492 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:49:53.0784 2492 AVGIDSHA - ok
11:49:53.0847 2492 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:49:53.0847 2492 Avgldx64 - ok
11:49:53.0925 2492 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
11:49:53.0940 2492 Avgloga - ok
11:49:53.0987 2492 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:49:53.0987 2492 Avgmfx64 - ok
11:49:54.0081 2492 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:49:54.0081 2492 Avgrkx64 - ok
11:49:54.0096 2492 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:49:54.0096 2492 Avgtdia - ok
11:49:54.0127 2492 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
11:49:54.0127 2492 avgwd - ok
11:49:54.0190 2492 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:49:54.0190 2492 AxInstSV - ok
11:49:54.0237 2492 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
11:49:54.0252 2492 b06bdrv - ok
11:49:54.0315 2492 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:49:54.0315 2492 b57nd60a - ok
11:49:54.0393 2492 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:49:54.0393 2492 BBSvc - ok
11:49:54.0471 2492 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:49:54.0486 2492 BCM43XX - ok
11:49:54.0533 2492 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:49:54.0533 2492 BDESVC - ok
11:49:54.0580 2492 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:49:54.0580 2492 Beep - ok
11:49:54.0642 2492 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:49:54.0642 2492 BFE - ok
11:49:54.0705 2492 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
11:49:54.0705 2492 blbdrive - ok
11:49:54.0736 2492 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:49:54.0736 2492 bowser - ok
11:49:54.0767 2492 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:49:54.0767 2492 BrFiltLo - ok
11:49:54.0814 2492 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:49:54.0814 2492 BrFiltUp - ok
11:49:54.0845 2492 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:49:54.0845 2492 Browser - ok
11:49:54.0861 2492 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:49:54.0876 2492 Brserid - ok
11:49:54.0876 2492 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:49:54.0876 2492 BrSerWdm - ok
11:49:54.0907 2492 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:49:54.0907 2492 BrUsbMdm - ok
11:49:54.0923 2492 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:49:54.0923 2492 BrUsbSer - ok
11:49:54.0939 2492 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:49:54.0939 2492 BTHMODEM - ok
11:49:55.0017 2492 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:49:55.0017 2492 bthserv - ok
11:49:55.0079 2492 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:49:55.0079 2492 cdfs - ok
11:49:55.0126 2492 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:49:55.0141 2492 cdrom - ok
11:49:55.0188 2492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:49:55.0188 2492 CertPropSvc - ok
11:49:55.0219 2492 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
11:49:55.0219 2492 circlass - ok
11:49:55.0251 2492 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:49:55.0251 2492 CLFS - ok
11:49:55.0313 2492 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:55.0313 2492 clr_optimization_v2.0.50727_32 - ok
11:49:55.0344 2492 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:49:55.0344 2492 clr_optimization_v2.0.50727_64 - ok
11:49:55.0422 2492 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:55.0422 2492 clr_optimization_v4.0.30319_32 - ok
11:49:55.0485 2492 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:49:55.0485 2492 clr_optimization_v4.0.30319_64 - ok
11:49:55.0547 2492 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:49:55.0547 2492 clwvd - ok
11:49:55.0625 2492 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
11:49:55.0625 2492 CmBatt - ok
11:49:55.0656 2492 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:49:55.0656 2492 cmdide - ok
11:49:55.0687 2492 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:49:55.0687 2492 CNG - ok
11:49:55.0734 2492 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
11:49:55.0734 2492 Compbatt - ok
11:49:55.0797 2492 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:49:55.0797 2492 CompositeBus - ok
11:49:55.0828 2492 COMSysApp - ok
11:49:55.0859 2492 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:49:55.0859 2492 crcdisk - ok
11:49:55.0921 2492 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:49:55.0921 2492 CryptSvc - ok
11:49:56.0015 2492 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:49:56.0015 2492 cvhsvc - ok
11:49:56.0077 2492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:49:56.0077 2492 DcomLaunch - ok
11:49:56.0140 2492 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:49:56.0140 2492 defragsvc - ok
11:49:56.0202 2492 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:49:56.0202 2492 DfsC - ok
11:49:56.0249 2492 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:49:56.0249 2492 Dhcp - ok
11:49:56.0296 2492 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:49:56.0296 2492 discache - ok
11:49:56.0374 2492 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
11:49:56.0374 2492 Disk - ok
11:49:56.0421 2492 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:49:56.0421 2492 Dnscache - ok
11:49:56.0483 2492 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:49:56.0483 2492 dot3svc - ok
11:49:56.0499 2492 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:49:56.0499 2492 DPS - ok
11:49:56.0561 2492 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:49:56.0561 2492 drmkaud - ok
11:49:56.0623 2492 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:49:56.0623 2492 DXGKrnl - ok
11:49:56.0655 2492 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:49:56.0655 2492 EapHost - ok
11:49:56.0733 2492 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
11:49:56.0764 2492 ebdrv - ok
11:49:56.0795 2492 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:49:56.0795 2492 EFS - ok
11:49:56.0873 2492 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:49:56.0889 2492 ehRecvr - ok
11:49:56.0904 2492 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:49:56.0904 2492 ehSched - ok
11:49:56.0967 2492 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:49:56.0967 2492 elxstor - ok
11:49:56.0998 2492 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:49:56.0998 2492 ErrDev - ok
11:49:57.0076 2492 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:49:57.0076 2492 EventSystem - ok
11:49:57.0107 2492 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:49:57.0107 2492 exfat - ok
11:49:57.0138 2492 ezSharedSvc - ok
11:49:57.0169 2492 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:49:57.0169 2492 fastfat - ok
11:49:57.0232 2492 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:49:57.0232 2492 Fax - ok
11:49:57.0263 2492 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
11:49:57.0263 2492 fdc - ok
11:49:57.0279 2492 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:49:57.0294 2492 fdPHost - ok
11:49:57.0294 2492 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:49:57.0294 2492 FDResPub - ok
11:49:57.0325 2492 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:49:57.0325 2492 FileInfo - ok
11:49:57.0341 2492 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:49:57.0341 2492 Filetrace - ok
11:49:57.0372 2492 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:49:57.0372 2492 flpydisk - ok
11:49:57.0419 2492 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:49:57.0419 2492 FltMgr - ok
11:49:57.0466 2492 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:49:57.0466 2492 FontCache - ok
11:49:57.0513 2492 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:49:57.0528 2492 FontCache3.0.0.0 - ok
11:49:57.0575 2492 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:49:57.0575 2492 FsDepends - ok
11:49:57.0606 2492 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:49:57.0606 2492 Fs_Rec - ok
11:49:57.0669 2492 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:49:57.0669 2492 fvevol - ok
11:49:57.0747 2492 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:49:57.0747 2492 gagp30kx - ok
11:49:57.0871 2492 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:49:57.0887 2492 GamesAppService - ok
11:49:57.0934 2492 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:49:57.0934 2492 gpsvc - ok
11:49:58.0059 2492 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:49:58.0059 2492 gupdate - ok
11:49:58.0105 2492 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:49:58.0105 2492 gupdatem - ok
11:49:58.0183 2492 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:49:58.0183 2492 gusvc - ok
11:49:58.0199 2492 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:49:58.0199 2492 hcw85cir - ok
11:49:58.0230 2492 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:49:58.0230 2492 HdAudAddService - ok
11:49:58.0277 2492 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:49:58.0277 2492 HDAudBus - ok
11:49:58.0324 2492 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:49:58.0324 2492 HECIx64 - ok
11:49:58.0355 2492 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:49:58.0355 2492 HidBatt - ok
11:49:58.0371 2492 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:49:58.0371 2492 HidBth - ok
11:49:58.0402 2492 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
11:49:58.0402 2492 HidIr - ok
11:49:58.0433 2492 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:49:58.0449 2492 hidserv - ok
11:49:58.0511 2492 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:49:58.0511 2492 HidUsb - ok
11:49:58.0558 2492 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:49:58.0558 2492 hkmsvc - ok
11:49:58.0573 2492 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:49:58.0589 2492 HomeGroupListener - ok
11:49:58.0605 2492 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:49:58.0620 2492 HomeGroupProvider - ok
11:49:58.0714 2492 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:49:58.0714 2492 HP Support Assistant Service - ok
11:49:58.0823 2492 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:49:58.0839 2492 HPAuto - ok
11:49:58.0854 2492 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:49:58.0870 2492 HPClientSvc - ok
11:49:58.0979 2492 [ E07F8E78D08D9269E3365C2A4F637191 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
11:49:58.0995 2492 hpCMSrv - ok
11:49:59.0073 2492 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:49:59.0088 2492 HPDrvMntSvc.exe - ok
11:49:59.0166 2492 [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:49:59.0166 2492 hpqwmiex - ok
11:49:59.0229 2492 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:49:59.0229 2492 HpSAMD - ok
11:49:59.0291 2492 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:49:59.0291 2492 HPWMISVC - ok
11:49:59.0353 2492 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:49:59.0353 2492 HTTP - ok
11:49:59.0385 2492 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:49:59.0385 2492 hwpolicy - ok
11:49:59.0463 2492 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:49:59.0463 2492 i8042prt - ok
11:49:59.0509 2492 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:49:59.0509 2492 iaStor - ok
11:49:59.0665 2492 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:49:59.0665 2492 IAStorDataMgrSvc - ok
11:49:59.0712 2492 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:49:59.0712 2492 iaStorV - ok
11:49:59.0806 2492 [ D22D82D74FD1B6C77E7556DBDC3EA9D2 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:49:59.0821 2492 IconMan_R - ok
11:49:59.0884 2492 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:49:59.0884 2492 idsvc - ok
11:50:03.0940 2492 igfx - ok
11:50:04.0002 2492 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:50:04.0002 2492 iirsp - ok
11:50:04.0080 2492 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:50:04.0080 2492 IKEEXT - ok
11:50:04.0111 2492 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
11:50:04.0111 2492 Impcd - ok
11:50:04.0189 2492 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:50:04.0189 2492 IntcDAud - ok
11:50:04.0205 2492 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:50:04.0205 2492 intelide - ok
11:50:04.0267 2492 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:50:04.0267 2492 intelppm - ok
11:50:04.0299 2492 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:50:04.0299 2492 IPBusEnum - ok
11:50:04.0330 2492 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:04.0330 2492 IpFilterDriver - ok
11:50:04.0345 2492 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:50:04.0345 2492 iphlpsvc - ok
11:50:04.0377 2492 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:50:04.0377 2492 IPMIDRV - ok
11:50:04.0408 2492 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:50:04.0408 2492 IPNAT - ok
11:50:04.0439 2492 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:50:04.0439 2492 IRENUM - ok
11:50:04.0470 2492 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:50:04.0470 2492 isapnp - ok
11:50:04.0501 2492 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:50:04.0501 2492 iScsiPrt - ok
11:50:04.0564 2492 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:04.0564 2492 kbdclass - ok
11:50:04.0611 2492 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:50:04.0611 2492 kbdhid - ok
11:50:04.0626 2492 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:50:04.0626 2492 KeyIso - ok
11:50:04.0657 2492 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:50:04.0657 2492 KSecDD - ok
11:50:04.0689 2492 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:50:04.0689 2492 KSecPkg - ok
11:50:04.0735 2492 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:50:04.0735 2492 ksthunk - ok
11:50:04.0767 2492 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:50:04.0782 2492 KtmRm - ok
11:50:04.0845 2492 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:50:04.0845 2492 LanmanServer - ok
11:50:04.0860 2492 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:50:04.0876 2492 LanmanWorkstation - ok
11:50:04.0923 2492 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:50:04.0923 2492 lltdio - ok
11:50:04.0954 2492 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:50:04.0954 2492 lltdsvc - ok
11:50:04.0969 2492 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:50:04.0969 2492 lmhosts - ok
11:50:05.0063 2492 [ 0405F4BCD1C7A7B309F620FE0B5DE5E6 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:50:05.0063 2492 LMS - ok
11:50:05.0141 2492 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:50:05.0141 2492 LSI_FC - ok
11:50:05.0188 2492 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:50:05.0188 2492 LSI_SAS - ok
11:50:05.0203 2492 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:50:05.0203 2492 LSI_SAS2 - ok
11:50:05.0235 2492 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:50:05.0235 2492 LSI_SCSI - ok
11:50:05.0266 2492 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:50:05.0266 2492 luafv - ok
11:50:05.0375 2492 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:50:05.0375 2492 MBAMProtector - ok
11:50:05.0437 2492 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:50:05.0453 2492 MBAMScheduler - ok
11:50:05.0515 2492 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:50:05.0515 2492 MBAMService - ok
11:50:05.0593 2492 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:50:05.0593 2492 Mcx2Svc - ok
11:50:05.0625 2492 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
11:50:05.0625 2492 megasas - ok
11:50:05.0656 2492 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:50:05.0656 2492 MegaSR - ok
11:50:05.0703 2492 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:50:05.0703 2492 MMCSS - ok
11:50:05.0734 2492 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:50:05.0734 2492 Modem - ok
11:50:05.0765 2492 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:50:05.0781 2492 monitor - ok
11:50:05.0827 2492 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:50:05.0827 2492 mouclass - ok
11:50:05.0874 2492 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:50:05.0874 2492 mouhid - ok
11:50:05.0905 2492 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:50:05.0905 2492 mountmgr - ok
11:50:05.0921 2492 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:50:05.0937 2492 mpio - ok
11:50:05.0952 2492 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:50:05.0952 2492 mpsdrv - ok
11:50:05.0983 2492 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:50:05.0999 2492 MpsSvc - ok
11:50:06.0015 2492 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:50:06.0015 2492 MRxDAV - ok
11:50:06.0046 2492 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:06.0046 2492 mrxsmb - ok
11:50:06.0077 2492 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:06.0077 2492 mrxsmb10 - ok
11:50:06.0093 2492 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:06.0093 2492 mrxsmb20 - ok
11:50:06.0108 2492 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:50:06.0108 2492 msahci - ok
11:50:06.0155 2492 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:50:06.0155 2492 msdsm - ok
11:50:06.0171 2492 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:50:06.0171 2492 MSDTC - ok
11:50:06.0233 2492 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:50:06.0233 2492 Msfs - ok
11:50:06.0249 2492 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:50:06.0249 2492 mshidkmdf - ok
11:50:06.0264 2492 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:50:06.0264 2492 msisadrv - ok
11:50:06.0327 2492 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:50:06.0327 2492 MSiSCSI - ok
11:50:06.0342 2492 msiserver - ok
11:50:06.0389 2492 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:50:06.0389 2492 MSKSSRV - ok
11:50:06.0420 2492 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:06.0420 2492 MSPCLOCK - ok
11:50:06.0420 2492 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:50:06.0420 2492 MSPQM - ok
11:50:06.0436 2492 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:50:06.0451 2492 MsRPC - ok
11:50:06.0483 2492 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:50:06.0483 2492 mssmbios - ok
11:50:06.0498 2492 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:50:06.0498 2492 MSTEE - ok
11:50:06.0514 2492 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:50:06.0514 2492 MTConfig - ok
11:50:06.0576 2492 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:50:06.0576 2492 Mup - ok
11:50:06.0607 2492 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:50:06.0607 2492 napagent - ok
11:50:06.0670 2492 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:50:06.0670 2492 NativeWifiP - ok
11:50:06.0763 2492 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:50:06.0763 2492 NDIS - ok
11:50:06.0810 2492 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:50:06.0810 2492 NdisCap - ok
11:50:06.0857 2492 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:06.0857 2492 NdisTapi - ok
11:50:06.0873 2492 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:06.0873 2492 Ndisuio - ok
11:50:06.0888 2492 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:06.0888 2492 NdisWan - ok
11:50:06.0904 2492 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:50:06.0904 2492 NDProxy - ok
11:50:06.0966 2492 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:50:06.0966 2492 NetBIOS - ok
11:50:06.0997 2492 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:50:06.0997 2492 NetBT - ok
11:50:06.0997 2492 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:50:06.0997 2492 Netlogon - ok
11:50:07.0075 2492 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:50:07.0075 2492 Netman - ok
11:50:07.0091 2492 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:50:07.0091 2492 netprofm - ok
11:50:07.0200 2492 [ 31609B481CC202BFB441E37FEBCDEA05 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
11:50:07.0216 2492 netr28x - ok
11:50:07.0247 2492 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:50:07.0247 2492 NetTcpPortSharing - ok
11:50:07.0309 2492 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:50:07.0309 2492 nfrd960 - ok
11:50:07.0372 2492 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:50:07.0372 2492 NlaSvc - ok
11:50:07.0419 2492 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
11:50:07.0419 2492 nmwcd - ok
11:50:07.0481 2492 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
11:50:07.0481 2492 nmwcdc - ok
11:50:07.0528 2492 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
11:50:07.0528 2492 nmwcdnsucx64 - ok
11:50:07.0543 2492 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
11:50:07.0543 2492 nmwcdnsux64 - ok
11:50:07.0575 2492 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:50:07.0575 2492 Npfs - ok
11:50:07.0606 2492 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:50:07.0621 2492 nsi - ok
11:50:07.0621 2492 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:50:07.0637 2492 nsiproxy - ok
11:50:07.0699 2492 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:50:07.0715 2492 Ntfs - ok
11:50:07.0731 2492 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:50:07.0731 2492 Null - ok
11:50:07.0777 2492 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
11:50:07.0777 2492 NVENETFD - ok
11:50:07.0824 2492 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:50:07.0824 2492 nvraid - ok
11:50:07.0840 2492 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:50:07.0855 2492 nvstor - ok
11:50:07.0887 2492 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:50:07.0887 2492 nv_agp - ok
11:50:07.0918 2492 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:50:07.0918 2492 ohci1394 - ok
11:50:07.0980 2492 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:50:07.0980 2492 ose - ok
11:50:08.0121 2492 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:50:08.0214 2492 osppsvc - ok
11:50:08.0245 2492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:50:08.0245 2492 p2pimsvc - ok
11:50:08.0277 2492 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:50:08.0277 2492 p2psvc - ok
11:50:08.0308 2492 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
11:50:08.0308 2492 Parport - ok
11:50:08.0323 2492 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:50:08.0323 2492 partmgr - ok
11:50:08.0370 2492 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:50:08.0370 2492 PcaSvc - ok
11:50:08.0433 2492 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
11:50:08.0433 2492 pccsmcfd - ok
11:50:08.0464 2492 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:50:08.0464 2492 pci - ok
11:50:08.0479 2492 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:50:08.0479 2492 pciide - ok
11:50:08.0511 2492 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:50:08.0511 2492 pcmcia - ok
11:50:08.0526 2492 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:50:08.0526 2492 pcw - ok
11:50:08.0557 2492 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:50:08.0573 2492 PEAUTH - ok
11:50:08.0651 2492 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:50:08.0651 2492 PerfHost - ok
11:50:08.0713 2492 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:50:08.0729 2492 pla - ok
11:50:08.0791 2492 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:50:08.0807 2492 PlugPlay - ok
11:50:08.0823 2492 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:50:08.0823 2492 PNRPAutoReg - ok
11:50:08.0838 2492 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:50:08.0854 2492 PNRPsvc - ok
11:50:08.0885 2492 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:50:08.0885 2492 PolicyAgent - ok
11:50:08.0916 2492 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:50:08.0916 2492 Power - ok
11:50:08.0994 2492 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:50:08.0994 2492 PptpMiniport - ok
11:50:09.0041 2492 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
11:50:09.0057 2492 Processor - ok
11:50:09.0119 2492 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:50:09.0119 2492 ProfSvc - ok
11:50:09.0150 2492 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:50:09.0150 2492 ProtectedStorage - ok
11:50:09.0213 2492 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:50:09.0213 2492 Psched - ok
11:50:09.0275 2492 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:50:09.0291 2492 ql2300 - ok
11:50:09.0306 2492 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:50:09.0306 2492 ql40xx - ok
11:50:09.0337 2492 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:50:09.0337 2492 QWAVE - ok
11:50:09.0369 2492 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:50:09.0369 2492 QWAVEdrv - ok
11:50:09.0384 2492 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:50:09.0384 2492 RasAcd - ok
11:50:09.0431 2492 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:50:09.0431 2492 RasAgileVpn - ok
11:50:09.0447 2492 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:50:09.0447 2492 RasAuto - ok
11:50:09.0509 2492 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:50:09.0509 2492 Rasl2tp - ok
11:50:09.0540 2492 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:50:09.0556 2492 RasMan - ok
11:50:09.0571 2492 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:50:09.0571 2492 RasPppoe - ok
11:50:09.0618 2492 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:50:09.0618 2492 RasSstp - ok
11:50:09.0634 2492 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:50:09.0649 2492 rdbss - ok
11:50:09.0665 2492 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
11:50:09.0665 2492 rdpbus - ok
11:50:09.0696 2492 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:50:09.0696 2492 RDPCDD - ok
11:50:09.0727 2492 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:50:09.0727 2492 RDPENCDD - ok
11:50:09.0743 2492 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:50:09.0743 2492 RDPREFMP - ok
11:50:09.0774 2492 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:50:09.0774 2492 RDPWD - ok
11:50:09.0837 2492 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:50:09.0837 2492 rdyboost - ok
11:50:09.0852 2492 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:50:09.0852 2492 RemoteAccess - ok
11:50:09.0883 2492 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:50:09.0883 2492 RemoteRegistry - ok
11:50:09.0930 2492 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:50:09.0930 2492 RpcEptMapper - ok
11:50:09.0946 2492 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:50:09.0946 2492 RpcLocator - ok
11:50:09.0977 2492 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:50:09.0977 2492 RpcSs - ok
11:50:10.0024 2492 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
11:50:10.0039 2492 RSPCIESTOR - ok
11:50:10.0086 2492 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:50:10.0102 2492 rspndr - ok
11:50:10.0180 2492 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:50:10.0180 2492 RTL8167 - ok
11:50:10.0227 2492 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:50:10.0227 2492 SamSs - ok
11:50:10.0258 2492 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:50:10.0258 2492 sbp2port - ok
11:50:10.0289 2492 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:50:10.0289 2492 SCardSvr - ok
11:50:10.0305 2492 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:50:10.0305 2492 scfilter - ok
11:50:10.0351 2492 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:50:10.0351 2492 Schedule - ok
11:50:10.0383 2492 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:50:10.0383 2492 SCPolicySvc - ok
11:50:10.0429 2492 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:50:10.0429 2492 sdbus - ok
11:50:10.0461 2492 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:50:10.0461 2492 SDRSVC - ok
11:50:10.0507 2492 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:50:10.0507 2492 SeaPort - ok
11:50:10.0554 2492 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:50:10.0554 2492 secdrv - ok
11:50:10.0570 2492 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:50:10.0570 2492 seclogon - ok
11:50:10.0617 2492 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:50:10.0617 2492 SENS - ok
11:50:10.0663 2492 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:50:10.0663 2492 SensrSvc - ok
11:50:10.0757 2492 [ EF7B5EC21E7C0F6E4237424A41FA720E ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
11:50:10.0757 2492 Ser2pl - ok
11:50:10.0788 2492 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:50:10.0788 2492 Serenum - ok
11:50:10.0851 2492 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
11:50:10.0851 2492 Serial - ok
11:50:10.0882 2492 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:50:10.0882 2492 sermouse - ok
11:50:10.0960 2492 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
11:50:10.0975 2492 ServiceLayer - ok
11:50:11.0022 2492 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:50:11.0022 2492 SessionEnv - ok
11:50:11.0038 2492 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:50:11.0038 2492 sffdisk - ok
11:50:11.0069 2492 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:50:11.0069 2492 sffp_mmc - ok
11:50:11.0085 2492 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:50:11.0085 2492 sffp_sd - ok
11:50:11.0116 2492 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:50:11.0116 2492 sfloppy - ok
11:50:11.0178 2492 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
11:50:11.0194 2492 Sftfs - ok
11:50:11.0272 2492 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:50:11.0287 2492 sftlist - ok
11:50:11.0319 2492 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:50:11.0319 2492 Sftplay - ok
11:50:11.0350 2492 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:50:11.0350 2492 Sftredir - ok
11:50:11.0381 2492 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
11:50:11.0381 2492 Sftvol - ok
11:50:11.0443 2492 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:50:11.0443 2492 sftvsa - ok
11:50:11.0475 2492 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:50:11.0475 2492 SharedAccess - ok
11:50:11.0521 2492 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:50:11.0521 2492 ShellHWDetection - ok
11:50:11.0568 2492 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:50:11.0584 2492 SiSRaid2 - ok
11:50:11.0599 2492 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:50:11.0599 2492 SiSRaid4 - ok
11:50:11.0662 2492 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:50:11.0662 2492 Smb - ok
11:50:11.0724 2492 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:50:11.0724 2492 SNMPTRAP - ok
11:50:11.0755 2492 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:50:11.0755 2492 spldr - ok
11:50:11.0802 2492 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:50:11.0818 2492 Spooler - ok
11:50:11.0896 2492 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:50:11.0927 2492 sppsvc - ok
11:50:11.0943 2492 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:50:11.0943 2492 sppuinotify - ok
11:50:11.0974 2492 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:50:11.0974 2492 srv - ok
11:50:11.0989 2492 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:50:12.0005 2492 srv2 - ok
11:50:12.0052 2492 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:50:12.0067 2492 SrvHsfHDA - ok
11:50:12.0099 2492 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:50:12.0114 2492 SrvHsfV92 - ok
11:50:12.0130 2492 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:50:12.0145 2492 SrvHsfWinac - ok
11:50:12.0161 2492 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:50:12.0161 2492 srvnet - ok
11:50:12.0223 2492 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:50:12.0223 2492 SSDPSRV - ok
11:50:12.0239 2492 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:50:12.0239 2492 SstpSvc - ok
11:50:12.0395 2492 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:50:12.0395 2492 STacSV - ok
11:50:12.0426 2492 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:50:12.0426 2492 stexstor - ok
11:50:12.0504 2492 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:50:12.0504 2492 STHDA - ok
11:50:12.0567 2492 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:50:12.0582 2492 stisvc - ok
11:50:12.0582 2492 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:50:12.0582 2492 swenum - ok
11:50:12.0629 2492 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:50:12.0629 2492 swprv - ok
11:50:12.0723 2492 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:50:12.0738 2492 SynTP - ok
11:50:12.0801 2492 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:50:12.0816 2492 SysMain - ok
11:50:12.0832 2492 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:50:12.0832 2492 TabletInputService - ok
11:50:12.0847 2492 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:50:12.0863 2492 TapiSrv - ok
11:50:12.0863 2492 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:50:12.0863 2492 TBS - ok
11:50:12.0957 2492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:50:12.0972 2492 Tcpip - ok
11:50:13.0019 2492 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:50:13.0019 2492 TCPIP6 - ok
11:50:13.0066 2492 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:50:13.0066 2492 tcpipreg - ok
11:50:13.0097 2492 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:50:13.0097 2492 TDPIPE - ok
11:50:13.0113 2492 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:50:13.0113 2492 TDTCP - ok
11:50:13.0175 2492 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:50:13.0175 2492 tdx - ok
11:50:13.0222 2492 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:50:13.0222 2492 TermDD - ok
11:50:13.0253 2492 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:50:13.0269 2492 TermService - ok
11:50:13.0284 2492 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:50:13.0284 2492 Themes - ok
11:50:13.0300 2492 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:50:13.0315 2492 THREADORDER - ok
11:50:13.0347 2492 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:50:13.0347 2492 TrkWks - ok
11:50:13.0409 2492 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:50:13.0409 2492 TrustedInstaller - ok
11:50:13.0425 2492 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:13.0440 2492 tssecsrv - ok
11:50:13.0503 2492 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:50:13.0503 2492 TsUsbFlt - ok
11:50:13.0549 2492 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:50:13.0549 2492 TsUsbGD - ok
11:50:13.0596 2492 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:50:13.0612 2492 tunnel - ok
11:50:13.0627 2492 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
11:50:13.0627 2492 uagp35 - ok
11:50:13.0659 2492 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:50:13.0659 2492 udfs - ok
11:50:13.0690 2492 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:50:13.0690 2492 UI0Detect - ok
11:50:13.0721 2492 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:50:13.0721 2492 uliagpkx - ok
11:50:13.0768 2492 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:50:13.0768 2492 umbus - ok
11:50:13.0799 2492 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
11:50:13.0799 2492 UmPass - ok
11:50:13.0971 2492 [ 6F895CA96552069B3D3EF5B4F6E90D3E ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:50:13.0986 2492 UNS - ok
11:50:14.0017 2492 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:50:14.0033 2492 upnphost - ok
11:50:14.0080 2492 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
11:50:14.0080 2492 upperdev - ok
11:50:14.0127 2492 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:14.0127 2492 usbccgp - ok
11:50:14.0189 2492 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:50:14.0189 2492 usbcir - ok
11:50:14.0220 2492 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:50:14.0220 2492 usbehci - ok
11:50:14.0267 2492 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:50:14.0283 2492 usbhub - ok
11:50:14.0298 2492 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:50:14.0298 2492 usbohci - ok
11:50:14.0345 2492 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:50:14.0345 2492 usbprint - ok
11:50:14.0392 2492 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:50:14.0392 2492 usbscan - ok
11:50:14.0454 2492 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
11:50:14.0454 2492 usbser - ok
11:50:14.0517 2492 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
11:50:14.0517 2492 UsbserFilt - ok
11:50:14.0563 2492 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:14.0563 2492 USBSTOR - ok
11:50:14.0579 2492 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:50:14.0579 2492 usbuhci - ok
11:50:14.0641 2492 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:50:14.0641 2492 usbvideo - ok
11:50:14.0657 2492 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:50:14.0673 2492 UxSms - ok
11:50:14.0688 2492 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:50:14.0688 2492 VaultSvc - ok
11:50:14.0735 2492 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:50:14.0735 2492 vdrvroot - ok
11:50:14.0751 2492 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:50:14.0766 2492 vds - ok
11:50:14.0813 2492 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:14.0813 2492 vga - ok
11:50:14.0844 2492 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:50:14.0844 2492 VgaSave - ok
11:50:14.0875 2492 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:50:14.0875 2492 vhdmp - ok
11:50:14.0891 2492 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:50:14.0891 2492 viaide - ok
11:50:14.0922 2492 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:50:14.0938 2492 volmgr - ok
11:50:14.0953 2492 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:50:14.0953 2492 volmgrx - ok
11:50:15.0000 2492 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:50:15.0000 2492 volsnap - ok
11:50:15.0063 2492 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:50:15.0063 2492 vsmraid - ok
11:50:15.0125 2492 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:50:15.0141 2492 VSS - ok
11:50:15.0156 2492 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:50:15.0156 2492 vwifibus - ok
11:50:15.0203 2492 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:50:15.0203 2492 vwififlt - ok
11:50:15.0234 2492 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:50:15.0234 2492 W32Time - ok
11:50:15.0250 2492 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:50:15.0265 2492 WacomPen - ok
11:50:15.0328 2492 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:50:15.0328 2492 WANARP - ok
11:50:15.0359 2492 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:50:15.0359 2492 Wanarpv6 - ok
11:50:15.0437 2492 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:50:15.0453 2492 WatAdminSvc - ok
11:50:15.0515 2492 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:50:15.0515 2492 wbengine - ok
11:50:15.0531 2492 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:50:15.0531 2492 WbioSrvc - ok
11:50:15.0577 2492 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:50:15.0577 2492 wcncsvc - ok
11:50:15.0609 2492 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:50:15.0609 2492 WcsPlugInService - ok
11:50:15.0655 2492 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
11:50:15.0655 2492 Wd - ok
11:50:15.0671 2492 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:50:15.0687 2492 Wdf01000 - ok
11:50:15.0718 2492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:50:15.0718 2492 WdiServiceHost - ok
11:50:15.0749 2492 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:50:15.0749 2492 WdiSystemHost - ok
11:50:15.0765 2492 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:50:15.0765 2492 WebClient - ok
11:50:15.0796 2492 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:50:15.0811 2492 Wecsvc - ok
11:50:15.0858 2492 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:50:15.0858 2492 wercplsupport - ok
11:50:15.0889 2492 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:50:15.0889 2492 WerSvc - ok
11:50:15.0952 2492 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:50:15.0952 2492 WfpLwf - ok
11:50:15.0967 2492 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:50:15.0967 2492 WIMMount - ok
11:50:15.0999 2492 WinDefend - ok
11:50:16.0014 2492 WinHttpAutoProxySvc - ok
11:50:16.0061 2492 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:50:16.0061 2492 Winmgmt - ok
11:50:16.0139 2492 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:50:16.0155 2492 WinRM - ok
11:50:16.0233 2492 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:50:16.0248 2492 Wlansvc - ok
11:50:16.0326 2492 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:50:16.0326 2492 wlcrasvc - ok
11:50:16.0467 2492 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:50:16.0482 2492 wlidsvc - ok
11:50:16.0529 2492 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:50:16.0529 2492 WmiAcpi - ok
11:50:16.0576 2492 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:50:16.0576 2492 wmiApSrv - ok
11:50:16.0623 2492 WMPNetworkSvc - ok
11:50:16.0654 2492 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:50:16.0669 2492 WPCSvc - ok
11:50:16.0685 2492 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:50:16.0685 2492 WPDBusEnum - ok
11:50:16.0701 2492 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:50:16.0701 2492 ws2ifsl - ok
11:50:16.0732 2492 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:50:16.0732 2492 wscsvc - ok
11:50:16.0732 2492 WSearch - ok
11:50:16.0747 2492 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:50:16.0747 2492 WudfPf - ok
11:50:16.0794 2492 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:16.0810 2492 WUDFRd - ok
11:50:16.0825 2492 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:50:16.0825 2492 wudfsvc - ok
11:50:16.0872 2492 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
11:50:16.0872 2492 WwanSvc - ok
11:50:16.0919 2492 ================ Scan global ===============================
11:50:16.0950 2492 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:50:16.0997 2492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:50:17.0013 2492 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:50:17.0059 2492 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:50:17.0091 2492 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:50:17.0091 2492 [Global] - ok
11:50:17.0106 2492 ================ Scan MBR ==================================
11:50:17.0106 2492 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:50:18.0073 2492 \Device\Harddisk0\DR0 - ok
11:50:18.0073 2492 ================ Scan VBR ==================================
11:50:18.0089 2492 [ 1A961782547C6CE5794024C7BAD3F67C ] \Device\Harddisk0\DR0\Partition1
11:50:18.0089 2492 \Device\Harddisk0\DR0\Partition1 - ok
11:50:18.0105 2492 [ CC6CA6CB50FA6A9FDDF51254A89F9000 ] \Device\Harddisk0\DR0\Partition2
11:50:18.0105 2492 \Device\Harddisk0\DR0\Partition2 - ok
11:50:18.0136 2492 [ 7EBBBB0F1BEA1230B127F2C5D38BBF4C ] \Device\Harddisk0\DR0\Partition3
11:50:18.0136 2492 \Device\Harddisk0\DR0\Partition3 - ok
11:50:18.0151 2492 [ 970E0B754934A6A8E83684CA3B8063C6 ] \Device\Harddisk0\DR0\Partition4
11:50:18.0151 2492 \Device\Harddisk0\DR0\Partition4 - ok
11:50:18.0151 2492 ============================================================
11:50:18.0151 2492 Scan finished
11:50:18.0151 2492 ============================================================
11:50:18.0151 2364 Detected object count: 0
11:50:18.0151 2364 Actual detected object count: 0

#7 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 06:02 AM

Okay, I ran aswMBR. It updated like you said, and I clicked scan. There was a "quickscan" thing set and I didnt change it as you hadent told me to. Like 10 seconds in, it blue screened and rebooted. I know the blue screen is a big deal in some cases, so before I go any further I just want to make sure everythings cool with it.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:12 PM

Posted 18 October 2012 - 09:50 AM

Skip ASWMBR and run the ESET scan.

#9 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 18 October 2012 - 12:54 PM

Thanks.

ESET Scan Log

C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\V.class probably a variant of Java/Exploit.CVE-2011-3544.BQ trojan cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\ICReinstall\cnet2_CJXP600SE_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Tony\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats cleaned by deleting - quarantined

EDIT: Screen is still under ransom in normal mode so I guess we're not done yet lol.

Edited by ConfusedGuy92, 18 October 2012 - 01:06 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:12 PM

Posted 18 October 2012 - 04:14 PM

Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

#11 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 19 October 2012 - 06:51 AM

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe"
+ "Anti-phishing Domain Advisor" "Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security)" "Visicom Media Inc. (Powered by Panda Security)" "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
+ "AVG_UI" "AVG User Interface" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgui.exe"
+ "Easybits Recovery" "" "EasyBits Software AS" "c:\program files (x86)\easybits for kids\ezrecover.exe"
+ "HP Quick Launch" "HP Message Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe"
+ "HPConnectionManager" "HPCMDelayStart Application" "Hewlett-Packard Development Company L.P." "c:\program files (x86)\hewlett-packard\hp connection manager\hpcmdelaystart.exe"
+ "HPOSD" "HP On Screen Display" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp on screen display\hposd.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "IMSS" "PIconStartup application" "" "c:\program files (x86)\intel\intel® management engine components\imss\piconstartup.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OpenOffice.org 3.3.lnk" "" "" "c:\program files (x86)\openoffice.org 3\program\quickstart.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Facebook Update" "Facebook Installer" "Facebook Inc." "c:\users\tony\appdata\local\facebook\update\facebookupdate.exe"
+ "gLWDq" "" "" "File not found: C:\Users\Tony\AppData\Roaming\pJuGb.exe"
+ "KmRXW" "" "" "File not found: C:\Users\Tony\AppData\Roaming\uAlwp.exe"
+ "mdaur" "WIAEditor" "PixArt Imaging Incorporation" "c:\users\tony\appdata\roaming\mdaur.dll"
+ "NokiaSuite.exe" "" "" "File not found: C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray"
+ "PC Suite Tray" "Nokia Launch Application" "Nokia" "c:\program files (x86)\nokia\nokia pc suite 7\pcsuite.exe"
+ "sppcomapi" "" "" "c:\users\tony\appdata\local\microsoft\windows\1477\sppcomapi.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "EasyBits Security Shield Hook - prevents launching insecure programs by kids" "EasyBits Security Shield component" "EasyBits Software Corp." "c:\windows\syswow64\ezupbhook.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Nokia" "Phone Browser" "Nokia" "c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Nokia" "Phone Browser" "Nokia" "c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl_x64.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files (x86)\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgse.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "blekko search bar" "dtx Dynamic Link Library" "" "c:\program files (x86)\blekkotb_031\blekkotb_019x.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bingext.dll"
+ "blekko search bar" "dtx Dynamic Link Library" "" "c:\program files (x86)\blekkotb_031\blekkotb_019x.dll"
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "Add to Evernote 4" "" "" "File not found: C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2013\avgwdsvc.exe"
+ "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files (x86)\microsoft\bingbar\bbsvc.exe"
+ "cvhsvc" "Client Virtualization Handler Service (unlocalized description)" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe"
+ "ezSharedSvc" "Provides licensing, security and parental control services for EasyBits applications. If this service is stopped or disabled, these applications will not function properly." "EasyBits Software AS" "c:\windows\syswow64\ezsharedsvchost.exe"
+ "GamesAppService" "WT Games App Services" "WildTangent, Inc." "c:\program files (x86)\wildtangent games\app\gamesappservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "HP Support Assistant Service" "HP Support Assistant Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe"
+ "HPAuto" "HP Usage Improvement Tracking" "Hewlett-Packard" "c:\program files\hewlett-packard\hp auto\hpauto.exe"
+ "HPClientSvc" "HP Client Services" "Hewlett-Packard Company" "c:\program files\hewlett-packard\hp client services\hpclientservices.exe"
+ "hpCMSrv" "Manages all HP embedded network connectivities." "Hewlett-Packard Development Company L.P." "c:\program files (x86)\hewlett-packard\hp connection manager\hpcmsrv.exe"
+ "HPDrvMntSvc.exe" "HP Quick Synchronization Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpdrvmntsvc.exe"
+ "hpqwmiex" "HP Software Framework WMI Service" "Hewlett-Packard Company" "c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe"
+ "HPWMISVC" "HP Quick Launch WMI Service" "Hewlett-Packard Development Company, L.P." "c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IconMan_R" "Realtek Card Reader Icon Tool." "Realsil Microelectronics Inc." "c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe"
+ "LMS" "Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\lms\lms.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SeaPort" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files (x86)\microsoft\bingbar\seaport.exe"
+ "ServiceLayer" "ServiceLayer Module" "Nokia" "c:\program files (x86)\pc connectivity solution\servicelayer.exe"
+ "sftlist" "Streams and manages applications" "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftlist.exe"
+ "sftvsa" "Monitors global service events and launches virtual services." "Microsoft Corporation" "c:\program files (x86)\microsoft application virtualization client\sftvsa.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files\idt\wdm\stacsv64.exe"
+ "UNS" "Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device." "Intel Corporation" "c:\program files (x86)\intel\intel® management engine components\uns\uns.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgloga" "AVG Logging Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgloga.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl664.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "clwvd" "CyberLink WebCam Virtual Driver" "CyberLink Corporation" "c:\windows\system32\drivers\clwvd.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HECIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "" "" "File not found: system32\DRIVERS\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "Impcd" "Intel® Turbo Boost Technology Driver" "Intel Corporation" "c:\windows\system32\drivers\impcd.sys"
+ "IntcDAud" "Intel® Display Audio Driver" "Intel® Corporation" "c:\windows\system32\drivers\intcdaud.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "netr28x" "Ralink 802.11 Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr28x.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nmwcd" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbx64.sys"
+ "nmwcdc" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbox64.sys"
+ "nmwcdnsucx64" "Nokia USB Phone Generic Client" "Nokia" "c:\windows\system32\drivers\nmwcdnsucx64.sys"
+ "nmwcdnsux64" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\nmwcdnsux64.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvm62x64.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfdx64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSPCIESTOR" "Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtspstor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Ser2pl" "USB-to-Serial Cable Driver" "Prolific Technology Inc." "c:\windows\system32\drivers\ser2pl64.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "SrvHsfHDA" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl6.sys"
+ "SrvHsfV92" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstdpv6.sys"
+ "SrvHsfWinac" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstcnxt6.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "upperdev" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltx64.sys"
+ "UsbserFilt" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltjx64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Emuzed AAC/AAC+ Decoder TFilter" "Emuzed AAC/AAC+ Decoder Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzaacdecfilter.dll"
+ "Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter" "Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\ezdmp4muxfilter.dll"
+ "Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter" "Emuzed MP4/3GP2/AMR/QCP Source Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzmp4source.dll"
+ "Emuzed H264 Video Decoder-Filter" "Emuzed H.264 Video Transform Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\ezdh264dectfilter.dll"
+ "Emuzed MP3 Source/Decoder Filter" "Emuzed MP3 Source/Decoder Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzmp3sourcefilter.dll"
+ "Emuzed MP4SP/H263 Video Decoder-Filter" "Emuzed MP4SP/H.263 Video Transform Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzdecmp4_h263.dll"
+ "Nokia H264Dec HP/MP Filter" "" "" "File not found: C:\Program Files (x86)\Common Files\Nokia\Codecs\NokiaH264HPMPDecTFilter.dll"
+ "Nokia MPEG4ASP Decoder Filter" "" "" "File not found: C:\Program Files (x86)\Common Files\Nokia\Codecs\NokiaDecMP4ASP_H263.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "BJ Language Monitor3_2" "Canon Inkjet Printer Driver" "CANON INC." "c:\windows\system32\cnblm3_2.dll"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:12 PM

Posted 19 October 2012 - 07:25 AM

Go to following locations

c:\users\tony\appdata\local\microsoft\windows\1477\sppcomapi.exe
c:\users\tony\appdata\roaming\mdaur.dll

Delete both the files.Reboot the PC into normal mode,run malwarebytes,ESET scan again and post the logs

Edited by narenxp, 19 October 2012 - 07:26 AM.


#13 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 19 October 2012 - 07:56 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.19.06

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Tony :: TONY-HP [administrator]

19/10/2012 13:00:44
mbam-log-2012-10-19 (13-00-44).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341559
Time elapsed: 35 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Tony\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Tony\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.
C:\Users\Tony\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Quarantined and deleted successfully.

(end)

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:12 PM

Posted 19 October 2012 - 08:11 AM

Did you see my previous instructions :thumbup2:

#15 ConfusedGuy92

ConfusedGuy92
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 19 October 2012 - 12:08 PM

Sorry I had the screen in place. I can't find Appdata in Tony :S




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users