Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Funky Process


  • Please log in to reply
9 replies to this topic

#1 tunnel_rat

tunnel_rat

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 26 December 2012 - 01:06 PM

Hello and thank you for having a wonderful help site!
So I use a CPU usage and temp tool, and lately I have noticed my CPU at 100% and temps at critical levels.

So I did the usual, I opened task manager and see what is using my resources.
for a instant a process is visible then it ends on its own,
and then system temp and CPU usage return to normal. :)

BUT... When I close task manager the temps and CPU usage rocket back to 100%

For now, I am just keeping task manager open to stop this.

There is not much stopping me from doing a full re-install of win7 64bit and wiping the drive and starting over
the system is just a spare rig and it just has a few old games installed and I am keeping them just for sentimental reasons :)
The system also has Microsoft security essentials on it and full scans don't clean it.
I can run any thing you need, I can even mail you the hard drive if it would help :)
Need to squash this bug, not just for me, need to have it marked so it is found by other antivirus programs if possible.

Thank you for your time I am east coast and online 9am till noon

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:09 AM

Posted 26 December 2012 - 10:44 PM

Hello, do you know the process name?

Please run these...
MiniToolBox
Please download MiniToolBox

, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note:
When using "Reset FF Proxy Settings" option Firefox should be closed



Please Download TDSSkiller


Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



ADW Cleaner

Please download

AdwCleaner
by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 tunnel_rat

tunnel_rat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 28 December 2012 - 12:57 AM

Thank you for helping me.
This issue more of a curiosity, than a nuisance. As the system will be wiped and gifted to my GF son.
I have the computer powered down and in another room in case the virus is airborne :)
Internet has been unplugged from it since infection, I can enable it if needed.
the process was igfxsys.exe or something similar

you did say post here right ?


START
***********************
MiniToolBox Result.txt
***********************

MiniToolBox by Farbar Version: 25-11-2012
Ran by John (administrator) on 28-12-2012 at 00:11:21
Running from "C:\Users\John\Desktop\apps"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



127.0.0.1 static3.cdn.ubi.com
127.0.0.1 ubisoft-orbit.s3.amazonaws.com
127.0.0.1 onlineconfigservice.ubi.com
127.0.0.1 orbitservice.ubi.com
127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com

========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Road Runner (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="RoadRunner" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Road Runner" address=192.168.100.3 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : PC680i
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
System Quarantine State . . . . . : Not Restricted


Ethernet adapter Road Runner:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller #3
Physical Address. . . . . . . . . : 40-61-86-4F-39-EE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable Microsoft 6To4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...40 61 86 4f 39 ee ......NVIDIA nForce Networking Controller #3
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/26/2012 01:33:39 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-735508875-1056305885-3542876551-1020.bak). hr = 0x80070539, The security ID structure is invalid.
.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e9fc5794-223d-4eed-9e8a-27d08fb971e6}

Error: (12/26/2012 11:06:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/13/2012 07:15:08 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/13/2012 02:55:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/13/2012 02:55:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (12/28/2012 00:09:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 00:09:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 00:09:37 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 00:09:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (12/28/2012 00:09:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (12/28/2012 00:09:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (12/28/2012 00:09:35 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (12/28/2012 00:07:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 00:07:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY51

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/28/2012 00:07:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.141.1759.0

Update Source: %NT AUTHORITY59

Update Stage: 4.1.0522.00

Source Path: 4.1.0522.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (12/26/2012 01:33:39 PM) (Source: VSS)(User: )
Description: ConvertStringSidToSid(S-1-5-21-735508875-1056305885-3542876551-1020.bak)0x80070539, The security ID structure is invalid.


Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {e9fc5794-223d-4eed-9e8a-27d08fb971e6}

Error: (12/26/2012 11:06:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\$Recycle.Bin\S-1-5-21-735508875-1056305885-3542876551-1010\$R4F9XXW.exe

Error: (12/13/2012 07:15:08 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\John\Downloads\SoftonicDownloader_for_visual-bcd-editor.exe

Error: (12/13/2012 02:55:34 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\John\Downloads\SoftonicDownloader_for_visual-bcd-editor.exe

Error: (12/13/2012 02:55:05 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\John\Downloads\SoftonicDownloader_for_visual-bcd-editor.exe

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2012 03:02:03 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer


CodeIntegrity Errors:
===================================
Date: 2012-12-28 00:09:09.859
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-28 00:09:09.828
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-27 23:56:46.468
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-27 23:56:46.453
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-26 12:33:50.750
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-26 12:33:50.718
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-26 10:56:03.906
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-26 10:56:03.890
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-14 14:42:39.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-14 14:42:39.250
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\UltraISO\drivers\ISODrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

3DMark06 (Version: 1.2.0)
AC3Filter 1.62b (Version: 1.62b)
Adobe Reader XI (Version: 11.0.00)
AnalogX PacketMon
BitTorrent (Version: 7.2.1)
Call of Duty Black Ops 2 (Version: 1.0)
Canon MG2100 series MP Drivers
CCleaner (Version: 3.24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Core Temp 1.0 RC4 (Version: 1.0)
Coupon Printer for Windows (Version: 5.0.0.2)
CPUID HWMonitor 1.16
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.6.1.22)
Driver Sweeper version 3.2.0 (Version: 3.2.0)
EasyBCD 2.2 (Version: 2.2)
eReg (Version: 1.20.138.34)
Fallout New Vegas
Futuremark SystemInfo (Version: 3.21.2.1)
Google Chrome (Version: 23.0.1271.97)
Google Update Helper (Version: 1.3.21.123)
HGTV Home & Landscape Platinum Suite (Version: 12.01)
ieSpell (Version: 2.6.4 (build 573))
Internet TV for Windows Media Center (Version: 4.2.2.0)
Java Auto Updater (Version: 2.0.6.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliType Pro 7.1 (Version: 7.10.344.0)
Microsoft Office 2000 SR-1 Disc 2 (Version: 9.00.3821)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office XP Professional (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MiniTool Partition Wizard Home Edition 6.0
MiniTool Partition Wizard Home Edition 7.0
MiniTool Power Data Recovery
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 275.33 (Version: 275.33)
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenAL
Origin (Version: 8.2.1.458)
Pando Media Booster (Version: 2.6.0.8)
Partition Wizard Home Edition 5.0
QuickTime (Version: 7.69.80.9)
QwiklinxForChrome (Version: 1.2.0.650)
Ray Adams NVIDIA BIOS Editor
Razer Synapse 2.0 (Version: 1.6.1.1)
Realtek High Definition Audio Driver (Version: 6.0.1.6410)
RoE Power Tools (Version: 0.1)
Star Wars Galaxies
Star Wars® Knights of the Old Republic® II: The Sith Lords™ (Version: 1.00.0000)
Station Launcher (Version: 1.01.9000)
Steam (Version: 1.0.0.0)
TechPowerUp GPU-Z
The Lord of the Rings Online™ v03.08.00.8025 (Version: 03.08.00.8025)
Ubisoft Game Launcher (Version: 1.0.0.0)
UltraISO Premium V8.51
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Visual BCD (Version: 0.9)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
WinRAR archiver
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 18%
Total physical RAM: 8191.23 MB
Available physical RAM: 6708.01 MB
Total Pagefile: 16380.64 MB
Available Pagefile: 14902.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.78 MB

========================= Partitions: =====================================

1 Drive c: (Main) (Fixed) (Total:297.99 GB) (Free:100.31 GB) NTFS
4 Drive h: (USB DISK) (Removable) (Total:3.77 GB) (Free:2.9 GB) FAT32

========================= Users: ========================================

User accounts for \\PC680I

Administrator ASPNET Candi
CleverCandi fixit Guest
John ryan UpdatusUser


**** End of log ****
****************************
TDSkiller log.txt
***************************

00:20:35.0078 47856 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:20:35.0093 47856 ============================================================
00:20:35.0093 47856 Current date / time: 2012/12/28 00:20:35.0093
00:20:35.0093 47856 SystemInfo:
00:20:35.0093 47856
00:20:35.0093 47856 OS Version: 6.1.7601 ServicePack: 1.0
00:20:35.0093 47856 Product type: Workstation
00:20:35.0093 47856 ComputerName: PC680I
00:20:35.0093 47856 UserName: John
00:20:35.0093 47856 Windows directory: C:\Windows
00:20:35.0093 47856 System windows directory: C:\Windows
00:20:35.0093 47856 Running under WOW64
00:20:35.0093 47856 Processor architecture: Intel x64
00:20:35.0093 47856 Number of processors: 4
00:20:35.0093 47856 Page size: 0x1000
00:20:35.0093 47856 Boot type: Normal boot
00:20:35.0093 47856 ============================================================
00:20:36.0328 47856 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
00:20:36.0328 47856 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:20:36.0343 47856 Drive \Device\Harddisk2\DR2 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:20:36.0343 47856 ============================================================
00:20:36.0343 47856 \Device\Harddisk0\DR0:
00:20:36.0343 47856 MBR partitions:
00:20:36.0343 47856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:20:36.0343 47856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FBEC0
00:20:36.0343 47856 \Device\Harddisk1\DR1:
00:20:36.0343 47856 MBR partitions:
00:20:36.0343 47856 \Device\Harddisk2\DR2:
00:20:36.0343 47856 MBR partitions:
00:20:36.0343 47856 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x78BFC1
00:20:36.0343 47856 ============================================================
00:20:36.0359 47856 C: <-> \Device\Harddisk0\DR0\Partition2
00:20:36.0359 47856 ============================================================
00:20:36.0359 47856 Initialize success
00:20:36.0359 47856 ============================================================
00:20:57.0062 48652 ============================================================
00:20:57.0062 48652 Scan started
00:20:57.0062 48652 Mode: Manual; TDLFS;
00:20:57.0062 48652 ============================================================
00:20:57.0343 48652 ================ Scan system memory ========================
00:20:57.0343 48652 System memory - ok
00:20:57.0359 48652 ================ Scan services =============================
00:20:57.0484 48652 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
00:20:57.0484 48652 1394ohci - ok
00:20:57.0531 48652 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:20:57.0531 48652 ACPI - ok
00:20:57.0562 48652 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:20:57.0562 48652 AcpiPmi - ok
00:20:57.0656 48652 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:20:57.0703 48652 AdobeARMservice - ok
00:20:57.0828 48652 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:20:57.0828 48652 AdobeFlashPlayerUpdateSvc - ok
00:20:57.0875 48652 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:20:57.0875 48652 adp94xx - ok
00:20:57.0921 48652 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:20:57.0921 48652 adpahci - ok
00:20:57.0937 48652 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:20:57.0937 48652 adpu320 - ok
00:20:57.0968 48652 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:20:57.0968 48652 AeLookupSvc - ok
00:20:58.0015 48652 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:20:58.0015 48652 AFD - ok
00:20:58.0046 48652 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:20:58.0046 48652 agp440 - ok
00:20:58.0062 48652 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:20:58.0078 48652 ALG - ok
00:20:58.0109 48652 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:20:58.0109 48652 aliide - ok
00:20:58.0203 48652 ALSysIO - ok
00:20:58.0218 48652 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:20:58.0218 48652 amdide - ok
00:20:58.0250 48652 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:20:58.0250 48652 AmdK8 - ok
00:20:58.0265 48652 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:20:58.0265 48652 AmdPPM - ok
00:20:58.0281 48652 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:20:58.0296 48652 amdsata - ok
00:20:58.0328 48652 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:20:58.0328 48652 amdsbs - ok
00:20:58.0343 48652 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:20:58.0343 48652 amdxata - ok
00:20:58.0406 48652 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
00:20:58.0421 48652 AppHostSvc - ok
00:20:58.0484 48652 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:20:58.0484 48652 AppID - ok
00:20:58.0500 48652 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:20:58.0500 48652 AppIDSvc - ok
00:20:58.0546 48652 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:20:58.0546 48652 Appinfo - ok
00:20:58.0593 48652 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
00:20:58.0593 48652 AppMgmt - ok
00:20:58.0625 48652 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:20:58.0625 48652 arc - ok
00:20:58.0625 48652 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:20:58.0640 48652 arcsas - ok
00:20:58.0671 48652 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:20:58.0671 48652 AsyncMac - ok
00:20:58.0703 48652 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:20:58.0703 48652 atapi - ok
00:20:58.0750 48652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:20:58.0750 48652 AudioEndpointBuilder - ok
00:20:58.0765 48652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:20:58.0765 48652 AudioSrv - ok
00:20:58.0828 48652 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:20:58.0843 48652 AxInstSV - ok
00:20:58.0875 48652 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:20:58.0875 48652 b06bdrv - ok
00:20:58.0906 48652 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:20:58.0906 48652 b57nd60a - ok
00:20:58.0937 48652 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:20:58.0937 48652 BDESVC - ok
00:20:58.0984 48652 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:20:58.0984 48652 Beep - ok
00:20:59.0046 48652 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:20:59.0062 48652 BFE - ok
00:20:59.0093 48652 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:20:59.0109 48652 BITS - ok
00:20:59.0125 48652 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:20:59.0140 48652 blbdrive - ok
00:20:59.0156 48652 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:20:59.0156 48652 bowser - ok
00:20:59.0171 48652 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:20:59.0187 48652 BrFiltLo - ok
00:20:59.0187 48652 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:20:59.0187 48652 BrFiltUp - ok
00:20:59.0234 48652 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:20:59.0234 48652 Browser - ok
00:20:59.0250 48652 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:20:59.0250 48652 Brserid - ok
00:20:59.0265 48652 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:20:59.0265 48652 BrSerWdm - ok
00:20:59.0296 48652 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:20:59.0296 48652 BrUsbMdm - ok
00:20:59.0312 48652 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:20:59.0312 48652 BrUsbSer - ok
00:20:59.0312 48652 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:20:59.0328 48652 BTHMODEM - ok
00:20:59.0343 48652 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:20:59.0343 48652 bthserv - ok
00:20:59.0359 48652 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:20:59.0359 48652 cdfs - ok
00:20:59.0390 48652 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:20:59.0390 48652 cdrom - ok
00:20:59.0453 48652 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:20:59.0453 48652 CertPropSvc - ok
00:20:59.0468 48652 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:20:59.0468 48652 circlass - ok
00:20:59.0531 48652 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
00:20:59.0531 48652 CISVC - ok
00:20:59.0578 48652 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:20:59.0578 48652 CLFS - ok
00:20:59.0625 48652 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:20:59.0625 48652 clr_optimization_v2.0.50727_32 - ok
00:20:59.0656 48652 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:20:59.0656 48652 clr_optimization_v2.0.50727_64 - ok
00:20:59.0718 48652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:20:59.0718 48652 clr_optimization_v4.0.30319_32 - ok
00:20:59.0750 48652 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:20:59.0765 48652 clr_optimization_v4.0.30319_64 - ok
00:20:59.0796 48652 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:20:59.0796 48652 CmBatt - ok
00:20:59.0812 48652 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:20:59.0812 48652 cmdide - ok
00:20:59.0859 48652 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
00:20:59.0859 48652 CNG - ok
00:20:59.0875 48652 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:20:59.0875 48652 Compbatt - ok
00:20:59.0906 48652 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:20:59.0906 48652 CompositeBus - ok
00:20:59.0921 48652 COMSysApp - ok
00:20:59.0953 48652 cpuz130 - ok
00:21:00.0031 48652 [ 95C88D25E211A4D52A82C53E5D93E634 ] cpuz133 C:\Windows\system32\drivers\cpuz133_x64.sys
00:21:00.0046 48652 cpuz133 - ok
00:21:00.0078 48652 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:21:00.0078 48652 crcdisk - ok
00:21:00.0125 48652 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:21:00.0125 48652 CryptSvc - ok
00:21:00.0171 48652 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
00:21:00.0171 48652 CSC - ok
00:21:00.0203 48652 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
00:21:00.0203 48652 CscService - ok
00:21:00.0218 48652 CT20XUT - ok
00:21:00.0234 48652 CT20XUT.SYS - ok
00:21:00.0250 48652 ctac32k - ok
00:21:00.0250 48652 ctaud2k - ok
00:21:00.0250 48652 CTEXFIFX - ok
00:21:00.0250 48652 CTEXFIFX.SYS - ok
00:21:00.0265 48652 CTHWIUT - ok
00:21:00.0265 48652 CTHWIUT.SYS - ok
00:21:00.0281 48652 ctprxy2k - ok
00:21:00.0281 48652 ctsfm2k - ok
00:21:00.0343 48652 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:21:00.0359 48652 DcomLaunch - ok
00:21:00.0406 48652 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:21:00.0406 48652 defragsvc - ok
00:21:00.0437 48652 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:21:00.0437 48652 DfsC - ok
00:21:00.0500 48652 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:21:00.0515 48652 Dhcp - ok
00:21:00.0546 48652 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:21:00.0546 48652 discache - ok
00:21:00.0578 48652 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:21:00.0578 48652 Disk - ok
00:21:00.0609 48652 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:21:00.0609 48652 Dnscache - ok
00:21:00.0671 48652 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:21:00.0671 48652 dot3svc - ok
00:21:00.0718 48652 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:21:00.0718 48652 DPS - ok
00:21:00.0750 48652 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:21:00.0750 48652 drmkaud - ok
00:21:00.0812 48652 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:21:00.0812 48652 DXGKrnl - ok
00:21:00.0843 48652 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:21:00.0843 48652 EapHost - ok
00:21:00.0921 48652 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:21:00.0968 48652 ebdrv - ok
00:21:01.0000 48652 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:21:01.0000 48652 EFS - ok
00:21:01.0046 48652 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:21:01.0062 48652 ehRecvr - ok
00:21:01.0093 48652 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:21:01.0093 48652 ehSched - ok
00:21:01.0125 48652 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:21:01.0125 48652 elxstor - ok
00:21:01.0156 48652 [ C26133B6165928FBD156C6FE570F9ED2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
00:21:01.0156 48652 emupia - ok
00:21:01.0187 48652 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:21:01.0203 48652 ErrDev - ok
00:21:01.0234 48652 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:21:01.0234 48652 EventSystem - ok
00:21:01.0281 48652 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:21:01.0281 48652 exfat - ok
00:21:01.0296 48652 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:21:01.0296 48652 fastfat - ok
00:21:01.0375 48652 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:21:01.0375 48652 Fax - ok
00:21:01.0406 48652 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:21:01.0406 48652 fdc - ok
00:21:01.0421 48652 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:21:01.0421 48652 fdPHost - ok
00:21:01.0437 48652 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:21:01.0437 48652 FDResPub - ok
00:21:01.0453 48652 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:21:01.0453 48652 FileInfo - ok
00:21:01.0468 48652 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:21:01.0468 48652 Filetrace - ok
00:21:01.0500 48652 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:21:01.0500 48652 flpydisk - ok
00:21:01.0515 48652 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:21:01.0515 48652 FltMgr - ok
00:21:01.0578 48652 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:21:01.0593 48652 FontCache - ok
00:21:01.0671 48652 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:21:01.0671 48652 FontCache3.0.0.0 - ok
00:21:01.0687 48652 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:21:01.0687 48652 FsDepends - ok
00:21:01.0718 48652 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:21:01.0718 48652 Fs_Rec - ok
00:21:01.0750 48652 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:21:01.0750 48652 fvevol - ok
00:21:01.0781 48652 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:21:01.0781 48652 gagp30kx - ok
00:21:01.0843 48652 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:21:01.0843 48652 gpsvc - ok
00:21:01.0937 48652 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:21:01.0937 48652 gupdate - ok
00:21:01.0953 48652 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:21:01.0953 48652 gupdatem - ok
00:21:02.0015 48652 [ A3F010D5DBFB589A3B3288C05C2EA3F9 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
00:21:02.0031 48652 ha20x2k - ok
00:21:02.0062 48652 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:21:02.0078 48652 hcw85cir - ok
00:21:02.0125 48652 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:21:02.0125 48652 HdAudAddService - ok
00:21:02.0171 48652 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:21:02.0171 48652 HDAudBus - ok
00:21:02.0187 48652 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:21:02.0187 48652 HidBatt - ok
00:21:02.0203 48652 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:21:02.0203 48652 HidBth - ok
00:21:02.0203 48652 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:21:02.0218 48652 HidIr - ok
00:21:02.0234 48652 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:21:02.0234 48652 hidserv - ok
00:21:02.0265 48652 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:21:02.0281 48652 HidUsb - ok
00:21:02.0312 48652 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:21:02.0312 48652 hkmsvc - ok
00:21:02.0359 48652 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:21:02.0375 48652 HomeGroupListener - ok
00:21:02.0406 48652 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:21:02.0406 48652 HomeGroupProvider - ok
00:21:02.0437 48652 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:21:02.0437 48652 HpSAMD - ok
00:21:02.0500 48652 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:21:02.0515 48652 HTTP - ok
00:21:02.0546 48652 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:21:02.0546 48652 hwpolicy - ok
00:21:02.0593 48652 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:21:02.0593 48652 i8042prt - ok
00:21:02.0625 48652 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:21:02.0640 48652 iaStorV - ok
00:21:02.0718 48652 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:21:02.0718 48652 IDriverT - ok
00:21:02.0812 48652 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:21:02.0828 48652 idsvc - ok
00:21:02.0859 48652 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:21:02.0859 48652 iirsp - ok
00:21:02.0906 48652 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:21:02.0921 48652 IKEEXT - ok
00:21:03.0046 48652 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:21:03.0062 48652 IntcAzAudAddService - ok
00:21:03.0062 48652 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:21:03.0062 48652 intelide - ok
00:21:03.0109 48652 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:21:03.0109 48652 intelppm - ok
00:21:03.0125 48652 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:21:03.0140 48652 IPBusEnum - ok
00:21:03.0171 48652 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:21:03.0171 48652 IpFilterDriver - ok
00:21:03.0234 48652 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:21:03.0250 48652 iphlpsvc - ok
00:21:03.0265 48652 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:21:03.0265 48652 IPMIDRV - ok
00:21:03.0281 48652 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:21:03.0281 48652 IPNAT - ok
00:21:03.0312 48652 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:21:03.0312 48652 IRENUM - ok
00:21:03.0343 48652 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:21:03.0343 48652 isapnp - ok
00:21:03.0375 48652 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:21:03.0375 48652 iScsiPrt - ok
00:21:03.0421 48652 [ 2F57CF134268B4B603F0D5AB7513A75E ] ISODrive C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
00:21:03.0453 48652 ISODrive - ok
00:21:03.0484 48652 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:21:03.0484 48652 kbdclass - ok
00:21:03.0500 48652 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:21:03.0500 48652 kbdhid - ok
00:21:03.0515 48652 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:21:03.0515 48652 KeyIso - ok
00:21:03.0562 48652 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:21:03.0562 48652 KSecDD - ok
00:21:03.0593 48652 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:21:03.0593 48652 KSecPkg - ok
00:21:03.0609 48652 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:21:03.0609 48652 ksthunk - ok
00:21:03.0656 48652 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:21:03.0656 48652 KtmRm - ok
00:21:03.0703 48652 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:21:03.0703 48652 LanmanServer - ok
00:21:03.0750 48652 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:21:03.0750 48652 LanmanWorkstation - ok
00:21:03.0812 48652 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:21:03.0812 48652 LHidFilt - ok
00:21:03.0843 48652 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:21:03.0843 48652 lltdio - ok
00:21:03.0875 48652 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:21:03.0875 48652 lltdsvc - ok
00:21:03.0890 48652 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:21:03.0890 48652 lmhosts - ok
00:21:03.0921 48652 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:21:03.0921 48652 LMouFilt - ok
00:21:03.0953 48652 [ 5DCD36FC4A6ECBF6E7F9B3BF7E0D0F55 ] LPDSVC C:\Windows\system32\lpdsvc.dll
00:21:03.0968 48652 LPDSVC - ok
00:21:04.0015 48652 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:21:04.0015 48652 LSI_FC - ok
00:21:04.0031 48652 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:21:04.0031 48652 LSI_SAS - ok
00:21:04.0062 48652 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:21:04.0062 48652 LSI_SAS2 - ok
00:21:04.0093 48652 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:21:04.0093 48652 LSI_SCSI - ok
00:21:04.0125 48652 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:21:04.0140 48652 luafv - ok
00:21:04.0187 48652 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
00:21:04.0187 48652 LUsbFilt - ok
00:21:04.0250 48652 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:21:04.0250 48652 Mcx2Svc - ok
00:21:04.0265 48652 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:21:04.0265 48652 megasas - ok
00:21:04.0296 48652 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:21:04.0296 48652 MegaSR - ok
00:21:04.0328 48652 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:21:04.0328 48652 MMCSS - ok
00:21:04.0343 48652 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:21:04.0343 48652 Modem - ok
00:21:04.0390 48652 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:21:04.0390 48652 monitor - ok
00:21:04.0421 48652 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:21:04.0437 48652 mouclass - ok
00:21:04.0484 48652 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:21:04.0500 48652 mouhid - ok
00:21:04.0531 48652 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:21:04.0531 48652 mountmgr - ok
00:21:04.0578 48652 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:21:04.0593 48652 MpFilter - ok
00:21:04.0609 48652 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:21:04.0625 48652 mpio - ok
00:21:04.0640 48652 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:21:04.0640 48652 mpsdrv - ok
00:21:04.0703 48652 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:21:04.0703 48652 MpsSvc - ok
00:21:04.0750 48652 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:21:04.0750 48652 MRxDAV - ok
00:21:04.0796 48652 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:21:04.0796 48652 mrxsmb - ok
00:21:04.0828 48652 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:21:04.0828 48652 mrxsmb10 - ok
00:21:04.0859 48652 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:21:04.0859 48652 mrxsmb20 - ok
00:21:04.0890 48652 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:21:04.0890 48652 msahci - ok
00:21:04.0921 48652 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:21:04.0921 48652 msdsm - ok
00:21:04.0953 48652 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:21:04.0953 48652 MSDTC - ok
00:21:05.0000 48652 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:21:05.0000 48652 Msfs - ok
00:21:05.0031 48652 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:21:05.0031 48652 mshidkmdf - ok
00:21:05.0046 48652 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:21:05.0046 48652 msisadrv - ok
00:21:05.0093 48652 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:21:05.0109 48652 MSiSCSI - ok
00:21:05.0109 48652 msiserver - ok
00:21:05.0125 48652 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:21:05.0125 48652 MSKSSRV - ok
00:21:05.0203 48652 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:21:05.0203 48652 MsMpSvc - ok
00:21:05.0234 48652 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:21:05.0234 48652 MSPCLOCK - ok
00:21:05.0250 48652 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:21:05.0250 48652 MSPQM - ok
00:21:05.0296 48652 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:21:05.0296 48652 MsRPC - ok
00:21:05.0328 48652 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:21:05.0328 48652 mssmbios - ok
00:21:05.0343 48652 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:21:05.0343 48652 MSTEE - ok
00:21:05.0375 48652 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:21:05.0375 48652 MTConfig - ok
00:21:05.0406 48652 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
00:21:05.0406 48652 MTsensor - ok
00:21:05.0421 48652 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:21:05.0421 48652 Mup - ok
00:21:05.0468 48652 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:21:05.0468 48652 napagent - ok
00:21:05.0531 48652 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:21:05.0531 48652 NativeWifiP - ok
00:21:05.0578 48652 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:21:05.0593 48652 NDIS - ok
00:21:05.0609 48652 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:21:05.0609 48652 NdisCap - ok
00:21:05.0625 48652 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:21:05.0640 48652 NdisTapi - ok
00:21:05.0671 48652 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:21:05.0671 48652 Ndisuio - ok
00:21:05.0703 48652 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:21:05.0718 48652 NdisWan - ok
00:21:05.0750 48652 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:21:05.0750 48652 NDProxy - ok
00:21:05.0765 48652 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:21:05.0765 48652 NetBIOS - ok
00:21:05.0812 48652 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:21:05.0812 48652 NetBT - ok
00:21:05.0828 48652 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:21:05.0828 48652 Netlogon - ok
00:21:05.0859 48652 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:21:05.0859 48652 Netman - ok
00:21:05.0906 48652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:21:05.0906 48652 NetMsmqActivator - ok
00:21:05.0937 48652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:21:05.0937 48652 NetPipeActivator - ok
00:21:05.0953 48652 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:21:05.0953 48652 netprofm - ok
00:21:05.0968 48652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:21:05.0968 48652 NetTcpActivator - ok
00:21:05.0968 48652 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:21:05.0968 48652 NetTcpPortSharing - ok
00:21:05.0984 48652 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:21:05.0984 48652 nfrd960 - ok
00:21:06.0031 48652 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:21:06.0031 48652 NisDrv - ok
00:21:06.0062 48652 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
00:21:06.0078 48652 NisSrv - ok
00:21:06.0125 48652 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:21:06.0125 48652 NlaSvc - ok
00:21:06.0140 48652 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:21:06.0140 48652 Npfs - ok
00:21:06.0156 48652 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:21:06.0156 48652 nsi - ok
00:21:06.0171 48652 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:21:06.0171 48652 nsiproxy - ok
00:21:06.0234 48652 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:21:06.0250 48652 Ntfs - ok
00:21:06.0312 48652 nTuneService - ok
00:21:06.0343 48652 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:21:06.0343 48652 Null - ok
00:21:06.0375 48652 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
00:21:06.0375 48652 NVENETFD - ok
00:21:06.0390 48652 NVHDA - ok
00:21:06.0718 48652 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:21:06.0796 48652 nvlddmkm - ok
00:21:06.0843 48652 [ 241A095631570A9CEF4F126C87605C60 ] NVR0Dev C:\Windows\nvoclk64.sys
00:21:06.0843 48652 NVR0Dev - ok
00:21:06.0875 48652 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:21:06.0875 48652 nvraid - ok
00:21:06.0890 48652 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:21:06.0890 48652 nvstor - ok
00:21:06.0953 48652 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
00:21:06.0968 48652 nvsvc - ok
00:21:06.0984 48652 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:21:06.0984 48652 nv_agp - ok
00:21:07.0015 48652 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:21:07.0015 48652 ohci1394 - ok
00:21:07.0015 48652 ossrv - ok
00:21:07.0046 48652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:21:07.0062 48652 p2pimsvc - ok
00:21:07.0093 48652 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:21:07.0093 48652 p2psvc - ok
00:21:07.0125 48652 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:21:07.0125 48652 Parport - ok
00:21:07.0140 48652 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:21:07.0140 48652 partmgr - ok
00:21:07.0171 48652 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:21:07.0171 48652 PcaSvc - ok
00:21:07.0187 48652 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:21:07.0187 48652 pci - ok
00:21:07.0203 48652 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:21:07.0203 48652 pciide - ok
00:21:07.0218 48652 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:21:07.0218 48652 pcmcia - ok
00:21:07.0250 48652 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:21:07.0250 48652 pcw - ok
00:21:07.0265 48652 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:21:07.0281 48652 PEAUTH - ok
00:21:07.0328 48652 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
00:21:07.0343 48652 PeerDistSvc - ok
00:21:07.0437 48652 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:21:07.0437 48652 PerfHost - ok
00:21:07.0484 48652 [ 7C0B34E30F62110CCEBC2F09BF79869C ] physX64 C:\Windows\system32\DRIVERS\physX64.sys
00:21:07.0484 48652 physX64 - ok
00:21:07.0546 48652 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:21:07.0562 48652 pla - ok
00:21:07.0609 48652 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:21:07.0625 48652 PlugPlay - ok
00:21:07.0640 48652 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:21:07.0640 48652 PNRPAutoReg - ok
00:21:07.0656 48652 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:21:07.0656 48652 PNRPsvc - ok
00:21:07.0703 48652 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:21:07.0718 48652 PolicyAgent - ok
00:21:07.0734 48652 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:21:07.0750 48652 Power - ok
00:21:07.0796 48652 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:21:07.0796 48652 PptpMiniport - ok
00:21:07.0796 48652 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:21:07.0796 48652 Processor - ok
00:21:07.0843 48652 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:21:07.0843 48652 ProfSvc - ok
00:21:07.0859 48652 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:21:07.0875 48652 ProtectedStorage - ok
00:21:07.0906 48652 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:21:07.0906 48652 Psched - ok
00:21:07.0984 48652 [ 595A22C4CCE855E72D475835F3DF2D53 ] pwdrvio C:\Windows\system32\pwdrvio.sys
00:21:08.0000 48652 pwdrvio - ok
00:21:08.0031 48652 [ 70EB529F6FEDAC79D0A8E3BB79999277 ] pwdspio C:\Windows\system32\pwdspio.sys
00:21:08.0046 48652 pwdspio - ok
00:21:08.0109 48652 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:21:08.0125 48652 ql2300 - ok
00:21:08.0140 48652 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:21:08.0140 48652 ql40xx - ok
00:21:08.0171 48652 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:21:08.0187 48652 QWAVE - ok
00:21:08.0187 48652 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:21:08.0187 48652 QWAVEdrv - ok
00:21:08.0203 48652 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:21:08.0203 48652 RasAcd - ok
00:21:08.0234 48652 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:21:08.0234 48652 RasAgileVpn - ok
00:21:08.0234 48652 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:21:08.0234 48652 RasAuto - ok
00:21:08.0281 48652 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:21:08.0281 48652 Rasl2tp - ok
00:21:08.0312 48652 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:21:08.0328 48652 RasMan - ok
00:21:08.0343 48652 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:21:08.0343 48652 RasPppoe - ok
00:21:08.0359 48652 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:21:08.0359 48652 RasSstp - ok
00:21:08.0406 48652 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:21:08.0406 48652 rdbss - ok
00:21:08.0421 48652 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:21:08.0421 48652 rdpbus - ok
00:21:08.0437 48652 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:21:08.0437 48652 RDPCDD - ok
00:21:08.0500 48652 [ BDF2DB2F19945AFAF102A2C03062EFB1 ] RDPDISPM C:\Windows\system32\DRIVERS\rdpdispm.sys
00:21:08.0500 48652 RDPDISPM - ok
00:21:08.0546 48652 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:21:08.0546 48652 RDPDR - ok
00:21:08.0546 48652 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:21:08.0546 48652 RDPENCDD - ok
00:21:08.0562 48652 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:21:08.0562 48652 RDPREFMP - ok
00:21:08.0593 48652 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:21:08.0593 48652 RdpVideoMiniport - ok
00:21:08.0625 48652 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:21:08.0625 48652 RDPWD - ok
00:21:08.0671 48652 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:21:08.0671 48652 rdyboost - ok
00:21:08.0703 48652 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:21:08.0703 48652 RemoteAccess - ok
00:21:08.0750 48652 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:21:08.0750 48652 RemoteRegistry - ok
00:21:08.0765 48652 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:21:08.0765 48652 RpcEptMapper - ok
00:21:08.0765 48652 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:21:08.0765 48652 RpcLocator - ok
00:21:08.0828 48652 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:21:08.0828 48652 RpcSs - ok
00:21:08.0859 48652 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:21:08.0859 48652 rspndr - ok
00:21:08.0906 48652 [ B047199A905DF30B69439C2703775978 ] rzudd C:\Windows\system32\DRIVERS\rzudd.sys
00:21:08.0906 48652 rzudd - ok
00:21:08.0937 48652 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
00:21:08.0937 48652 s3cap - ok
00:21:08.0937 48652 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:21:08.0937 48652 SamSs - ok
00:21:08.0968 48652 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:21:08.0968 48652 sbp2port - ok
00:21:08.0984 48652 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:21:09.0000 48652 SCardSvr - ok
00:21:09.0031 48652 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:21:09.0031 48652 scfilter - ok
00:21:09.0093 48652 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:21:09.0109 48652 Schedule - ok
00:21:09.0140 48652 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:21:09.0140 48652 SCPolicySvc - ok
00:21:09.0171 48652 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:21:09.0171 48652 SDRSVC - ok
00:21:09.0234 48652 [ EA0FD928C8B7635C5528F2D7B8419EF1 ] SearchIndexer C:\Windows\system32\SearchIndexer.dll
00:21:09.0265 48652 SearchIndexer - ok
00:21:09.0312 48652 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:21:09.0312 48652 secdrv - ok
00:21:09.0343 48652 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:21:09.0343 48652 seclogon - ok
00:21:09.0375 48652 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:21:09.0375 48652 SENS - ok
00:21:09.0390 48652 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:21:09.0390 48652 SensrSvc - ok
00:21:09.0406 48652 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:21:09.0406 48652 Serenum - ok
00:21:09.0421 48652 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:21:09.0421 48652 Serial - ok
00:21:09.0453 48652 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:21:09.0453 48652 sermouse - ok
00:21:09.0500 48652 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:21:09.0500 48652 SessionEnv - ok
00:21:09.0531 48652 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:21:09.0531 48652 sffdisk - ok
00:21:09.0546 48652 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:21:09.0546 48652 sffp_mmc - ok
00:21:09.0546 48652 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:21:09.0546 48652 sffp_sd - ok
00:21:09.0562 48652 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:21:09.0562 48652 sfloppy - ok
00:21:09.0593 48652 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:21:09.0609 48652 SharedAccess - ok
00:21:09.0640 48652 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:21:09.0656 48652 ShellHWDetection - ok
00:21:09.0671 48652 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:21:09.0671 48652 SiSRaid2 - ok
00:21:09.0703 48652 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:21:09.0703 48652 SiSRaid4 - ok
00:21:09.0734 48652 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:21:09.0734 48652 Smb - ok
00:21:09.0765 48652 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:21:09.0765 48652 SNMPTRAP - ok
00:21:09.0781 48652 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:21:09.0781 48652 spldr - ok
00:21:09.0828 48652 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:21:09.0828 48652 Spooler - ok
00:21:09.0921 48652 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:21:09.0968 48652 sppsvc - ok
00:21:09.0984 48652 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:21:09.0984 48652 sppuinotify - ok
00:21:10.0078 48652 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
00:21:10.0078 48652 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
00:21:10.0078 48652 sptd ( LockedFile.Multi.Generic ) - warning
00:21:10.0078 48652 sptd - detected LockedFile.Multi.Generic (1)
00:21:10.0109 48652 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:21:10.0125 48652 srv - ok
00:21:10.0140 48652 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:21:10.0140 48652 srv2 - ok
00:21:10.0171 48652 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:21:10.0187 48652 srvnet - ok
00:21:10.0218 48652 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:21:10.0218 48652 SSDPSRV - ok
00:21:10.0234 48652 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:21:10.0234 48652 SstpSvc - ok
00:21:10.0296 48652 Steam Client Service - ok
00:21:10.0312 48652 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:21:10.0312 48652 stexstor - ok
00:21:10.0375 48652 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:21:10.0390 48652 stisvc - ok
00:21:10.0406 48652 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:21:10.0406 48652 storflt - ok
00:21:10.0421 48652 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:21:10.0421 48652 storvsc - ok
00:21:10.0437 48652 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:21:10.0453 48652 swenum - ok
00:21:10.0500 48652 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:21:10.0515 48652 swprv - ok
00:21:10.0593 48652 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:21:10.0609 48652 SysMain - ok
00:21:10.0640 48652 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:21:10.0656 48652 TabletInputService - ok
00:21:10.0671 48652 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:21:10.0671 48652 TapiSrv - ok
00:21:10.0687 48652 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:21:10.0687 48652 TBS - ok
00:21:10.0750 48652 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:21:10.0781 48652 Tcpip - ok
00:21:10.0812 48652 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:21:10.0828 48652 TCPIP6 - ok
00:21:10.0843 48652 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:21:10.0843 48652 tcpipreg - ok
00:21:10.0859 48652 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:21:10.0859 48652 TDPIPE - ok
00:21:10.0906 48652 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:21:10.0906 48652 TDTCP - ok
00:21:10.0937 48652 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:21:10.0937 48652 tdx - ok
00:21:10.0968 48652 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:21:10.0968 48652 TermDD - ok
00:21:11.0000 48652 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:21:11.0000 48652 TermService - ok
00:21:11.0031 48652 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:21:11.0031 48652 Themes - ok
00:21:11.0062 48652 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:21:11.0062 48652 THREADORDER - ok
00:21:11.0078 48652 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:21:11.0078 48652 TrkWks - ok
00:21:11.0109 48652 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:21:11.0109 48652 TrustedInstaller - ok
00:21:11.0140 48652 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:21:11.0140 48652 tssecsrv - ok
00:21:11.0171 48652 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:21:11.0171 48652 TsUsbFlt - ok
00:21:11.0218 48652 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:21:11.0218 48652 tunnel - ok
00:21:11.0250 48652 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:21:11.0250 48652 uagp35 - ok
00:21:11.0296 48652 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:21:11.0296 48652 udfs - ok
00:21:11.0328 48652 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:21:11.0328 48652 UI0Detect - ok
00:21:11.0359 48652 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:21:11.0359 48652 uliagpkx - ok
00:21:11.0375 48652 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:21:11.0375 48652 umbus - ok
00:21:11.0390 48652 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:21:11.0390 48652 UmPass - ok
00:21:11.0421 48652 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
00:21:11.0437 48652 UmRdpService - ok
00:21:11.0453 48652 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:21:11.0468 48652 upnphost - ok
00:21:11.0500 48652 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:21:11.0500 48652 usbaudio - ok
00:21:11.0531 48652 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:21:11.0531 48652 usbccgp - ok
00:21:11.0562 48652 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:21:11.0562 48652 usbcir - ok
00:21:11.0609 48652 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:21:11.0609 48652 usbehci - ok
00:21:11.0656 48652 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:21:11.0671 48652 usbhub - ok
00:21:11.0687 48652 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:21:11.0687 48652 usbohci - ok
00:21:11.0718 48652 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:21:11.0718 48652 usbprint - ok
00:21:11.0750 48652 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:21:11.0750 48652 usbscan - ok
00:21:11.0781 48652 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:21:11.0781 48652 USBSTOR - ok
00:21:11.0796 48652 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:21:11.0796 48652 usbuhci - ok
00:21:11.0828 48652 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:21:11.0828 48652 UxSms - ok
00:21:11.0843 48652 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:21:11.0843 48652 VaultSvc - ok
00:21:11.0859 48652 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:21:11.0859 48652 vdrvroot - ok
00:21:11.0921 48652 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:21:11.0937 48652 vds - ok
00:21:11.0953 48652 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:21:11.0968 48652 vga - ok
00:21:11.0984 48652 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:21:11.0984 48652 VgaSave - ok
00:21:12.0015 48652 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:21:12.0015 48652 vhdmp - ok
00:21:12.0031 48652 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:21:12.0046 48652 viaide - ok
00:21:12.0062 48652 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:21:12.0062 48652 vmbus - ok
00:21:12.0078 48652 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
00:21:12.0078 48652 VMBusHID - ok
00:21:12.0109 48652 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:21:12.0109 48652 volmgr - ok
00:21:12.0156 48652 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:21:12.0156 48652 volmgrx - ok
00:21:12.0187 48652 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:21:12.0187 48652 volsnap - ok
00:21:12.0203 48652 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:21:12.0218 48652 vsmraid - ok
00:21:12.0265 48652 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:21:12.0296 48652 VSS - ok
00:21:12.0312 48652 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:21:12.0312 48652 vwifibus - ok
00:21:12.0343 48652 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:21:12.0343 48652 W32Time - ok
00:21:12.0359 48652 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:21:12.0359 48652 WacomPen - ok
00:21:12.0421 48652 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:21:12.0421 48652 WANARP - ok
00:21:12.0437 48652 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:21:12.0437 48652 Wanarpv6 - ok
00:21:12.0515 48652 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
00:21:12.0515 48652 WAS - ok
00:21:12.0609 48652 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:21:12.0625 48652 WatAdminSvc - ok
00:21:12.0687 48652 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:21:12.0703 48652 wbengine - ok
00:21:12.0734 48652 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:21:12.0750 48652 WbioSrvc - ok
00:21:12.0781 48652 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:21:12.0796 48652 wcncsvc - ok
00:21:12.0796 48652 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:21:12.0796 48652 WcsPlugInService - ok
00:21:12.0828 48652 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:21:12.0828 48652 Wd - ok
00:21:12.0875 48652 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:21:12.0890 48652 Wdf01000 - ok
00:21:12.0906 48652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:21:12.0906 48652 WdiServiceHost - ok
00:21:12.0906 48652 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:21:12.0906 48652 WdiSystemHost - ok
00:21:12.0953 48652 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:21:12.0953 48652 WebClient - ok
00:21:12.0968 48652 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:21:12.0968 48652 Wecsvc - ok
00:21:13.0000 48652 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:21:13.0000 48652 wercplsupport - ok
00:21:13.0015 48652 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:21:13.0015 48652 WerSvc - ok
00:21:13.0031 48652 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:21:13.0046 48652 WfpLwf - ok
00:21:13.0062 48652 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:21:13.0062 48652 WIMMount - ok
00:21:13.0078 48652 WinDefend - ok
00:21:13.0078 48652 WinHttpAutoProxySvc - ok
00:21:13.0125 48652 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:21:13.0125 48652 Winmgmt - ok
00:21:13.0187 48652 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:21:13.0218 48652 WinRM - ok
00:21:13.0250 48652 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:21:13.0250 48652 WinUsb - ok
00:21:13.0312 48652 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:21:13.0328 48652 Wlansvc - ok
00:21:13.0406 48652 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:21:13.0421 48652 wlcrasvc - ok
00:21:13.0546 48652 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:21:13.0562 48652 wlidsvc - ok
00:21:13.0578 48652 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:21:13.0578 48652 WmiAcpi - ok
00:21:13.0609 48652 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:21:13.0609 48652 wmiApSrv - ok
00:21:13.0640 48652 WMPNetworkSvc - ok
00:21:13.0671 48652 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:21:13.0671 48652 WPCSvc - ok
00:21:13.0718 48652 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:21:13.0718 48652 WPDBusEnum - ok
00:21:13.0734 48652 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:21:13.0734 48652 ws2ifsl - ok
00:21:13.0750 48652 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:21:13.0750 48652 wscsvc - ok
00:21:13.0765 48652 WSearch - ok
00:21:13.0843 48652 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:21:13.0875 48652 wuauserv - ok
00:21:13.0906 48652 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:21:13.0921 48652 WudfPf - ok
00:21:13.0937 48652 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:21:13.0953 48652 WUDFRd - ok
00:21:13.0968 48652 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:21:13.0968 48652 wudfsvc - ok
00:21:14.0000 48652 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:21:14.0000 48652 WwanSvc - ok
00:21:14.0031 48652 ================ Scan global ===============================
00:21:14.0046 48652 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:21:14.0078 48652 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:21:14.0093 48652 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
00:21:14.0125 48652 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:21:14.0140 48652 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:21:14.0140 48652 [Global] - ok
00:21:14.0140 48652 ================ Scan MBR ==================================
00:21:14.0156 48652 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:21:14.0328 48652 \Device\Harddisk0\DR0 - ok
00:21:14.0328 48652 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:21:14.0390 48652 \Device\Harddisk1\DR1 - ok
00:21:14.0390 48652 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
00:21:17.0781 48652 \Device\Harddisk2\DR2 - ok
00:21:17.0781 48652 ================ Scan VBR ==================================
00:21:17.0781 48652 [ 7456AD682C831AE68666618BF5D4EAC1 ] \Device\Harddisk0\DR0\Partition1
00:21:17.0781 48652 \Device\Harddisk0\DR0\Partition1 - ok
00:21:17.0796 48652 [ A781433B53E8D97029B8B510E1F7517B ] \Device\Harddisk0\DR0\Partition2
00:21:17.0812 48652 \Device\Harddisk0\DR0\Partition2 - ok
00:21:17.0812 48652 [ B290CB22396ADB3F70BDFBEED9720942 ] \Device\Harddisk2\DR2\Partition1
00:21:17.0812 48652 \Device\Harddisk2\DR2\Partition1 - ok
00:21:17.0812 48652 ============================================================
00:21:17.0812 48652 Scan finished
00:21:17.0812 48652 ============================================================
00:21:17.0812 48664 Detected object count: 1
00:21:17.0812 48664 Actual detected object count: 1
00:24:01.0671 48664 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:24:01.0671 48664 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:24:59.0406 47788 Deinitialize success
*******************************************************************************
**************
AdwCleaner.txt
*****************

# AdwCleaner v2.103 - Logfile created 12/28/2012 at 00:27:30
# Updated 25/12/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : John - PC680I
# Boot Mode : Normal
# Running from : C:\Users\John\Desktop\apps\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Candi\AppData\Local\Babylon
Folder Deleted : C:\Users\Candi\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Candi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\CleverCandi\AppData\Local\Babylon
Folder Deleted : C:\Users\CleverCandi\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\CleverCandi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Folder Deleted : C:\Users\John\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\John\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Candi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\ryan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\CleverCandi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1919 octets] - [28/12/2012 00:27:30]

########## EOF - C:\AdwCleaner[S1].txt - [1979 octets] ##########
*******************************************************************
END

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:09 AM

Posted 28 December 2012 - 12:14 PM

Hello,well it is a malware file,so you do not want it running.

http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1084619#none

It has many names so we may have gotten it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 tunnel_rat

tunnel_rat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 28 December 2012 - 04:41 PM

OK great
the link takes me to http://home.mcafee.com/VirusInfo/Default.aspx#none
a generic page with much info on it... but what do i do?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:09 AM

Posted 28 December 2012 - 08:48 PM

Hi,if you are going to do this then that will clean it off/

This issue more of a curiosity, than a nuisance. As the system will be wiped and gifted to my GF son.


Or run ESET to clean it now.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 tunnel_rat

tunnel_rat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 December 2012 - 12:35 AM

Ithink I selected something wrong but here is what I got
******************************************************
C:\Documents and Settings\All Users\Application Data\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
C:\Documents and Settings\All Users\Application Data\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
C:\Documents and Settings\Candi\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\Candi\Local Settings\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\AppData\Local\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\Local Settings\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Documents and Settings\John\Local Settings\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\ProgramData\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
C:\ProgramData\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
C:\Users\All Users\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
C:\Users\All Users\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
C:\Users\All Users\Application Data\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
C:\Users\All Users\Application Data\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
C:\Users\Candi\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\Candi\Local Settings\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\AppData\Local\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\Desktop\keep\DTLite4454-0315.exe Win32/OpenCandy application unable to clean
C:\Users\John\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\Local Settings\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\John\Local Settings\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0U580N1\cgminer[1].exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Users\ryan\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application unable to clean
C:\Windows\SysWOW64\update\igfxupdate.exe probably a variant of Win32/BitCoinMiner.D application unable to clean
G:\Users\All Users\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
G:\Users\All Users\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
G:\Users\All Users\Application Data\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan unable to clean
G:\Users\All Users\Application Data\Adobe\F5143.vbe VBS/CoinMiner.C trojan unable to clean
C:\$Recycle.Bin\S-1-5-21-3293715874-218291175-4020930765-1001\$RY3TZ64.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-735508875-1056305885-3542876551-1010\$R4F9XXW.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Adobe\1BEA60A.vbe VBS/CoinMiner.C trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Adobe\F5143.vbe VBS/CoinMiner.C trojan cleaned by deleting - quarantined
C:\Documents and Settings\Candi\AppData\Local\Application Data\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\RBG3FT7I\cgminer[1].exe a variant of Win32/BitCoinMiner.D application cleaned by deleting - quarantined
C:\Documents and Settings\John\AppData\Local\Application Data\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\John\Desktop\keep\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Documents and Settings\ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K0U580N1\cgminer[1].exe a variant of Win32/BitCoinMiner.D application cleaned by deleting - quarantined
C:\Documents and Settings\ryan\AppData\Local\Temp\svchost.exe a variant of Win32/BitCoinMiner.D application cleaned by deleting - quarantined
C:\Windows\System32\update\igfxupdate.exe probably a variant of Win32/BitCoinMiner.D application cleaned by deleting - quarantined
***************************
Wow guess microsoft security esentials is not that good... and to think I used to have NOD32 lol to bad they have such a high price now so I am thinking about getting
https://www.bullguard.com/

Edited by tunnel_rat, 30 December 2012 - 02:49 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:09 AM

Posted 30 December 2012 - 03:15 PM

Hello, Try Avira Free AV ...L@@K


It appears that way as these are not usually threats that it cannot remove. We have 2 choices...
Run it again if you think you missed something or..
.
We will need to repost with a DDS log and get a deeper look. The second will require these steps.



Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 tunnel_rat

tunnel_rat
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:09 AM

Posted 30 December 2012 - 07:20 PM

Thanks a lot I did not suspect something to go totally unnoticed for so long by ANY antivirus that gets regular virus definitions.

I will try the Avira on the OP system and post up what I can ASAP

BUT for now I removed MSE off of THIS system I am using now, and my new AV found 10 items :(
Scary that I did not have any suspect or performance issue :(

sucks the new AV I got dont have a nice text log to post for ya.
hopefully it can keep me clean.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:09 AM

Posted 30 December 2012 - 07:47 PM

I used Avira free for years.. I had only swithcedwhen ESET asked me to trial test theirs.
The scan log is saved in /tmp/avlogfile. But when you restart the computer you will loose this file.

Did you rerun ESET?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users