Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I've nailed it but need some confirmation


  • Please log in to reply
15 replies to this topic

#1 fixit9660

fixit9660

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 23 November 2012 - 04:50 PM

Hello Gentlemen (and Ladies?),

I wonder if you could help please?

For the first time in 30-odd years a virus has gotten the better of me and my experienced professional desktop support colleague.

My Windows 7 Professional 64 bit is always patched to the current release, as are all the applications and the Antivirus software, eScan, that I pay for.

How I got the virus:
My own stupidity, but in my defence it was late and I was tired.
I opened a genuine-looking LinkedIn email and clicked on a link. The web browser didn’t display anything sensible from what I can remember but it all soon went downhill from there.

Symptoms:
Within a few minutes my current Anti-Virus software, eScan, which I’ve used very happily and reliably for quite a few years, squealed (literally) at me and told me that:

C:\$Recycle.Bin\S-1-5-18\$344c370b23f61c89470623c570433451\U\800000cb.@ [APid: 816]was infected with:

Trojan.Sirefef.ML (DB)

And that I should do a Full Scan immediately which I did. It told me it knew about the virus but after a while and several scans it became apparent it couldn’t get to it to fix it. I got eScan Online Support immediately onto it but they just uploaded some updates (that I wasn’t aware of) and re-scanned to no improvement.

My colleague suggested, Microsoft Security Essentials, ESET Online Scanner, Malwarebytes Anti-Malware, and TDSSKiller.

I loaded and ran MSE and it found and allegedly “fixed” two discoveries, but running it again later it found more of the same.

I then tried ESET and it found the same things and “fixed” them too.

Ditto with TDSSKiller and MBAM.

At some point during this process something improved because the alerts being brought up by eScan stopped. Maybe because the virus got to it, or because something actually fixed what was causing it I don’t know.

Now MSE still finds an infected file but nothing is shifting it. It may be a false alarm but it’s what’s finally brought me to you.

I thought that maybe I'd nailed it but earlier on this evening the eScan alert kicked off again.

Since looking through the Self Help area I've downloaded and run MBAR Beta and it found a load more which it has allegedly removed - the reboot and second scan is clean.

I'd really appreciate some help please?

Best regards

Andy a.k.a. fixit 9660

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 23 November 2012 - 04:51 PM

I do not want you to run any other scans when i'm helping you

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 24 November 2012 - 01:47 AM

Firstly, this is what MBAR Beta did before I came to you:
-----------------------------------------------------------

I won't run anything other than what you tell me to now


Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.103000 GHz
Memory total: 6440828928, free: 3748315136

------------ Kernel report ------------
11/23/2012 20:24:35
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\point64k.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\econceal.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\eScan\PROCOBSRVESX.SYS
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\bdfsfltr.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ole32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\iertutil.dll
\Windows\System32\comdlg32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\psapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\wininet.dll
\Windows\System32\gdi32.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800823e790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8005db0050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.23.08
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800823e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800823e2c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800823e790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005db0050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a015192da0, 0xfffffa800823e790, 0xfffffa8010f94090
Lower DeviceData: 0xfffff8a01c758b90, 0xfffffa8005db0050, 0xfffffa80082ec5e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4DFE82C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953310720

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000202043392 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953499616-1953519616)...
Done!
Performing system, memory and registry scan...
Infected: c:\windows\temp\tmp00001986\tmp002126f1 --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000abd6e --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000abd6b --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000abd6d --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000abd6f --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000abd71 --> [Backdoor.Agent.RS]
Infected: c:\windows\temp\tmp00006321\tmp000d278d --> [Backdoor.Agent.RS]
Infected: C:\$Recycle.Bin\S-1-5-18\$344c370b23f61c89470623c570433451\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2314756683-541053924-3074304751-1000\$344c370b23f61c89470623c570433451\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$344c370b23f61c89470623c570433451\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2314756683-541053924-3074304751-1000\$344c370b23f61c89470623c570433451\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-18\$344c370b23f61c89470623c570433451 --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2314756683-541053924-3074304751-1000\$344c370b23f61c89470623c570433451 --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.103000 GHz
Memory total: 6440828928, free: 4642684928

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.103000 GHz
Memory total: 6440828928, free: 4296585216

------------ Kernel report ------------
11/23/2012 21:21:56
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\point64k.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\econceal.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\eScan\PROCOBSRVESX.SYS
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\system32\DRIVERS\bdfsfltr.sys
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\Wldap32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\urlmon.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\normaliz.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wininet.dll
\Windows\System32\gdi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\sechost.dll
\Windows\System32\lpk.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\crypt32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005d62790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8005985050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005d62790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005d62250, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005d62790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005985050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff8a0133d02f0, 0xfffffa8005d62790, 0xfffffa8005699090
Lower DeviceData: 0xfffff8a013215da0, 0xfffffa8005985050, 0xfffffa8005694470
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B4DFE82C

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1953310720

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000202043392 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953499616-1953519616)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


TDSSKiller Report:
21:57:40.0626 5984 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:57:41.0110 5984 ============================================================
21:57:41.0110 5984 Current date / time: 2012/11/23 21:57:41.0110
21:57:41.0110 5984 SystemInfo:
21:57:41.0110 5984
21:57:41.0110 5984 OS Version: 6.1.7601 ServicePack: 1.0
21:57:41.0110 5984 Product type: Workstation
21:57:41.0110 5984 ComputerName: ANDREW-PC
21:57:41.0110 5984 UserName: Andrew
21:57:41.0110 5984 Windows directory: C:\Windows
21:57:41.0110 5984 System windows directory: C:\Windows
21:57:41.0110 5984 Running under WOW64
21:57:41.0110 5984 Processor architecture: Intel x64
21:57:41.0110 5984 Number of processors: 8
21:57:41.0110 5984 Page size: 0x1000
21:57:41.0110 5984 Boot type: Normal boot
21:57:41.0110 5984 ============================================================
21:57:42.0280 5984 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:57:42.0295 5984 ============================================================
21:57:42.0295 5984 \Device\Harddisk0\DR0:
21:57:42.0295 5984 MBR partitions:
21:57:42.0295 5984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:57:42.0295 5984 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D2800
21:57:42.0295 5984 ============================================================
21:57:42.0342 5984 C: <-> \Device\Harddisk0\DR0\Partition2
21:57:42.0342 5984 ============================================================
21:57:42.0342 5984 Initialize success
21:57:42.0342 5984 ============================================================
21:58:02.0029 5728 ============================================================
21:58:02.0029 5728 Scan started
21:58:02.0029 5728 Mode: Manual; TDLFS;
21:58:02.0029 5728 ============================================================
21:58:02.0310 5728 ================ Scan system memory ========================
21:58:02.0310 5728 System memory - ok
21:58:02.0310 5728 ================ Scan services =============================
21:58:02.0450 5728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:58:02.0466 5728 1394ohci - ok
21:58:02.0513 5728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:58:02.0528 5728 ACPI - ok
21:58:02.0560 5728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:58:02.0560 5728 AcpiPmi - ok
21:58:02.0700 5728 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
21:58:02.0716 5728 AdobeActiveFileMonitor6.0 - ok
21:58:02.0840 5728 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:58:02.0856 5728 AdobeARMservice - ok
21:58:03.0059 5728 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:58:03.0074 5728 AdobeFlashPlayerUpdateSvc - ok
21:58:03.0168 5728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:58:03.0184 5728 adp94xx - ok
21:58:03.0230 5728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:58:03.0246 5728 adpahci - ok
21:58:03.0262 5728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:58:03.0262 5728 adpu320 - ok
21:58:03.0308 5728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:58:03.0340 5728 AeLookupSvc - ok
21:58:03.0418 5728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:58:03.0433 5728 AFD - ok
21:58:03.0449 5728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:58:03.0480 5728 agp440 - ok
21:58:03.0496 5728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:58:03.0511 5728 ALG - ok
21:58:03.0542 5728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:58:03.0574 5728 aliide - ok
21:58:03.0620 5728 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:58:03.0652 5728 AMD External Events Utility - ok
21:58:03.0667 5728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:58:03.0683 5728 amdide - ok
21:58:03.0698 5728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:58:03.0714 5728 AmdK8 - ok
21:58:04.0088 5728 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:58:04.0260 5728 amdkmdag - ok
21:58:04.0354 5728 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:58:04.0369 5728 amdkmdap - ok
21:58:04.0385 5728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:58:04.0400 5728 AmdPPM - ok
21:58:04.0447 5728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:58:04.0463 5728 amdsata - ok
21:58:04.0510 5728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:58:04.0525 5728 amdsbs - ok
21:58:04.0572 5728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:58:04.0588 5728 amdxata - ok
21:58:04.0681 5728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:58:04.0712 5728 AppID - ok
21:58:04.0744 5728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:58:04.0759 5728 AppIDSvc - ok
21:58:04.0806 5728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:58:04.0822 5728 Appinfo - ok
21:58:04.0900 5728 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:58:04.0915 5728 AppMgmt - ok
21:58:04.0915 5728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:58:04.0931 5728 arc - ok
21:58:04.0946 5728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:58:04.0962 5728 arcsas - ok
21:58:04.0993 5728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:58:05.0024 5728 AsyncMac - ok
21:58:05.0024 5728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:58:05.0040 5728 atapi - ok
21:58:05.0071 5728 [ FDA1E117A7E880BFF5540D180C06EA87 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:58:05.0087 5728 AtiHDAudioService - ok
21:58:05.0212 5728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:58:05.0243 5728 AudioEndpointBuilder - ok
21:58:05.0243 5728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:58:05.0243 5728 AudioSrv - ok
21:58:05.0383 5728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:58:05.0414 5728 AxInstSV - ok
21:58:05.0508 5728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:58:05.0508 5728 b06bdrv - ok
21:58:05.0555 5728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:58:05.0555 5728 b57nd60a - ok
21:58:05.0602 5728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:58:05.0617 5728 BDESVC - ok
21:58:05.0664 5728 [ 66116E0A4DA8407FF7F2AAACE52B8B54 ] bdfsfltr C:\Windows\system32\DRIVERS\bdfsfltr.sys
21:58:05.0695 5728 bdfsfltr - ok
21:58:05.0695 5728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:58:05.0711 5728 Beep - ok
21:58:05.0820 5728 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:58:05.0851 5728 BFE - ok
21:58:05.0882 5728 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:58:05.0898 5728 BITS - ok
21:58:05.0914 5728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:58:05.0945 5728 blbdrive - ok
21:58:06.0007 5728 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:58:06.0007 5728 bowser - ok
21:58:06.0023 5728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:58:06.0038 5728 BrFiltLo - ok
21:58:06.0054 5728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:58:06.0054 5728 BrFiltUp - ok
21:58:06.0085 5728 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:58:06.0101 5728 Browser - ok
21:58:06.0148 5728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:58:06.0163 5728 Brserid - ok
21:58:06.0179 5728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:58:06.0179 5728 BrSerWdm - ok
21:58:06.0210 5728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:58:06.0210 5728 BrUsbMdm - ok
21:58:06.0226 5728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:58:06.0226 5728 BrUsbSer - ok
21:58:06.0241 5728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:58:06.0257 5728 BTHMODEM - ok
21:58:06.0272 5728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:58:06.0288 5728 bthserv - ok
21:58:06.0288 5728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:58:06.0304 5728 cdfs - ok
21:58:06.0335 5728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:58:06.0366 5728 cdrom - ok
21:58:06.0428 5728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:58:06.0444 5728 CertPropSvc - ok
21:58:06.0709 5728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:58:06.0725 5728 circlass - ok
21:58:06.0787 5728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:58:06.0787 5728 CLFS - ok
21:58:06.0896 5728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:06.0912 5728 clr_optimization_v2.0.50727_32 - ok
21:58:06.0974 5728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:58:06.0974 5728 clr_optimization_v2.0.50727_64 - ok
21:58:07.0052 5728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:07.0068 5728 clr_optimization_v4.0.30319_32 - ok
21:58:07.0146 5728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:58:07.0162 5728 clr_optimization_v4.0.30319_64 - ok
21:58:07.0193 5728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:58:07.0208 5728 CmBatt - ok
21:58:07.0224 5728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:58:07.0224 5728 cmdide - ok
21:58:07.0255 5728 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:58:07.0271 5728 CNG - ok
21:58:07.0318 5728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:58:07.0318 5728 Compbatt - ok
21:58:07.0349 5728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:58:07.0364 5728 CompositeBus - ok
21:58:07.0380 5728 COMSysApp - ok
21:58:07.0396 5728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:58:07.0396 5728 crcdisk - ok
21:58:07.0442 5728 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:58:07.0442 5728 CryptSvc - ok
21:58:07.0505 5728 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:58:07.0520 5728 CSC - ok
21:58:07.0645 5728 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:58:07.0676 5728 CscService - ok
21:58:07.0926 5728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:58:07.0926 5728 DcomLaunch - ok
21:58:08.0004 5728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:58:08.0004 5728 defragsvc - ok
21:58:08.0035 5728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:58:08.0066 5728 DfsC - ok
21:58:08.0098 5728 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:58:08.0129 5728 dg_ssudbus - ok
21:58:08.0191 5728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:58:08.0191 5728 Dhcp - ok
21:58:08.0207 5728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:58:08.0222 5728 discache - ok
21:58:08.0254 5728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:58:08.0269 5728 Disk - ok
21:58:08.0300 5728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:58:08.0316 5728 Dnscache - ok
21:58:08.0378 5728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:58:08.0394 5728 dot3svc - ok
21:58:08.0644 5728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:58:08.0644 5728 DPS - ok
21:58:08.0690 5728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:58:08.0706 5728 drmkaud - ok
21:58:08.0831 5728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:58:08.0862 5728 DXGKrnl - ok
21:58:08.0909 5728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:58:08.0924 5728 EapHost - ok
21:58:09.0190 5728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:58:09.0252 5728 ebdrv - ok
21:58:09.0283 5728 [ 7175593B0FEA3552548C643BFAFAB397 ] econceal C:\Windows\system32\DRIVERS\econceal.sys
21:58:09.0299 5728 econceal - ok
21:58:09.0346 5728 [ 7175593B0FEA3552548C643BFAFAB397 ] econcealMP C:\Windows\system32\DRIVERS\econceal.sys
21:58:09.0346 5728 econcealMP - ok
21:58:09.0580 5728 [ 0BE85FA38B57A7A7CC7FEF75FB76731C ] EconService c:\progra~2\escan\EconSer.exe
21:58:09.0595 5728 EconService - ok
21:58:09.0626 5728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:58:09.0642 5728 EFS - ok
21:58:09.0704 5728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:58:09.0736 5728 ehRecvr - ok
21:58:10.0001 5728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:58:10.0016 5728 ehSched - ok
21:58:10.0094 5728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:58:10.0110 5728 elxstor - ok
21:58:10.0110 5728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:58:10.0110 5728 ErrDev - ok
21:58:10.0266 5728 [ 1A3BD6C24404A7DBBAC0370B5D3E84CE ] eScan Monitor Service C:\PROGRA~3\MICROW~1\eScanBD\avpmapp.exe
21:58:10.0297 5728 eScan Monitor Service - ok
21:58:10.0344 5728 [ F3C640B94F7EF77E2862A8DDA6A8E1FD ] eScan-trayicos C:\Program Files (x86)\eScan\TRAYSSER.EXE
21:58:10.0360 5728 eScan-trayicos - ok
21:58:10.0406 5728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:58:10.0438 5728 EventSystem - ok
21:58:10.0453 5728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:58:10.0469 5728 exfat - ok
21:58:10.0516 5728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:58:10.0516 5728 fastfat - ok
21:58:10.0625 5728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:58:10.0640 5728 Fax - ok
21:58:10.0640 5728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:58:10.0656 5728 fdc - ok
21:58:10.0687 5728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:58:10.0703 5728 fdPHost - ok
21:58:10.0734 5728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:58:10.0750 5728 FDResPub - ok
21:58:10.0765 5728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:58:10.0781 5728 FileInfo - ok
21:58:10.0796 5728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:58:10.0812 5728 Filetrace - ok
21:58:10.0874 5728 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:58:10.0890 5728 FLEXnet Licensing Service - ok
21:58:10.0906 5728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:58:10.0921 5728 flpydisk - ok
21:58:10.0984 5728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:58:10.0999 5728 FltMgr - ok
21:58:11.0046 5728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:58:11.0077 5728 FontCache - ok
21:58:11.0202 5728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:58:11.0202 5728 FontCache3.0.0.0 - ok
21:58:11.0218 5728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:58:11.0233 5728 FsDepends - ok
21:58:11.0249 5728 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:58:11.0264 5728 Fs_Rec - ok
21:58:11.0311 5728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:58:11.0327 5728 fvevol - ok
21:58:11.0358 5728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:58:11.0358 5728 gagp30kx - ok
21:58:11.0405 5728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:58:11.0436 5728 gpsvc - ok
21:58:11.0576 5728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:11.0576 5728 gupdate - ok
21:58:11.0592 5728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:58:11.0592 5728 gupdatem - ok
21:58:11.0654 5728 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:58:11.0670 5728 gusvc - ok
21:58:11.0717 5728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:58:11.0732 5728 hcw85cir - ok
21:58:11.0764 5728 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:58:11.0779 5728 HdAudAddService - ok
21:58:11.0810 5728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:58:11.0826 5728 HDAudBus - ok
21:58:11.0842 5728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:58:11.0842 5728 HidBatt - ok
21:58:11.0857 5728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:58:11.0888 5728 HidBth - ok
21:58:11.0904 5728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:58:11.0920 5728 HidIr - ok
21:58:11.0935 5728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:58:11.0951 5728 hidserv - ok
21:58:11.0982 5728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:58:11.0982 5728 HidUsb - ok
21:58:12.0013 5728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:58:12.0029 5728 hkmsvc - ok
21:58:12.0076 5728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:58:12.0091 5728 HomeGroupListener - ok
21:58:12.0169 5728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:58:12.0185 5728 HomeGroupProvider - ok
21:58:12.0200 5728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:58:12.0200 5728 HpSAMD - ok
21:58:12.0310 5728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:58:12.0325 5728 HTTP - ok
21:58:12.0356 5728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:58:12.0356 5728 hwpolicy - ok
21:58:12.0403 5728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:58:12.0419 5728 i8042prt - ok
21:58:12.0497 5728 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:58:12.0512 5728 iaStor - ok
21:58:12.0590 5728 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:58:12.0590 5728 IAStorDataMgrSvc - ok
21:58:12.0637 5728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:58:12.0653 5728 iaStorV - ok
21:58:12.0731 5728 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:58:12.0746 5728 IDriverT - ok
21:58:12.0887 5728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:58:12.0902 5728 idsvc - ok
21:58:12.0934 5728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:58:12.0980 5728 iirsp - ok
21:58:13.0027 5728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:58:13.0058 5728 IKEEXT - ok
21:58:13.0355 5728 [ A5F7CEF8A939EBE270462EDEFD629F20 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:58:13.0386 5728 IntcAzAudAddService - ok
21:58:13.0417 5728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:58:13.0433 5728 intelide - ok
21:58:13.0480 5728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:58:13.0495 5728 intelppm - ok
21:58:13.0542 5728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:58:13.0542 5728 IPBusEnum - ok
21:58:13.0573 5728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:58:13.0604 5728 IpFilterDriver - ok
21:58:13.0698 5728 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:58:13.0714 5728 iphlpsvc - ok
21:58:13.0745 5728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:58:13.0760 5728 IPMIDRV - ok
21:58:13.0776 5728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:58:13.0792 5728 IPNAT - ok
21:58:13.0807 5728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:58:13.0807 5728 IRENUM - ok
21:58:13.0823 5728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:58:13.0823 5728 isapnp - ok
21:58:13.0885 5728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:58:13.0901 5728 iScsiPrt - ok
21:58:13.0916 5728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:58:13.0948 5728 kbdclass - ok
21:58:13.0963 5728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:58:13.0979 5728 kbdhid - ok
21:58:13.0994 5728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:58:13.0994 5728 KeyIso - ok
21:58:14.0026 5728 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:58:14.0041 5728 KSecDD - ok
21:58:14.0072 5728 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:58:14.0104 5728 KSecPkg - ok
21:58:14.0150 5728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:58:14.0150 5728 ksthunk - ok
21:58:14.0213 5728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:58:14.0228 5728 KtmRm - ok
21:58:14.0275 5728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:58:14.0306 5728 LanmanServer - ok
21:58:14.0338 5728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:58:14.0384 5728 LanmanWorkstation - ok
21:58:14.0431 5728 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
21:58:14.0447 5728 LGBusEnum - ok
21:58:14.0509 5728 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
21:58:14.0525 5728 LGVirHid - ok
21:58:14.0587 5728 [ ACEC35F181075B20A5EF4A71958B13DF ] libusb0 C:\Windows\system32\drivers\libusb0.sys
21:58:14.0587 5728 libusb0 - ok
21:58:14.0650 5728 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:58:14.0665 5728 LightScribeService - ok
21:58:14.0712 5728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:58:14.0728 5728 lltdio - ok
21:58:14.0774 5728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:58:14.0790 5728 lltdsvc - ok
21:58:14.0806 5728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:58:14.0821 5728 lmhosts - ok
21:58:14.0837 5728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:58:14.0868 5728 LSI_FC - ok
21:58:14.0899 5728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:58:14.0915 5728 LSI_SAS - ok
21:58:14.0915 5728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:58:14.0946 5728 LSI_SAS2 - ok
21:58:14.0977 5728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:58:14.0993 5728 LSI_SCSI - ok
21:58:15.0040 5728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:58:15.0040 5728 luafv - ok
21:58:15.0071 5728 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:58:15.0086 5728 LVPr2M64 - ok
21:58:15.0086 5728 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:58:15.0086 5728 LVPr2Mon - ok
21:58:15.0180 5728 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:58:15.0196 5728 LVPrcS64 - ok
21:58:15.0274 5728 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
21:58:15.0320 5728 LVRS64 - ok
21:58:15.0882 5728 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
21:58:15.0960 5728 LVUVC64 - ok
21:58:15.0991 5728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:58:16.0022 5728 Mcx2Svc - ok
21:58:16.0038 5728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:58:16.0054 5728 megasas - ok
21:58:16.0085 5728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:58:16.0085 5728 MegaSR - ok
21:58:16.0163 5728 Microsoft SharePoint Workspace Audit Service - ok
21:58:16.0178 5728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:58:16.0210 5728 MMCSS - ok
21:58:16.0225 5728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:58:16.0241 5728 Modem - ok
21:58:16.0272 5728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:58:16.0303 5728 monitor - ok
21:58:16.0334 5728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:58:16.0350 5728 mouclass - ok
21:58:16.0397 5728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:58:16.0428 5728 mouhid - ok
21:58:16.0459 5728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:58:16.0475 5728 mountmgr - ok
21:58:16.0537 5728 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:58:16.0553 5728 MpFilter - ok
21:58:16.0584 5728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:58:16.0600 5728 mpio - ok
21:58:16.0615 5728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:58:16.0631 5728 mpsdrv - ok
21:58:16.0709 5728 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:58:16.0724 5728 MpsSvc - ok
21:58:16.0771 5728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:58:16.0787 5728 MRxDAV - ok
21:58:16.0818 5728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:58:16.0849 5728 mrxsmb - ok
21:58:16.0943 5728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:58:16.0943 5728 mrxsmb10 - ok
21:58:16.0990 5728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:58:17.0021 5728 mrxsmb20 - ok
21:58:17.0036 5728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:58:17.0036 5728 msahci - ok
21:58:17.0052 5728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:58:17.0068 5728 msdsm - ok
21:58:17.0130 5728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:58:17.0146 5728 MSDTC - ok
21:58:17.0177 5728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:58:17.0192 5728 Msfs - ok
21:58:17.0224 5728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:58:17.0224 5728 mshidkmdf - ok
21:58:17.0239 5728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:58:17.0255 5728 msisadrv - ok
21:58:17.0286 5728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:58:17.0302 5728 MSiSCSI - ok
21:58:17.0302 5728 msiserver - ok
21:58:17.0333 5728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:58:17.0364 5728 MSKSSRV - ok
21:58:17.0426 5728 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:58:17.0442 5728 MsMpSvc - ok
21:58:17.0458 5728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:58:17.0473 5728 MSPCLOCK - ok
21:58:17.0489 5728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:58:17.0489 5728 MSPQM - ok
21:58:17.0582 5728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:58:17.0582 5728 MsRPC - ok
21:58:17.0598 5728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:58:17.0629 5728 mssmbios - ok
21:58:17.0660 5728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:58:17.0660 5728 MSTEE - ok
21:58:17.0660 5728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:58:17.0660 5728 MTConfig - ok
21:58:17.0676 5728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:58:17.0707 5728 Mup - ok
21:58:17.0785 5728 [ C899ACE4A75136B8FE88FB6418C9F898 ] MWAgent C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE
21:58:17.0816 5728 MWAgent - ok
21:58:17.0863 5728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:58:17.0879 5728 napagent - ok
21:58:17.0926 5728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:58:17.0941 5728 NativeWifiP - ok
21:58:18.0004 5728 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:58:18.0050 5728 NDIS - ok
21:58:18.0066 5728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:58:18.0082 5728 NdisCap - ok
21:58:18.0113 5728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:58:18.0128 5728 NdisTapi - ok
21:58:18.0160 5728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:58:18.0175 5728 Ndisuio - ok
21:58:18.0222 5728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:58:18.0238 5728 NdisWan - ok
21:58:18.0269 5728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:58:18.0284 5728 NDProxy - ok
21:58:18.0347 5728 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:58:18.0378 5728 Net Driver HPZ12 - ok
21:58:18.0394 5728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:58:18.0409 5728 NetBIOS - ok
21:58:18.0472 5728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:58:18.0487 5728 NetBT - ok
21:58:18.0487 5728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:58:18.0487 5728 Netlogon - ok
21:58:18.0534 5728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:58:18.0550 5728 Netman - ok
21:58:18.0612 5728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:58:18.0612 5728 netprofm - ok
21:58:18.0690 5728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:58:18.0706 5728 NetTcpPortSharing - ok
21:58:18.0737 5728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:58:18.0752 5728 nfrd960 - ok
21:58:18.0799 5728 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:58:18.0815 5728 NisDrv - ok
21:58:18.0846 5728 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:58:18.0877 5728 NisSrv - ok
21:58:18.0924 5728 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:58:18.0971 5728 NlaSvc - ok
21:58:19.0002 5728 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
21:58:19.0018 5728 nmwcd - ok
21:58:19.0064 5728 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
21:58:19.0080 5728 nmwcdc - ok
21:58:19.0174 5728 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
21:58:19.0205 5728 NPF - ok
21:58:19.0236 5728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:58:19.0267 5728 Npfs - ok
21:58:19.0283 5728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:58:19.0298 5728 nsi - ok
21:58:19.0314 5728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:58:19.0314 5728 nsiproxy - ok
21:58:19.0486 5728 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:58:19.0532 5728 Ntfs - ok
21:58:19.0532 5728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:58:19.0548 5728 Null - ok
21:58:19.0626 5728 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:58:19.0657 5728 nusb3hub - ok
21:58:19.0720 5728 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:58:19.0720 5728 nusb3xhc - ok
21:58:19.0766 5728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:58:19.0782 5728 nvraid - ok
21:58:19.0844 5728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:58:19.0860 5728 nvstor - ok
21:58:19.0907 5728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:58:19.0922 5728 nv_agp - ok
21:58:19.0985 5728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:58:19.0985 5728 ohci1394 - ok
21:58:20.0088 5728 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:20.0098 5728 ose64 - ok
21:58:20.0498 5728 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:58:20.0548 5728 osppsvc - ok
21:58:20.0608 5728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:58:20.0618 5728 p2pimsvc - ok
21:58:20.0628 5728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:58:20.0680 5728 p2psvc - ok
21:58:20.0711 5728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:58:20.0742 5728 Parport - ok
21:58:20.0773 5728 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:58:20.0804 5728 partmgr - ok
21:58:20.0836 5728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:58:20.0867 5728 PcaSvc - ok
21:58:20.0929 5728 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:58:20.0945 5728 pccsmcfd - ok
21:58:20.0960 5728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:58:20.0992 5728 pci - ok
21:58:21.0007 5728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:58:21.0007 5728 pciide - ok
21:58:21.0023 5728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:58:21.0038 5728 pcmcia - ok
21:58:21.0038 5728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:58:21.0038 5728 pcw - ok
21:58:21.0070 5728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:58:21.0101 5728 PEAUTH - ok
21:58:21.0241 5728 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:58:21.0288 5728 PeerDistSvc - ok
21:58:21.0366 5728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:58:21.0366 5728 PerfHost - ok
21:58:21.0475 5728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:58:21.0506 5728 pla - ok
21:58:21.0553 5728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:58:21.0569 5728 PlugPlay - ok
21:58:21.0647 5728 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:58:21.0647 5728 Pml Driver HPZ12 - ok
21:58:21.0662 5728 PnkBstrA - ok
21:58:21.0709 5728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:58:21.0709 5728 PNRPAutoReg - ok
21:58:21.0725 5728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:58:21.0725 5728 PNRPsvc - ok
21:58:21.0756 5728 [ 7CA2487BC51FBE4FA30DE657C61D27D3 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys
21:58:21.0772 5728 Point64 - ok
21:58:21.0803 5728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:58:21.0803 5728 PolicyAgent - ok
21:58:21.0865 5728 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:58:21.0881 5728 Power - ok
21:58:21.0928 5728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:58:21.0943 5728 PptpMiniport - ok
21:58:21.0943 5728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:58:21.0959 5728 Processor - ok
21:58:22.0006 5728 [ A1AC03BE7BFA20E6727F36DFF66E7162 ] ProcObsrvesx C:\Program Files (x86)\eScan\PROCOBSRVESX.SYS
21:58:22.0021 5728 ProcObsrvesx - ok
21:58:22.0068 5728 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:58:22.0084 5728 ProfSvc - ok
21:58:22.0099 5728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:58:22.0099 5728 ProtectedStorage - ok
21:58:22.0162 5728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:58:22.0193 5728 Psched - ok
21:58:22.0240 5728 [ F2EECF8977BD3FE4E38743DDCFBECD20 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:58:22.0240 5728 PxHlpa64 - ok
21:58:22.0318 5728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:58:22.0333 5728 ql2300 - ok
21:58:22.0349 5728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:58:22.0364 5728 ql40xx - ok
21:58:22.0396 5728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:58:22.0427 5728 QWAVE - ok
21:58:22.0442 5728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:58:22.0458 5728 QWAVEdrv - ok
21:58:22.0708 5728 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
21:58:22.0723 5728 RapportCerberus_43926 - ok
21:58:22.0801 5728 [ E00B1DAC20B52781A6F697235A1CE9D4 ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
21:58:22.0832 5728 RapportEI64 - ok
21:58:22.0864 5728 [ A0D6937897654813C27CB149FC4337E4 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
21:58:22.0879 5728 RapportKE64 - ok
21:58:23.0051 5728 [ 61B37C0B3FD7DA7414C20D917469BFFF ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
21:58:23.0051 5728 RapportMgmtService - ok
21:58:23.0082 5728 [ 9B5D119785654BF8219DCBD0C1925FF7 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
21:58:23.0113 5728 RapportPG64 - ok
21:58:23.0129 5728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:58:23.0144 5728 RasAcd - ok
21:58:23.0191 5728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:58:23.0222 5728 RasAgileVpn - ok
21:58:23.0238 5728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:58:23.0238 5728 RasAuto - ok
21:58:23.0285 5728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:58:23.0316 5728 Rasl2tp - ok
21:58:23.0425 5728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:58:23.0441 5728 RasMan - ok
21:58:23.0456 5728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:58:23.0488 5728 RasPppoe - ok
21:58:23.0503 5728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:58:23.0534 5728 RasSstp - ok
21:58:23.0612 5728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:58:23.0628 5728 rdbss - ok
21:58:23.0675 5728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:58:23.0690 5728 rdpbus - ok
21:58:23.0706 5728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:58:23.0706 5728 RDPCDD - ok
21:58:23.0768 5728 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:58:23.0768 5728 RDPDR - ok
21:58:23.0800 5728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:58:23.0815 5728 RDPENCDD - ok
21:58:23.0831 5728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:58:23.0846 5728 RDPREFMP - ok
21:58:23.0940 5728 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:58:23.0971 5728 RdpVideoMiniport - ok
21:58:24.0018 5728 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:58:24.0034 5728 RDPWD - ok
21:58:24.0112 5728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:58:24.0143 5728 rdyboost - ok
21:58:24.0190 5728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:58:24.0221 5728 RemoteAccess - ok
21:58:24.0252 5728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:58:24.0283 5728 RemoteRegistry - ok
21:58:24.0361 5728 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
21:58:24.0361 5728 rpcapd - ok
21:58:24.0424 5728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:58:24.0424 5728 RpcEptMapper - ok
21:58:24.0455 5728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:58:24.0470 5728 RpcLocator - ok
21:58:24.0533 5728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:58:24.0548 5728 RpcSs - ok
21:58:24.0564 5728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:58:24.0580 5728 rspndr - ok
21:58:24.0751 5728 [ 2E7D1CA91D62501713C9D6E6704395C6 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:58:24.0767 5728 RTHDMIAzAudService - ok
21:58:24.0798 5728 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:58:24.0814 5728 RTL8167 - ok
21:58:24.0876 5728 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:58:24.0876 5728 RtNdPt60 - ok
21:58:24.0923 5728 [ 3183388DA27655085960A22B4B29CAA9 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
21:58:24.0938 5728 RTTEAMPT - ok
21:58:24.0985 5728 [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
21:58:24.0985 5728 RTVLANPT - ok
21:58:25.0001 5728 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:58:25.0016 5728 s3cap - ok
21:58:25.0016 5728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:58:25.0016 5728 SamSs - ok
21:58:25.0048 5728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:58:25.0063 5728 sbp2port - ok
21:58:25.0110 5728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:58:25.0126 5728 SCardSvr - ok
21:58:25.0157 5728 [ B2F50286DC82B93C013E3FC57BA1A956 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
21:58:25.0188 5728 SCDEmu - ok
21:58:25.0219 5728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:58:25.0235 5728 scfilter - ok
21:58:25.0297 5728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:58:25.0406 5728 Schedule - ok
21:58:25.0422 5728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:58:25.0453 5728 SCPolicySvc - ok
21:58:25.0500 5728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:58:25.0500 5728 SDRSVC - ok
21:58:25.0531 5728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:58:25.0531 5728 secdrv - ok
21:58:25.0562 5728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:58:25.0609 5728 seclogon - ok
21:58:25.0640 5728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:58:25.0656 5728 SENS - ok
21:58:25.0703 5728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:58:25.0718 5728 SensrSvc - ok
21:58:25.0781 5728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:58:25.0796 5728 Serenum - ok
21:58:25.0812 5728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:58:25.0843 5728 Serial - ok
21:58:25.0874 5728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:58:25.0890 5728 sermouse - ok
21:58:26.0046 5728 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:58:26.0077 5728 ServiceLayer - ok
21:58:26.0108 5728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:58:26.0140 5728 SessionEnv - ok
21:58:26.0171 5728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:58:26.0171 5728 sffdisk - ok
21:58:26.0202 5728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:58:26.0202 5728 sffp_mmc - ok
21:58:26.0233 5728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:58:26.0233 5728 sffp_sd - ok
21:58:26.0249 5728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:58:26.0249 5728 sfloppy - ok
21:58:26.0327 5728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:58:26.0358 5728 SharedAccess - ok
21:58:26.0420 5728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:58:26.0436 5728 ShellHWDetection - ok
21:58:26.0498 5728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:58:26.0530 5728 SiSRaid2 - ok
21:58:26.0564 5728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:58:26.0579 5728 SiSRaid4 - ok
21:58:26.0589 5728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:58:26.0619 5728 Smb - ok
21:58:26.0639 5728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:58:26.0659 5728 SNMPTRAP - ok
21:58:26.0719 5728 [ FAA0205C5E2328BF654D79E1242E632D ] SolarWinds TFTP Server C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe
21:58:26.0719 5728 SolarWinds TFTP Server - ok
21:58:26.0729 5728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:58:26.0749 5728 spldr - ok
21:58:26.0829 5728 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:58:26.0839 5728 Spooler - ok
21:58:27.0248 5728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:58:27.0310 5728 sppsvc - ok
21:58:27.0357 5728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:58:27.0388 5728 sppuinotify - ok
21:58:27.0420 5728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:58:27.0451 5728 srv - ok
21:58:27.0513 5728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:58:27.0513 5728 srv2 - ok
21:58:27.0544 5728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:58:27.0560 5728 srvnet - ok
21:58:27.0622 5728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:58:27.0638 5728 SSDPSRV - ok
21:58:27.0669 5728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:58:27.0685 5728 SstpSvc - ok
21:58:27.0810 5728 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:58:27.0825 5728 ssudmdm - ok
21:58:27.0856 5728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:58:27.0872 5728 stexstor - ok
21:58:27.0981 5728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:58:28.0012 5728 stisvc - ok
21:58:28.0028 5728 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:58:28.0075 5728 storflt - ok
21:58:28.0106 5728 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:58:28.0122 5728 StorSvc - ok
21:58:28.0153 5728 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:58:28.0449 5728 storvsc - ok
21:58:28.0480 5728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:58:28.0496 5728 swenum - ok
21:58:28.0512 5728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:58:28.0527 5728 swprv - ok
21:58:28.0746 5728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:58:28.0792 5728 SysMain - ok
21:58:28.0824 5728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:58:28.0839 5728 TabletInputService - ok
21:58:28.0886 5728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:58:28.0902 5728 TapiSrv - ok
21:58:28.0933 5728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:58:28.0964 5728 TBS - ok
21:58:29.0214 5728 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:58:29.0323 5728 Tcpip - ok
21:58:29.0338 5728 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:58:29.0354 5728 TCPIP6 - ok
21:58:29.0401 5728 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:58:29.0463 5728 tcpipreg - ok
21:58:29.0494 5728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:58:29.0526 5728 TDPIPE - ok
21:58:29.0588 5728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:58:29.0635 5728 TDTCP - ok
21:58:29.0666 5728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:58:29.0697 5728 tdx - ok
21:58:29.0744 5728 [ 3183388DA27655085960A22B4B29CAA9 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
21:58:29.0744 5728 TEAM - ok
21:58:29.0822 5728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:58:29.0853 5728 TermDD - ok
21:58:29.0962 5728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:58:29.0978 5728 TermService - ok
21:58:30.0025 5728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:58:30.0056 5728 Themes - ok
21:58:30.0118 5728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:58:30.0165 5728 THREADORDER - ok
21:58:30.0212 5728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:58:30.0243 5728 TrkWks - ok
21:58:30.0368 5728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:58:30.0384 5728 TrustedInstaller - ok
21:58:30.0430 5728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:58:30.0477 5728 tssecsrv - ok
21:58:30.0586 5728 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:58:30.0618 5728 TsUsbFlt - ok
21:58:30.0711 5728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:58:30.0727 5728 tunnel - ok
21:58:30.0789 5728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:58:30.0805 5728 uagp35 - ok
21:58:30.0867 5728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:58:30.0898 5728 udfs - ok
21:58:30.0961 5728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:58:30.0976 5728 UI0Detect - ok
21:58:30.0992 5728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:58:31.0023 5728 uliagpkx - ok
21:58:31.0086 5728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:58:31.0164 5728 umbus - ok
21:58:31.0257 5728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:58:31.0304 5728 UmPass - ok
21:58:31.0382 5728 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:58:31.0413 5728 UmRdpService - ok
21:58:31.0491 5728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:58:31.0507 5728 upnphost - ok
21:58:31.0632 5728 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:58:31.0647 5728 upperdev - ok
21:58:31.0710 5728 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:58:31.0725 5728 usbaudio - ok
21:58:31.0772 5728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:58:31.0819 5728 usbccgp - ok
21:58:31.0834 5728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:58:31.0834 5728 usbcir - ok
21:58:31.0897 5728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:58:31.0912 5728 usbehci - ok
21:58:31.0959 5728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:58:31.0975 5728 usbhub - ok
21:58:32.0037 5728 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:58:32.0084 5728 usbohci - ok
21:58:32.0100 5728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:58:32.0100 5728 usbprint - ok
21:58:32.0240 5728 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:58:32.0256 5728 usbscan - ok
21:58:32.0318 5728 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
21:58:32.0334 5728 usbser - ok
21:58:32.0365 5728 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:58:32.0365 5728 UsbserFilt - ok
21:58:32.0396 5728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:58:32.0427 5728 USBSTOR - ok
21:58:32.0490 5728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:58:32.0505 5728 usbuhci - ok
21:58:32.0568 5728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:58:32.0583 5728 UxSms - ok
21:58:32.0614 5728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:58:32.0614 5728 VaultSvc - ok
21:58:32.0661 5728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:58:32.0692 5728 vdrvroot - ok
21:58:32.0770 5728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:58:32.0786 5728 vds - ok
21:58:32.0848 5728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:58:32.0864 5728 vga - ok
21:58:32.0895 5728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:58:32.0926 5728 VgaSave - ok
21:58:32.0973 5728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:58:33.0004 5728 vhdmp - ok
21:58:33.0020 5728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:58:33.0036 5728 viaide - ok
21:58:33.0051 5728 [ 8B6B42D782202363A562F82B0E13B1C0 ] VLAN C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:58:33.0067 5728 VLAN - ok
21:58:33.0098 5728 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:58:33.0145 5728 vmbus - ok
21:58:33.0176 5728 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:58:33.0192 5728 VMBusHID - ok
21:58:33.0207 5728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:58:33.0238 5728 volmgr - ok
21:58:33.0301 5728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:58:33.0316 5728 volmgrx - ok
21:58:33.0348 5728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:58:33.0379 5728 volsnap - ok
21:58:33.0472 5728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:58:33.0472 5728 vsmraid - ok
21:58:33.0613 5728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:58:33.0644 5728 VSS - ok
21:58:33.0691 5728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:58:33.0738 5728 vwifibus - ok
21:58:33.0862 5728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:58:33.0894 5728 W32Time - ok
21:58:33.0940 5728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:58:33.0956 5728 WacomPen - ok
21:58:34.0018 5728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:58:34.0050 5728 WANARP - ok
21:58:34.0096 5728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:58:34.0112 5728 Wanarpv6 - ok
21:58:34.0299 5728 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:58:34.0346 5728 WatAdminSvc - ok
21:58:34.0486 5728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:58:34.0518 5728 wbengine - ok
21:58:34.0580 5728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:58:34.0627 5728 WbioSrvc - ok
21:58:34.0736 5728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:58:34.0752 5728 wcncsvc - ok
21:58:34.0767 5728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:58:34.0783 5728 WcsPlugInService - ok
21:58:34.0814 5728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:58:34.0830 5728 Wd - ok
21:58:34.0939 5728 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:58:34.0986 5728 Wdf01000 - ok
21:58:35.0017 5728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:58:35.0032 5728 WdiServiceHost - ok
21:58:35.0048 5728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:58:35.0064 5728 WdiSystemHost - ok
21:58:35.0173 5728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:58:35.0235 5728 WebClient - ok
21:58:35.0344 5728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:58:35.0360 5728 Wecsvc - ok
21:58:35.0578 5728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:58:35.0625 5728 wercplsupport - ok
21:58:35.0672 5728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:58:35.0734 5728 WerSvc - ok
21:58:35.0828 5728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:58:35.0844 5728 WfpLwf - ok
21:58:35.0937 5728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:58:35.0984 5728 WIMMount - ok
21:58:36.0109 5728 WinDefend - ok
21:58:36.0124 5728 WinHttpAutoProxySvc - ok
21:58:36.0218 5728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:58:36.0265 5728 Winmgmt - ok
21:58:36.0592 5728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:58:36.0624 5728 WinRM - ok
21:58:36.0717 5728 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:58:36.0748 5728 WinUsb - ok
21:58:36.0889 5728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:58:36.0904 5728 Wlansvc - ok
21:58:37.0045 5728 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:58:37.0107 5728 wlidsvc - ok
21:58:37.0170 5728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:58:37.0185 5728 WmiAcpi - ok
21:58:37.0248 5728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:58:37.0263 5728 wmiApSrv - ok
21:58:37.0294 5728 WMPNetworkSvc - ok
21:58:37.0404 5728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:58:37.0404 5728 WPCSvc - ok
21:58:37.0435 5728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:58:37.0450 5728 WPDBusEnum - ok
21:58:37.0638 5728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:58:37.0653 5728 ws2ifsl - ok
21:58:37.0700 5728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:58:37.0731 5728 wscsvc - ok
21:58:37.0794 5728 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:58:37.0825 5728 WSDPrintDevice - ok
21:58:37.0825 5728 WSearch - ok
21:58:38.0371 5728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:58:38.0418 5728 wuauserv - ok
21:58:38.0511 5728 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:58:38.0542 5728 WudfPf - ok
21:58:38.0636 5728 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:58:38.0714 5728 WUDFRd - ok
21:58:38.0761 5728 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:58:38.0823 5728 wudfsvc - ok
21:58:38.0870 5728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:58:38.0917 5728 WwanSvc - ok
21:58:38.0932 5728 ================ Scan global ===============================
21:58:39.0010 5728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:58:39.0135 5728 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:58:39.0166 5728 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:58:39.0244 5728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:58:39.0416 5728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:58:39.0447 5728 [Global] - ok
21:58:39.0447 5728 ================ Scan MBR ==================================
21:58:39.0510 5728 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:58:40.0976 5728 \Device\Harddisk0\DR0 - ok
21:58:40.0976 5728 ================ Scan VBR ==================================
21:58:40.0976 5728 [ DF0125B4BECDB824CAA0FDF4783317B2 ] \Device\Harddisk0\DR0\Partition1
21:58:40.0976 5728 \Device\Harddisk0\DR0\Partition1 - ok
21:58:41.0007 5728 [ 16C9DDD22DBAE2C81A184E874AEA7613 ] \Device\Harddisk0\DR0\Partition2
21:58:41.0007 5728 \Device\Harddisk0\DR0\Partition2 - ok
21:58:41.0007 5728 ============================================================
21:58:41.0007 5728 Scan finished
21:58:41.0007 5728 ============================================================
21:58:41.0007 5260 Detected object count: 0
21:58:41.0007 5260 Actual detected object count: 0


aswMBR Report:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-23 21:58:27
-----------------------------
21:58:27.919 OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:27.919 Number of processors: 8 586 0x1A05
21:58:27.919 ComputerName: ANDREW-PC UserName: Andrew
21:58:36.343 Initialize success
22:00:34.271 AVAST engine defs: 12112302
22:00:38.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
22:00:38.093 Disk 0 Vendor: Intel___ 1.0. Size: 953867MB BusType: 8
22:00:38.124 Disk 0 MBR read successfully
22:00:38.124 Disk 0 MBR scan
22:00:38.249 Disk 0 Windows 7 default MBR code
22:00:38.249 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:00:38.280 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953765 MB offset 206848
22:00:38.373 Disk 0 scanning C:\Windows\system32\drivers
22:01:03.630 Service scanning
22:01:55.921 Modules scanning
22:01:55.921 Disk 0 trace - called modules:
22:01:55.937 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:01:55.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005d62790]
22:01:55.937 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8005985050]
22:01:58.308 AVAST engine scan C:\Windows
22:02:06.178 AVAST engine scan C:\Windows\system32
22:09:54.124 AVAST engine scan C:\Windows\system32\drivers
22:10:19.802 AVAST engine scan C:\Users\Andrew
22:26:27.365 AVAST engine scan C:\ProgramData
22:33:06.115 Scan finished successfully
22:37:26.523 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
22:37:26.653 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt"


ESET Online Scanner Report:


No threats found.

#4 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 24 November 2012 - 06:03 AM

AND MSE has just reported Worm:Win32/GamarueI

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 24 November 2012 - 01:35 PM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#6 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 25 November 2012 - 05:20 PM

Hi narenxp, thank for the directions. Can I run these all in parallel/ at the same time please as each scan is taking hours?

Thanks

fixit9660 a.k.a Andy

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 25 November 2012 - 05:37 PM

adware cleaner will reboot the PC ,make sure to run it separately

#8 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 25 November 2012 - 06:22 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Andrew :: ANDREW-PC [administrator]

25/11/2012 20:40:36
mbam-log-2012-11-25 (20-40-36).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 474552
Time elapsed: 2 hour(s), 12 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MiniToolBox by Farbar Version: 25-11-2012
Ran by Andrew (administrator) on 25-11-2012 at 22:55:44
Running from "C:\Downloads\eScan\MiniToolbox"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=10.76.7.111 publish=Yes
add address name="Local Area Connection" address=10.76.7.77 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Andrew-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-F0-49-EC-BB-49
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E5B162B6-9EAC-4FFA-9838-011765887213}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
9...6c f0 49 ec bb 49 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.76.7.111 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mwtsp.dll [631080] (MicroWorld Technologies Inc.)
Catalog9 02 C:\Windows\SysWOW64\mwtsp.dll [631080] (MicroWorld Technologies Inc.)
Catalog9 03 C:\Windows\SysWOW64\mwtsp.dll [631080] (MicroWorld Technologies Inc.)
Catalog9 04 C:\Windows\SysWOW64\mwtsp.dll [631080] (MicroWorld Technologies Inc.)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\SysWOW64\mwtsp.dll [631080] (MicroWorld Technologies Inc.)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mwtsp.dll [705320] (MicroWorld Technologies Inc.)
x64-Catalog9 02 C:\Windows\System32\mwtsp.dll [705320] (MicroWorld Technologies Inc.)
x64-Catalog9 03 C:\Windows\System32\mwtsp.dll [705320] (MicroWorld Technologies Inc.)
x64-Catalog9 04 C:\Windows\System32\mwtsp.dll [705320] (MicroWorld Technologies Inc.)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 15 C:\Windows\System32\mwtsp.dll [705320] (MicroWorld Technologies Inc.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/25/2012 08:35:11 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/25/2012 08:35:11 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/25/2012 08:35:05 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 06:11:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: eScanS64.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fa8506f
Exception code: 0xc0000005
Fault offset: 0x0000000005bc0e7c
Faulting process id: 0xc5c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service) (User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center


System errors:
=============
Error: (11/25/2012 10:20:29 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 7 time(s).

Error: (11/25/2012 10:16:12 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 6 time(s).

Error: (11/25/2012 09:19:41 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 5 time(s).

Error: (11/25/2012 09:09:37 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 4 time(s).

Error: (11/25/2012 09:06:10 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 3 time(s).

Error: (11/25/2012 08:40:15 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (11/25/2012 08:38:15 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (11/25/2012 08:38:07 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the MWAgent service, but this action failed with the following error:
%%1056

Error: (11/25/2012 08:37:07 PM) (Source: Service Control Manager) (User: )
Description: The MWAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/24/2012 06:27:05 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (11/25/2012 08:35:11 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/25/2012 08:35:11 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/25/2012 08:35:05 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 06:11:41 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4eScanS64.dll_unloaded0.0.0.04fa8506fc00000050000000005bc0e7cc5c01cdca6a7ba2068aC:\Windows\Explorer.EXEeScanS64.dll64ef6653-3662-11e2-895d-6cf049ecbb49

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/24/2012 05:38:07 PM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Spyware Application For Security Center

Error: (11/24/2012 09:10:11 AM) (Source: eScan Monitor Service)(User: )
Description: eScan Monitor Service error: 0Failed To Register Anti-Virus Application For Security Center


CodeIntegrity Errors:
===================================
Date: 2012-11-25 21:42:23.827
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-25 21:42:23.686
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-25 21:42:23.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-24 01:32:56.860
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-24 01:32:56.735
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-24 01:32:56.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-23 21:13:21.499
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-23 21:13:21.374
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-23 21:13:21.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.

Date: 2012-11-19 18:55:34.800
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\eScan\w2kdb\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

1-Click Duplicate Delete for Outlook 3.08
64 Bit HP CIO Components Installer (Version: 7.2.9)
AC3Filter 1.63b (Version: 1.63b)
Active@ ISO Burner (Version: 2.1.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.110)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Allway Sync version 12.3.1
AMD Drag and Drop Transcoding (Version: 2.00.0000)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
Application Profiles (Version: 2.0.3883.34246)
ATI Catalyst Install Manager (Version: 3.0.808.0)
ATI Problem Report Wizard (Version: 3.0.795.0)
AviSynth 2.5
Brother's Keeper 6.6
Bulk Rename Utility 2.7.1.2
calibre (Version: 0.9.7)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.7.2.11)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.3.9)
Canon MOV Decoder (Version: 1.5.0.7)
Canon MOV Encoder (Version: 1.3.1.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.4.1.9)
Canon Utilities CameraWindow (Version: 7.4.0.7)
Canon Utilities CameraWindow DC 8 (Version: 8.1.0.11)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities ZoomBrowser EX (Version: 6.5.1.15)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.3.0.4)
CCleaner (Version: 3.24)
CoreAAC Audio Decoder (remove only)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Diagnostic Utility (Version: 1.00.0000)
DVD-CLONER V6.70 Build 986 (Version: 6.70.0.985)
DVD Flick 1.3.0.7 (Version: 1.3.0.7)
Epson Copy Utility 3.5 (Version: 3.5.0.0)
Epson Event Manager (Version: 2.30.01)
EPSON Scan
ERUNT 1.1j
eScan Anti-Virus (AV) Edition for Windows (Version: 11.0.1139.855)
ESET Online Scanner v3
ffdshow [rev 3299] [2010-03-03] (Version: 1.0.0.3299)
FreeBASIC 0.23.0 (Version: 0.23.0)
Google Earth (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Haali Media Splitter
Handy Safe Desktop Professional 3.01 (Version: 3.1.292)
HD Writer AE 4.0 (Version: 4.00.022.1033)
HP Officejet Pro 8000 Enterprise A811a
HP Product Detection (Version: 10.7.7.0)
HydraVision (Version: 4.2.180.0)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 10.8.0.1003)
Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
Java™ 7 Update 4 (64-bit) (Version: 7.0.40)
Kobo (Version: 3.0.4)
LightScribe System Software (Version: 1.18.22.2)
LightScribe Template Labeler (Version: 1.18.15.1)
Logitech Gaming Software (Version: 8.20.74)
Logitech Gaming Software 8.20 (Version: 8.20.74)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Logitech Webcam Software (Version: 12.10.1113)
MailWasher Pro
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 7.1 (Version: 7.10.344.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Movie Collector
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MyFreeCodec
Nokia Connectivity Cable Driver (Version: 7.1.78.0)
Nokia PC Suite (Version: 7.1.51.0)
Nokia Suite (Version: 3.4.49.0)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.3.6.0)
PC Connectivity Solution (Version: 12.0.17.0)
Pdf995
PingGraph version 1.3
PKZIP for Windows 12.50.0013 (Version: 12.50.0013)
PowerISO (Version: 4.8)
QuickTime (Version: 7.73.80.64)
RAIDar 4.3.4 (Version: 4.3.4)
Rapport (Version: 3.5.1108.73)
Rapport (Version: 3.5.1201.94)
Realtek Ethernet Controller Driver (Version: 7.26.902.2010)
Realtek HDMI Audio Driver for ATI (Version: 6.0.1.6409)
Realtek High Definition Audio Driver (Version: 6.0.1.6449)
Remote Control USB Driver (Version: 2.3.2.317)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.4.0)
RouterStats-Lite v7.6
Samsung Kies (Version: 2.3.2.12074_13)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
SeaTools for Windows (Version: 1.2.0.4)
Sigil 0.4.2
SolarWinds Advanced Subnet Calculator (Version: 9.1)
SolarWinds TFTP Server (Version: 9.1)
Stellarium 0.11.0
swMSM (Version: 12.0.0.1)
Syslog Server 1.2.0
System Requirements Lab (Version: 4.1.71.0)
System Requirements Lab for Intel (64-bit) (Version: 4.5.3.0)
System Requirements Lab for Intel (Version: 4.4.24.0)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
The Settlers 7 - Paths to a Kingdom (Version: 1.12.1396)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
USB Multi-Channel Audio Device
VanDyke Software SecureCRT 6.6 (Version: 6.6.3)
Winamp (Version: 5.63 )
Windows Driver Package - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinSCP 4.3.7 (Version: 4.3.7)
Wireshark 1.6.3 (Version: 1.6.3)
XnView 1.99.5 (Version: 1.99.5)
Xvid 1.2.2 final uninstall (Version: 1.2)

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 6142.45 MB
Available physical RAM: 3778.82 MB
Total Pagefile: 12283.1 MB
Available Pagefile: 9653.67 MB
Total Virtual: 4095.88 MB
Available Virtual: 3953.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:516.6 GB) NTFS

========================= Users: ========================================

User accounts for \\ANDREW-PC

Administrator Andrew Guest

========================= Restore Points ==================================

18-11-2012 13:17:56 Windows Update
21-11-2012 19:18:35 Windows Update
23-11-2012 21:16:05 Malwarebytes Anti-Rootkit Restore Point
24-11-2012 06:49:47 Installed calibre
25-11-2012 20:38:43 Windows Update

**** End of log ****

Farbar Service Scanner Version: 09-11-2012
Ran by Andrew (administrator) on 25-11-2012 at 22:58:27
Running from "C:\Downloads\eScan\Farbar"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-11-14 17:41] - [2012-10-03 17:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

# AdwCleaner v2.009 - Logfile created 11/25/2012 at 22:59:43
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Andrew - ANDREW-PC
# Boot Mode : Normal
# Running from : C:\Downloads\eScan\Adware Cleaner\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Andrew\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Andrew\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Andrew\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1083 octets] - [25/11/2012 22:59:43]

########## EOF - C:\AdwCleaner[S1].txt - [1143 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.5.1 (11.25.2012)
OS: Windows 7 Professional x64
Ran by Andrew on 25/11/2012 at 23:07:44.42
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/11/2012 at 23:10:59.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 25 November 2012 - 06:24 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#10 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 26 November 2012 - 03:54 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/26/2012 08:44:00 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/26/2012 08:44:16 PM
Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "IntelliPoint" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "Launch LCore" "Logitech Gaming Framework" "Logitech Inc." "c:\program files\logitech gaming software\lcore.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "EEventManager" "EEventManager Application" "SEIKO EPSON CORPORATION" "c:\program files (x86)\epson software\event manager\eeventmanager.exe"
+ "IAStorIcon" "IAStorIcon" "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe"
+ "KiesTrayAgent" "Kies TrayAgent Application" "Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\kies\kiestrayagent.exe"
+ "NUSB3MON" "USB 3.0 Monitor" "Renesas Electronics Corporation" "c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
+ "PWRISOVM.EXE" "PowerISO Virtual Drive Manager" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisovm.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files (x86)\quicktime\qttask.exe"
+ "WinampAgent" "Winamp Agent" "Nullsoft, Inc." "c:\program files (x86)\winamp\winampa.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "HD Writer.lnk" "" "Panasonic Corporation" "c:\program files (x86)\common files\panasonic\hd writer autostart\hdwriterautostart.exe"
+ "PKZIP Attachments Status.lnk" "E-Mail Attachment Compression Tray Module (Unicode)" "PKWARE, Inc." "c:\program files (x86)\pkware\pkzipm\12.50.0013\pktray.exe"
"C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OneNote 2010 Screen Clipper and Launcher.lnk" "Microsoft OneNote Quick Launcher" "Microsoft Corporation" "c:\program files\microsoft office\office14\onenotem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lsrunonce.exe"
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "KiesPreload" "Kies" "Samsung" "c:\program files (x86)\samsung\kies\kies.exe"
+ "LightScribe Control Panel" "" "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lightscribecontrolpanel.exe"
+ "OfficeSyncProcess" "Microsoft Office Document Cache" "Microsoft Corporation" "c:\program files\microsoft office\office14\msosync.exe"
+ "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\googletoolbarnotifier.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "BRUMenuHandler" "Context Menu Dynamic Link Library" "Bulk Rename Utility" "c:\program files\bulk rename utility\bruhere64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "eScanShellExt" "eScan Shell Extension Module" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\escans64.dll"
+ "PKZIP Shell Extension" "HI PAAPI (Unicode) x64" "PKWARE, Inc." "c:\program files\common files\pkware\pkzip7\pkcom700.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "eScanShellExt" "eScan Shell Extension Module" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\escanshx.dll"
+ "PKZIP Shell Extension" "HI PAAPI (Unicode)" "PKWARE, Inc." "c:\program files (x86)\common files\pkware\pkzip7\pkcom700.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "BRUMenuHandler" "Context Menu Dynamic Link Library" "Bulk Rename Utility" "c:\program files\bulk rename utility\bruhere64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Nokia" "Phone Browser" "Nokia" "c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser64.dll"
+ "WinSCPCopyHook" "Drag&Drop shell extension for WinSCP (64-bit)" "Martin Prikryl" "c:\program files (x86)\winscp\dragext64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Nokia" "Phone Browser" "Nokia" "c:\program files (x86)\nokia\nokia pc suite 7\phonebrowser.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "eScanShellExt" "eScan Shell Extension Module" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\escans64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "PKZIP Shell Extension" "HI PAAPI (Unicode) x64" "PKWARE, Inc." "c:\program files\common files\pkware\pkzip7\pkcom700.dll"
+ "PowerISO" "PowerISOShell DLL" "PowerISO Computing, Inc." "c:\program files (x86)\poweriso\pwrisosh.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "eScanShellExt" "eScan Shell Extension Module" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\escanshx.dll"
+ "PKZIP Shell Extension" "HI PAAPI (Unicode)" "PKWARE, Inc." "c:\program files (x86)\common files\pkware\pkzip7\pkcom700.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "PKZIP Shell Extension" "HI PAAPI (Unicode) x64" "PKWARE, Inc." "c:\program files\common files\pkware\pkzip7\pkcom700.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "PKZIP Shell Extension" "HI PAAPI (Unicode)" "PKWARE, Inc." "c:\program files (x86)\common files\pkware\pkzip7\pkcom700.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg64.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files (x86)\google\googletoolbarnotifier\5.7.7529.1424\swg.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
+ "Virtual Keyboard" "Virtual Keyboard" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\vkboard.exe"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
+ "Virtual Keyboard" "Virtual Keyboard" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\vkboard.exe"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.5 r502" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC" "CCleaner" "Piriform Ltd" "c:\program files\ccleaner\ccleaner.exe"
+ "\eScan Updater" "eScan Updater - Server" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\trayicos.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\MailScan Dispatcher" "MailScan Dispatcher Launcher" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\launch.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task" "Windows Live Social Object Extractor Engine" "Microsoft Corporation" "c:\program files (x86)\windows live\soxe\wlsoxe.dll"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe" "IPoint.exe" "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\{10D495FF-8A41-46E8-98D8-E0F42074E2F0}" "" "" "File not found: C:\Downloads\VPN LInk test\LinkTest.exe"
+ "\{470FBB97-D33A-4F12-97DA-DA5C901F265B}" "" "" "File not found: C:\Downloads\VPN LInk test\LinkTest.exe"
+ "\{8F53449B-029B-4DE0-9CD7-84B5A861E171}" "" "" "File not found: C:\Downloads\RouterStats\Lite\7v7\BitGraph\BitGraph.exe"
+ "\{DA127AEC-BCDF-45E1-A065-8EC4B3DA6367}" "" "" "File not found: C:\Downloads\RouterStats\Lite\7v7\BitGraph\BitGraph.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeActiveFileMonitor6.0" "Tracks files that are managed by Adobe Photoshop Elements" "" "c:\program files (x86)\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe"
+ "EconService" "eScan Firewall Service - "Digital Fortress For Your Computer"" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\econser.exe"
+ "eScan Monitor Service" "MicroWorld eScan Virus Monitoring Service." "MicroWorld Technologies Inc." "c:\programdata\microworld\escanbd\avpmapp.exe"
+ "eScan-trayicos" "eScan Server Updater Service" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\traysser.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IAStorDataMgrSvc" "Provides storage event notification and manages communication between the storage driver and user space applications." "Intel Corporation" "c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files (x86)\common files\lightscribe\lssrvc.exe"
+ "LVPrcS64" "Injector service" "Logitech Inc." "c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MWAgent" "MicroWorld Agent Service" "MicroWorld Technologies Inc." "c:\program files (x86)\common files\microworld\agent\mwaser.exe"
+ "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose64" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RapportMgmtService" "Central Rapport Management and Monitoring Service" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe"
+ "rpcapd" "Allows to capture traffic on this machine from a remote machine." "CACE Technologies, Inc." "c:\program files (x86)\winpcap\rpcapd.exe"
+ "ServiceLayer" "ServiceLayer Module" "Nokia" "c:\program files (x86)\pc connectivity solution\servicelayer.exe"
+ "SolarWinds TFTP Server" "SolarWinds TFTP Server" "SolarWinds" "c:\program files (x86)\solarwinds\tftpserver\solarwinds tftp server.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "AtiHDAudioService" "ATI High Definition Audio Function Driver" "ATI Technologies, Inc." "c:\windows\system32\drivers\atihdw76.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "bdfsfltr" "eScan Monitor (DB) Minifilter" "BitDefender" "c:\windows\system32\drivers\bdfsfltr.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "dg_ssudbus" "SAMSUNG USB Composite Device Driver (MSS Ver.3)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudbus.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "econceal" "eScan Firewall Driver" "MicroWorld Technologies Inc." "c:\windows\system32\drivers\econceal.sys"
+ "econcealMP" "eScan Firewall Driver" "MicroWorld Technologies Inc." "c:\windows\system32\drivers\econceal.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Rapid Storage Technology driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "LGBusEnum" "Logitech WingMan Virtual Bus Enumerator Driver" "Logitech Inc." "c:\windows\system32\drivers\lgbusenum.sys"
+ "LGVirHid" "Logitech GamePanel Virtual Hid Device Driver" "Logitech Inc." "c:\windows\system32\drivers\lgvirhid.sys"
+ "libusb0" "LibUSB-Win32 - Kernel Driver" "http://libusb-win32.sourceforge.net" "c:\windows\system32\drivers\libusb0.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVPr2M64" "Logitech LVPr2M64 Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2m64.sys"
+ "LVPr2Mon" "Logitech LVPr2M64 Driver" "Logitech Inc." "c:\windows\system32\drivers\lvpr2m64.sys"
+ "LVRS64" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs64.sys"
+ "LVUVC64" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc64.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nmwcd" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbx64.sys"
+ "nmwcdc" "Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\ccdcmbox64.sys"
+ "NPF" "npf.sys (NT5/6 AMD64) Kernel Driver" "CACE Technologies, Inc." "c:\windows\system32\drivers\npf.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "pccsmcfd" "PCCS Mode Change Filter Driver" "Nokia" "c:\windows\system32\drivers\pccsmcfdx64.sys"
+ "ProcObsrvesx" "ProcObsrvesx" "MicroWorld Technologies Inc." "c:\program files (x86)\escan\procobsrvesx.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Rovi Corporation" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RapportCerberus_43926" "" "" "c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\rapportcerberus64_43926.sys"
+ "RapportEI64" "RapportEI64" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys"
+ "RapportKE64" "RapportKE" "Trusteer Ltd." "c:\windows\system32\drivers\rapportke64.sys"
+ "RapportPG64" "RapportPG64" "Trusteer Ltd." "c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys"
+ "RTHDMIAzAudService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rthdmivx.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RtNdPt60" "Realtek NDIS Protocol Driver" "Realtek " "c:\windows\system32\drivers\rtndpt60.sys"
+ "RTTEAMPT" "Realtek Teaming Protocol Driver (NDIS 6.0)" "Realtek Corporation" "c:\windows\system32\drivers\rtteam60.sys"
+ "RTVLANPT" "Realtek Vlan Protocol Driver (NDIS 6.2)" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\rtvlan60.sys"
+ "SCDEmu" "PowerISO Virtual Drive" "PowerISO Computing, Inc." "c:\windows\system32\drivers\scdemu.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "ssudmdm" "SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)" "DEVGURU Co., LTD.(www.devguru.co.kr)" "c:\windows\system32\drivers\ssudmdm.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "TEAM" "Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)" "Realtek Corporation" "c:\windows\system32\drivers\rtteam60.sys"
+ "upperdev" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltx64.sys"
+ "UsbserFilt" "Filter Driver for Nokia USB Phone Bus Driver" "Nokia" "c:\windows\system32\drivers\usbser_lowerfltjx64.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "VLAN" "Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)" "Windows ® Codename Longhorn DDK provider" "c:\windows\system32\drivers\rtvlan60.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\system32\ac3filter64.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcod64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.ac3filter" "" "" "c:\windows\syswow64\ac3filter.acm"
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.FFDS" "" "" "c:\windows\syswow64\ff_vfw.dll"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\syswow64\lvcodec2.dll"
+ "vidc.XVID" "" "" "c:\windows\syswow64\xvidvfw.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3Filter" "ac3filter" "" "c:\program files (x86)\ac3filter\x64\ac3filter64.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\haali\matroskasplitter\dxr.x64.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.x64.ax"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "AC3 Decoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\myfree codec\1.0b beta\ac-3\ac3dx.ax"
+ "AC3Filter" "ac3filter" "" "c:\program files (x86)\ac3filter\ac3filter.ax"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files (x86)\google\google earth\client\wavdest.ax"
+ "Canon DES Resizer SaveMode" "CanonDESResizer" "Canon Inc." "c:\program files (x86)\canon\mdl30\canondesresizer.ax"
+ "Canon H.264 Decode Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder150\canonh264filter.ax"
+ "Canon H.264 Encoder 1.3.1" "Canon H264 Encoder Filter" "CANON INC." "c:\program files (x86)\canon\canon mov encoder\canonh264encoder.ax"
+ "Canon Image Rotation Filter" "Canon Image Rotation Filter " "Canon Inc." "c:\program files (x86)\canon\mdp\canonrotatefilter.dll"
+ "Canon MDP Motion-JPEG Decoder" "Canon MDP Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdp\canonmdpmjpegdecoder.ax"
+ "Canon Motion-JPEG Decoder" "Canon Motion-JPEG Decoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdl30\canonmjpegdecoder.ax"
+ "Canon Motion-JPEG Encoder" "Motion-JPEG Encoder Filter" "Canon Inc." "c:\program files (x86)\canon\mdl30\canonmjpegencoder.ax"
+ "Canon Mov File Parser Filter" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder150\canonh264filter.ax"
+ "Canon Mov File Parser Filter2" "Canon H.264 Mov Filter" "Canon Inc." "c:\program files (x86)\canon\canon mov decoder150\canonh264filter.ax"
+ "Canon Resizer" "CanonResizer" "Canon Inc." "c:\program files (x86)\canon\mdl30\canonresizer.ax"
+ "Canon Text Source Filter" "Canon Text Source Filter" "Canon Inc." "c:\program files (x86)\canon\mdl30\canontextsourcefilter.ax"
+ "Canon WAV Dest" "CanonWavDest" "Canon Inc." "c:\program files (x86)\canon\mdl30\canonwavdest.ax"
+ "Canon-Actual-Data-Length-Setter" "CanonActualDataLengthSetter" "Canon Inc." "c:\program files (x86)\canon\mdl30\canonactualdatalengthsetter.ax"
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\windows\syswow64\coreaac.ax"
+ "Emuzed AAC/AAC+ Decoder TFilter" "Emuzed AAC/AAC+ Decoder Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzaacdecfilter.dll"
+ "Emuzed AMR/3GPP/MP4/MP3 Multiplexer-Filter" "Emuzed MP4/3GP2/AMR/QCP Multiplexer/Sink Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\ezdmp4muxfilter.dll"
+ "Emuzed AMR/QCP/3GPP/MP4/3G2 Source Filter" "Emuzed MP4/3GP2/AMR/QCP Source Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzmp4source.dll"
+ "Emuzed H264 Video Decoder-Filter" "Emuzed H.264 Video Transform Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\ezdh264dectfilter.dll"
+ "Emuzed MP3 Source/Decoder Filter" "Emuzed MP3 Source/Decoder Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzmp3sourcefilter.dll"
+ "Emuzed MP4SP/H263 Video Decoder-Filter" "Emuzed MP4SP/H.263 Video Transform Filter" "Emuzed Inc. " "c:\program files (x86)\common files\nokia\codecs\emzdecmp4_h263.dll"
+ "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files (x86)\ffdshow\ffdshow.ax"
+ "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.ax"
+ "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.ax"
+ "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.ax"
+ "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.ax"
+ "Haali Video Renderer" "" "" "c:\program files (x86)\haali\matroskasplitter\dxr.dll"
+ "Haali Video Sink" "Haali Media Splitter" "" "c:\program files (x86)\haali\matroskasplitter\splitter.ax"
+ "MACSReaderMP3 Filter" "MACSReaderMP3 Filter" "" "c:\program files (x86)\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "MusicCity MPEG Splitter" "PCube MPEG Splitter Filter" "© MusicCity" "c:\windows\syswow64\muzmpgsp.ax"
+ "MusicCity OGG Splitter" "OGG Splitter" "© PeeringPortal" "c:\windows\syswow64\muzoggsp.ax"
+ "MyFree Codec Filter" "" "" "c:\program files (x86)\myfree codec\1.0b beta\myfree.ax"
+ "NEDFilter4Samsung Filter" "MACSReaderMP3 Filter" "L544™ Technology" "c:\program files (x86)\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "Nokia H264Dec HP/MP Filter" "NokiaH264HPMPDecTFilter" "Nokia" "c:\program files (x86)\common files\nokia\codecs\nokiah264hpmpdectfilter.dll"
+ "Nokia MPEG4ASP Decoder Filter" "MPEG4ASP H263 Decoder Filter" "Nokia" "c:\program files (x86)\common files\nokia\codecs\nokiadecmp4asp_h263.dll"
+ "P3Audio" "PCube Audio Decoder Filter" "© MusicCity" "c:\windows\syswow64\muzdecode.ax"
+ "P3AudioEffect" "P3AudioEffect Filter" "© MUSICCITY" "c:\windows\syswow64\muzeffect.ax"
+ "P3MP4Splitter" "P3MP4Splitter Filter" "© MusicCity" "c:\windows\syswow64\muzmp4sp.ax"
+ "P3Sourcer" "AOD Sourcer Filter" "Musiccity Co.Ltd." "c:\windows\syswow64\muzaf1.dll"
+ "P3WMTSplitter" "P3WMTSplitter Filter" " © MusicCity" "c:\windows\syswow64\muzwmts.dll"
+ "psWav Dest" "Canon Utilities Support Library" "Canon Inc." "c:\program files (x86)\canon\camerawindow\mycamera\pswavdes.ax"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SelfMusicVideo Dump Filter" "SelfMusicVideo Dump Filter (DShow)" "ENJsoft Corporation" "c:\program files (x86)\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "SpatialStereo Filter" "" "" "c:\windows\syswow64\3daudio.ax"
+ "Track1Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 6.0\track1filter.dll"
+ "Track2Filter" "" "" "c:\program files (x86)\adobe\photoshop elements 6.0\track2filter.dll"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\program files (x86)\myfree codec\1.0b beta\xvid-core\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "MWTSP" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [TCP/IP]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [TCP/IPv6]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [UDP/IP]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [UDP/IPv6]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "MWTSP" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [TCP/IP]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [TCP/IPv6]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [UDP/IP]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
+ "MWTSP MSAFD Tcpip [UDP/IPv6]" "MWL - Transport Service Provider (TSP)" "MicroWorld Technologies Inc." "c:\windows\system32\mwtsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP Standard TCP/IP Port" "Standard TCP/IP Port Monitor DLL" "Hewlett Packard" "c:\windows\system32\hptcpmon.dll"
+ "PCL hpz3lwn7" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3lwn7.dll"
+ "PDF995 Monitor" "" "" "c:\windows\system32\pdf995mon64.dll"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 27 November 2012 - 12:34 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#12 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 27 November 2012 - 04:41 PM

So....I obviously didn't nail it anywhere near completion! LOL.

THANK YOU VERY VERY MUCH!!!!!!

So much work, I'm sorry I caused it.

Very Very Best Regards,

Andrew. :bowdown:

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 27 November 2012 - 09:21 PM

You're most welcome :)

#14 fixit9660

fixit9660
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somerset, UK
  • Local time:06:27 AM

Posted 02 December 2012 - 07:54 AM

Did we miss something?

I've just run MSE for the first time after the last email and it says it's found and Quarantined Worm:Win32/Gamarue.I in:

Items:
file:C:\Program Files (x86)\eScan\INFECTED\{0FDB563B-42B1-4C19-A27F-188878E04994}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{1E228550-D499-47DE-BDAB-F55DA99E4F0B}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{577169C1-8219-40E1-9AD8-372D012A2ED2}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{68AB3734-B477-4821-AEB5-884804DB66CF}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{6A14D855-3D8B-49B1-8B86-1312E98D2E31}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{8986C821-070F-4226-8110-98442AF422EF}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{9C9E0F67-79ED-40A3-86D4-0E1E4BB97AC8}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{AAF76F1E-01BB-4313-9F49-D5CA02A774D1}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{B7C1B589-6053-43C0-B5E0-95C105D504DA}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{D270A9E1-FC7F-43B0-AFC5-DE9867DA91A1}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{D5CBA2E2-EBB2-46DC-9E16-0421E9314916}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{DDA1CDBD-32C6-4F96-81BE-4E495D4910A6}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{E0499277-602F-4D38-9479-FCEC49A937D5}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{E2356D2C-9873-47A4-9E73-B43A35F09169}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{E2591EFA-DA37-414C-B03E-232A820200A8}.Vir
file:C:\Program Files (x86)\eScan\INFECTED\{E95E1384-6754-4F92-9ADF-74957E012474}.Vir

eScan is my paid-for AV software.

Whilst I'm typing this eScan has alerted that adwarecleaner is infected wit a "Generic..." (something sorry I missed the message, it was too quick)

I ran MWAR which found nothing.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: ANDREW-PC [administrator]

02/12/2012 10:27:19
mbam-log-2012-12-02 (10-27-19).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 466549
Time elapsed: 2 hour(s), 13 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I relly hope this is a false alarm because I connected up a NAS since.


Best regards,

Andy a.k.a fixit9660.

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:27 AM

Posted 02 December 2012 - 11:08 AM

Microsoft security essentials is detecting items quarantined by another antivirus software.

Adware cleaner and junkware tools sometimes get detected as infections but they are false positives.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users