Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hunk - Juvarif Malware


  • Please log in to reply
12 replies to this topic

#1 edjhk

edjhk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 14 January 2013 - 09:44 PM

I am Running Windows 7 64bit thru boot camp on a macbook pro. Recently I lowered the "user account control settings" from the second from the top to the second from the bottom. Not sure if that is what may have weakened my security. I have a recent install of Windows, so no Virus protection yet. I do use windows Secruity essentials, and it was on and up to date. I was on an adult site, suddenly the screen froze, my webcam cam on and I was told the FBI was tracking me. CONTR-ALT-DEL was no help. Restart was no help. I finally rebooted into safe mode, searched and became convinced I was infected with Reveton. I found some posts that suggested:

1. Using Microsoft's "I think my computer is infected" (ran this, found some errors. Took an ungodly amount of time.
2. Use Disk Cleanup to delete temporary files (i have 69g of temp files, which I did not delete; I want to later undelete a .pst file that i lost for outlook.
3. next I ran Kapersky's Rootkit.Win32.TDSS.
4. Next was MalwareBytes AntiMalware (MBAM).
5. McCafee's Stinger virus remover.
6. Next was Hitman Pro.
7. CC CLeaner.

All of these at various times found something, then on the next scan did not. I thought i was clean. Started browsing again - and it came back. Next I went to msconfig and disabled "hunk" by Javarif. This was the only program i did not recognize. Still believing I might have reveton, i searched the registry, but did not find any Reveton references. I did find some odd entries searching Javarif, and that led me to find this post (http://www.bleepingcomputer.com/forums/topic481767.html). Seems to me I have the same version of "moneypack". My system is stable for the time being, but i am sure it is a matter of time before it becomes frozen or unstable again. Incidentally, i also have changes to my windows environment - colors of the system. Please advise me what to do next.

Thanks!@

EDJ

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 14 January 2013 - 10:03 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 January 2013 - 03:20 AM

15:03:03.0446 4424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:03:04.0667 4424 ============================================================
15:03:04.0667 4424 Current date / time: 2013/01/15 15:03:04.0667
15:03:04.0667 4424 SystemInfo:
15:03:04.0667 4424
15:03:04.0667 4424 OS Version: 6.1.7601 ServicePack: 1.0
15:03:04.0667 4424 Product type: Workstation
15:03:04.0667 4424 ComputerName: EDWARD-PC
15:03:04.0667 4424 UserName: Edward
15:03:04.0667 4424 Windows directory: C:\Windows
15:03:04.0667 4424 System windows directory: C:\Windows
15:03:04.0667 4424 Running under WOW64
15:03:04.0667 4424 Processor architecture: Intel x64
15:03:04.0667 4424 Number of processors: 2
15:03:04.0667 4424 Page size: 0x1000
15:03:04.0667 4424 Boot type: Normal boot
15:03:04.0667 4424 ============================================================
15:03:06.0351 4424 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:06.0371 4424 ============================================================
15:03:06.0371 4424 \Device\Harddisk0\DR0:
15:03:06.0371 4424 GPT partitions:
15:03:06.0371 4424 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {65C65124-DF8A-43FC-8435-69D46B785B77}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
15:03:06.0371 4424 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {F6D96272-EAC7-4095-BD8B-4516CE9B8178}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xB866E10
15:03:06.0371 4424 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {F441E828-85D4-4D18-BFB9-80CFBF5A8892}, Name: Recovery HD, StartLBA 0xB8CAE38, BlocksNum 0x135F28
15:03:06.0371 4424 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {44099B25-A7C6-4944-90B7-3BFF41F2DCB7}, Name: BOOTCAMP, StartLBA 0xBA01000, BlocksNum 0x2E985000
15:03:06.0371 4424 MBR partitions:
15:03:06.0371 4424 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0xBA01000, BlocksNum 0x2E985000
15:03:06.0371 4424 ============================================================
15:03:06.0401 4424 C: <-> \Device\Harddisk0\DR0\Partition5
15:03:06.0401 4424 ============================================================
15:03:06.0401 4424 Initialize success
15:03:06.0401 4424 ============================================================
15:03:32.0875 4376 ============================================================
15:03:32.0875 4376 Scan started
15:03:32.0875 4376 Mode: Manual; TDLFS;
15:03:32.0875 4376 ============================================================
15:03:33.0225 4376 ================ Scan system memory ========================
15:03:33.0225 4376 System memory - ok
15:03:33.0225 4376 ================ Scan services =============================
15:03:33.0285 4376 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:03:33.0285 4376 !SASCORE - ok
15:03:33.0445 4376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:33.0455 4376 1394ohci - ok
15:03:33.0485 4376 [ 38FDEBCA4437B9ACCE8FA261F5711A72 ] aapltctp C:\Windows\system32\DRIVERS\aapltctp.sys
15:03:33.0485 4376 aapltctp - ok
15:03:33.0505 4376 [ E1CF610D38ABF98580615D2C86DDFF15 ] aapltp C:\Windows\system32\DRIVERS\aapltp.sys
15:03:33.0515 4376 aapltp - ok
15:03:33.0535 4376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:03:33.0535 4376 ACPI - ok
15:03:33.0555 4376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:03:33.0555 4376 AcpiPmi - ok
15:03:33.0596 4376 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
15:03:33.0596 4376 adfs - ok
15:03:33.0736 4376 [ 57A3B9A69F14414ACE12AFD6BA701773 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
15:03:33.0746 4376 Adobe Version Cue CS4 - ok
15:03:33.0856 4376 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:33.0856 4376 AdobeFlashPlayerUpdateSvc - ok
15:03:33.0896 4376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:03:33.0906 4376 adp94xx - ok
15:03:33.0936 4376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:03:33.0946 4376 adpahci - ok
15:03:33.0946 4376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:03:33.0956 4376 adpu320 - ok
15:03:33.0986 4376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:03:33.0986 4376 AeLookupSvc - ok
15:03:34.0036 4376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:03:34.0046 4376 AFD - ok
15:03:34.0066 4376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:03:34.0076 4376 agp440 - ok
15:03:34.0086 4376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:03:34.0096 4376 ALG - ok
15:03:34.0096 4376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:03:34.0096 4376 aliide - ok
15:03:34.0106 4376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:03:34.0106 4376 amdide - ok
15:03:34.0116 4376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:03:34.0116 4376 AmdK8 - ok
15:03:34.0126 4376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:03:34.0136 4376 AmdPPM - ok
15:03:34.0156 4376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:03:34.0166 4376 amdsata - ok
15:03:34.0176 4376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:03:34.0186 4376 amdsbs - ok
15:03:34.0196 4376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:03:34.0196 4376 amdxata - ok
15:03:34.0196 4376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:03:34.0206 4376 AppID - ok
15:03:34.0216 4376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:03:34.0216 4376 AppIDSvc - ok
15:03:34.0226 4376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:03:34.0226 4376 Appinfo - ok
15:03:34.0306 4376 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:03:34.0306 4376 Apple Mobile Device - ok
15:03:34.0346 4376 [ A755645E92AAEAAFB7382A19D2E0D48F ] AppleDisplayFlt C:\Windows\system32\DRIVERS\aaplmonf.sys
15:03:34.0346 4376 AppleDisplayFlt - ok
15:03:34.0376 4376 [ 48BDC7AF6A26A6816BD5BE4798C29A58 ] AppleHFS C:\Windows\system32\drivers\AppleHFS.sys
15:03:34.0376 4376 AppleHFS - ok
15:03:34.0396 4376 [ DAAC81671A6EEB41B35BF9113A35C7FF ] AppleMNT C:\Windows\system32\drivers\AppleMNT.sys
15:03:34.0396 4376 AppleMNT - ok
15:03:34.0416 4376 [ D954CD0616A2BBD9C0DCED2B5B3DDB21 ] AppleOSSMgr C:\Windows\system32\AppleOSSMgr.exe
15:03:34.0426 4376 AppleOSSMgr - ok
15:03:34.0436 4376 [ 7271A1CAFE205A12D07E080112B190DB ] AppleTimeSrv C:\Windows\system32\AppleTimeSrv.exe
15:03:34.0446 4376 AppleTimeSrv - ok
15:03:34.0466 4376 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:03:34.0466 4376 AppMgmt - ok
15:03:34.0486 4376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:03:34.0486 4376 arc - ok
15:03:34.0506 4376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:03:34.0506 4376 arcsas - ok
15:03:34.0526 4376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:34.0526 4376 AsyncMac - ok
15:03:34.0546 4376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:03:34.0546 4376 atapi - ok
15:03:34.0586 4376 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:03:34.0596 4376 athr - ok
15:03:34.0626 4376 [ BB7A2052EBB2E31080C0DA9FA3F4EA4A ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
15:03:34.0646 4376 Ati External Event Utility - ok
15:03:34.0786 4376 [ 428DDCB79F4377726501867EADA9C2D6 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:03:34.0816 4376 atikmdag - ok
15:03:34.0846 4376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:03:34.0866 4376 AudioEndpointBuilder - ok
15:03:34.0886 4376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:03:34.0886 4376 AudioSrv - ok
15:03:34.0916 4376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:03:34.0916 4376 AxInstSV - ok
15:03:34.0946 4376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:03:34.0956 4376 b06bdrv - ok
15:03:34.0986 4376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:34.0986 4376 b57nd60a - ok
15:03:35.0006 4376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:03:35.0006 4376 BDESVC - ok
15:03:35.0016 4376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:03:35.0026 4376 Beep - ok
15:03:35.0056 4376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:03:35.0066 4376 BFE - ok
15:03:35.0106 4376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:03:35.0126 4376 BITS - ok
15:03:35.0156 4376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:35.0166 4376 blbdrive - ok
15:03:35.0196 4376 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:03:35.0196 4376 Bonjour Service - ok
15:03:35.0216 4376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:03:35.0226 4376 bowser - ok
15:03:35.0236 4376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:03:35.0246 4376 BrFiltLo - ok
15:03:35.0246 4376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:03:35.0246 4376 BrFiltUp - ok
15:03:35.0276 4376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:03:35.0276 4376 Browser - ok
15:03:35.0296 4376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:03:35.0306 4376 Brserid - ok
15:03:35.0316 4376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:35.0316 4376 BrSerWdm - ok
15:03:35.0316 4376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:35.0326 4376 BrUsbMdm - ok
15:03:35.0326 4376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:35.0326 4376 BrUsbSer - ok
15:03:35.0356 4376 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:03:35.0356 4376 BthEnum - ok
15:03:35.0366 4376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:03:35.0366 4376 BTHMODEM - ok
15:03:35.0396 4376 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:03:35.0396 4376 BthPan - ok
15:03:35.0426 4376 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
15:03:35.0436 4376 BTHPORT - ok
15:03:35.0466 4376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:03:35.0486 4376 bthserv - ok
15:03:35.0506 4376 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
15:03:35.0506 4376 BTHUSB - ok
15:03:35.0526 4376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:03:35.0526 4376 cdfs - ok
15:03:35.0546 4376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:03:35.0556 4376 cdrom - ok
15:03:35.0586 4376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:03:35.0586 4376 CertPropSvc - ok
15:03:35.0596 4376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:03:35.0606 4376 circlass - ok
15:03:35.0616 4376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:03:35.0626 4376 CLFS - ok
15:03:35.0676 4376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:35.0696 4376 clr_optimization_v2.0.50727_32 - ok
15:03:35.0766 4376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:35.0776 4376 clr_optimization_v2.0.50727_64 - ok
15:03:35.0846 4376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:35.0916 4376 clr_optimization_v4.0.30319_32 - ok
15:03:35.0976 4376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:35.0976 4376 clr_optimization_v4.0.30319_64 - ok
15:03:36.0016 4376 [ D1ED39754DA40CDDAD613CD9EA3FDCDE ] CMB8100 C:\Windows\SysWOW64\Drivers\CertClient.dat
15:03:36.0016 4376 CMB8100 - ok
15:03:36.0046 4376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:03:36.0046 4376 CmBatt - ok
15:03:36.0056 4376 [ F31EF99D85D44BF6F8010CDC5424956B ] CMBProtector C:\Windows\SysWOW64\Drivers\CMBProtector.dat
15:03:36.0056 4376 CMBProtector - ok
15:03:36.0076 4376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:03:36.0076 4376 cmdide - ok
15:03:36.0106 4376 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:03:36.0116 4376 CNG - ok
15:03:36.0136 4376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:03:36.0136 4376 Compbatt - ok
15:03:36.0156 4376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:36.0156 4376 CompositeBus - ok
15:03:36.0166 4376 COMSysApp - ok
15:03:36.0186 4376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:03:36.0196 4376 crcdisk - ok
15:03:36.0236 4376 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:03:36.0236 4376 CryptSvc - ok
15:03:36.0256 4376 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:03:36.0266 4376 CSC - ok
15:03:36.0286 4376 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:03:36.0306 4376 CscService - ok
15:03:36.0346 4376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:03:36.0356 4376 DcomLaunch - ok
15:03:36.0376 4376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:03:36.0376 4376 defragsvc - ok
15:03:36.0406 4376 [ 606A17182C995E63ACFB710108575B3B ] DevUpper C:\Windows\system32\DRIVERS\iSightFT.sys
15:03:36.0406 4376 DevUpper - ok
15:03:36.0426 4376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:03:36.0426 4376 DfsC - ok
15:03:36.0446 4376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:03:36.0456 4376 Dhcp - ok
15:03:36.0466 4376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:03:36.0476 4376 discache - ok
15:03:36.0496 4376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:03:36.0496 4376 Disk - ok
15:03:36.0526 4376 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:03:36.0526 4376 dmvsc - ok
15:03:36.0546 4376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:03:36.0546 4376 Dnscache - ok
15:03:36.0566 4376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:03:36.0566 4376 dot3svc - ok
15:03:36.0586 4376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:03:36.0596 4376 DPS - ok
15:03:36.0626 4376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:03:36.0626 4376 drmkaud - ok
15:03:36.0666 4376 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:03:36.0676 4376 DXGKrnl - ok
15:03:36.0706 4376 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
15:03:36.0716 4376 E1G60 - ok
15:03:36.0746 4376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:03:36.0746 4376 EapHost - ok
15:03:36.0886 4376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:03:36.0946 4376 ebdrv - ok
15:03:36.0976 4376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:03:36.0986 4376 EFS - ok
15:03:37.0016 4376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:03:37.0036 4376 ehRecvr - ok
15:03:37.0046 4376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:03:37.0046 4376 ehSched - ok
15:03:37.0086 4376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:03:37.0096 4376 elxstor - ok
15:03:37.0106 4376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:03:37.0106 4376 ErrDev - ok
15:03:37.0136 4376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:03:37.0146 4376 EventSystem - ok
15:03:37.0156 4376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:03:37.0166 4376 exfat - ok
15:03:37.0176 4376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:03:37.0176 4376 fastfat - ok
15:03:37.0216 4376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:03:37.0226 4376 Fax - ok
15:03:37.0246 4376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:03:37.0246 4376 fdc - ok
15:03:37.0266 4376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:03:37.0266 4376 fdPHost - ok
15:03:37.0286 4376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:03:37.0286 4376 FDResPub - ok
15:03:37.0306 4376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:03:37.0306 4376 FileInfo - ok
15:03:37.0316 4376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:03:37.0316 4376 Filetrace - ok
15:03:37.0376 4376 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:03:37.0386 4376 FLEXnet Licensing Service - ok
15:03:37.0466 4376 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:03:37.0476 4376 FLEXnet Licensing Service 64 - ok
15:03:37.0496 4376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:03:37.0496 4376 flpydisk - ok
15:03:37.0506 4376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:03:37.0516 4376 FltMgr - ok
15:03:37.0556 4376 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:03:37.0566 4376 FontCache - ok
15:03:37.0607 4376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:37.0607 4376 FontCache3.0.0.0 - ok
15:03:37.0627 4376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:03:37.0627 4376 FsDepends - ok
15:03:37.0667 4376 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:03:37.0667 4376 fssfltr - ok
15:03:37.0787 4376 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:03:37.0807 4376 fsssvc - ok
15:03:37.0847 4376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:03:37.0847 4376 Fs_Rec - ok
15:03:37.0877 4376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:03:37.0877 4376 fvevol - ok
15:03:37.0907 4376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:03:37.0907 4376 gagp30kx - ok
15:03:37.0937 4376 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:03:37.0937 4376 GEARAspiWDM - ok
15:03:37.0967 4376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:03:37.0997 4376 gpsvc - ok
15:03:38.0057 4376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:38.0057 4376 gupdate - ok
15:03:38.0067 4376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:38.0067 4376 gupdatem - ok
15:03:38.0107 4376 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:03:38.0107 4376 gusvc - ok
15:03:38.0157 4376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:03:38.0157 4376 hcw85cir - ok
15:03:38.0197 4376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:03:38.0207 4376 HdAudAddService - ok
15:03:38.0227 4376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:38.0227 4376 HDAudBus - ok
15:03:38.0247 4376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:03:38.0247 4376 HidBatt - ok
15:03:38.0267 4376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:03:38.0267 4376 HidBth - ok
15:03:38.0287 4376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:03:38.0287 4376 HidIr - ok
15:03:38.0307 4376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:03:38.0307 4376 hidserv - ok
15:03:38.0337 4376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:03:38.0337 4376 HidUsb - ok
15:03:38.0387 4376 [ 9C66FEEFCA9D5DD712AB78D17BB16DA8 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
15:03:38.0387 4376 HitmanProScheduler - ok
15:03:38.0417 4376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:03:38.0417 4376 hkmsvc - ok
15:03:38.0437 4376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:03:38.0447 4376 HomeGroupListener - ok
15:03:38.0467 4376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:03:38.0467 4376 HomeGroupProvider - ok
15:03:38.0497 4376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:03:38.0497 4376 HpSAMD - ok
15:03:38.0527 4376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:03:38.0537 4376 HTTP - ok
15:03:38.0547 4376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:03:38.0557 4376 hwpolicy - ok
15:03:38.0567 4376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:03:38.0567 4376 i8042prt - ok
15:03:38.0597 4376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:03:38.0607 4376 iaStorV - ok
15:03:38.0667 4376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:38.0687 4376 idsvc - ok
15:03:38.0717 4376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:03:38.0717 4376 iirsp - ok
15:03:38.0757 4376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:03:38.0777 4376 IKEEXT - ok
15:03:38.0827 4376 [ 4552B448CF9C00BA2A94032AF35BD9FC ] ImeDictUpdateService C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
15:03:38.0827 4376 ImeDictUpdateService - ok
15:03:38.0847 4376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:03:38.0857 4376 intelide - ok
15:03:38.0867 4376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:03:38.0867 4376 intelppm - ok
15:03:38.0907 4376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:03:38.0917 4376 IPBusEnum - ok
15:03:38.0937 4376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:38.0937 4376 IpFilterDriver - ok
15:03:38.0997 4376 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:03:39.0007 4376 iphlpsvc - ok
15:03:39.0027 4376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:03:39.0027 4376 IPMIDRV - ok
15:03:39.0037 4376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:03:39.0037 4376 IPNAT - ok
15:03:39.0077 4376 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:03:39.0077 4376 iPod Service - ok
15:03:39.0117 4376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:03:39.0117 4376 IRENUM - ok
15:03:39.0147 4376 [ A2EA52F7140D9439EF0ECA7A9E2940C9 ] IRRemoteFlt C:\Windows\system32\DRIVERS\IRFilter.sys
15:03:39.0147 4376 IRRemoteFlt - ok
15:03:39.0157 4376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:03:39.0157 4376 isapnp - ok
15:03:39.0177 4376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:03:39.0187 4376 iScsiPrt - ok
15:03:39.0207 4376 [ 5F73D543C6E590425A19DBA2F42F63F9 ] iSightUpdate C:\Windows\system32\DRIVERS\iSightUP.sys
15:03:39.0207 4376 iSightUpdate - ok
15:03:39.0227 4376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:39.0227 4376 kbdclass - ok
15:03:39.0237 4376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:39.0237 4376 kbdhid - ok
15:03:39.0267 4376 [ 1E74F5914D4643B9B379DAF1E47BF999 ] KeyAgent C:\Windows\system32\drivers\KeyAgent.sys
15:03:39.0267 4376 KeyAgent - ok
15:03:39.0287 4376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:03:39.0287 4376 KeyIso - ok
15:03:39.0317 4376 [ C307A605C49D21592B6C9BB41FBE893B ] KeyMagic C:\Windows\system32\DRIVERS\KeyMagic.sys
15:03:39.0317 4376 KeyMagic - ok
15:03:39.0347 4376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:03:39.0357 4376 KSecDD - ok
15:03:39.0367 4376 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:03:39.0377 4376 KSecPkg - ok
15:03:39.0407 4376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:03:39.0407 4376 ksthunk - ok
15:03:39.0427 4376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:03:39.0437 4376 KtmRm - ok
15:03:39.0467 4376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:03:39.0477 4376 LanmanServer - ok
15:03:39.0497 4376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:03:39.0497 4376 LanmanWorkstation - ok
15:03:39.0527 4376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:03:39.0537 4376 lltdio - ok
15:03:39.0557 4376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:03:39.0567 4376 lltdsvc - ok
15:03:39.0587 4376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:03:39.0587 4376 lmhosts - ok
15:03:39.0617 4376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:03:39.0617 4376 LSI_FC - ok
15:03:39.0627 4376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:03:39.0627 4376 LSI_SAS - ok
15:03:39.0647 4376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:03:39.0647 4376 LSI_SAS2 - ok
15:03:39.0667 4376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:03:39.0667 4376 LSI_SCSI - ok
15:03:39.0687 4376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:03:39.0687 4376 luafv - ok
15:03:39.0767 4376 [ A401CFF74982D8DF851F20307C806073 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
15:03:39.0777 4376 LVRS64 - ok
15:03:39.0927 4376 [ 13384CB5F5813E65F31078D6ABFAAF38 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:03:39.0957 4376 LVUVC64 - ok
15:03:39.0977 4376 [ 4035B7464DF8C3C423E6FFDC75AAEEBF ] MacHALDriver C:\Windows\system32\drivers\MacHALDriver.sys
15:03:39.0977 4376 MacHALDriver - ok
15:03:39.0997 4376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:03:40.0007 4376 Mcx2Svc - ok
15:03:40.0027 4376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:03:40.0027 4376 megasas - ok
15:03:40.0047 4376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:03:40.0047 4376 MegaSR - ok
15:03:40.0097 4376 Microsoft SharePoint Workspace Audit Service - ok
15:03:40.0117 4376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:03:40.0117 4376 MMCSS - ok
15:03:40.0127 4376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:03:40.0127 4376 Modem - ok
15:03:40.0147 4376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:03:40.0147 4376 monitor - ok
15:03:40.0167 4376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:03:40.0167 4376 mouclass - ok
15:03:40.0187 4376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:03:40.0187 4376 mouhid - ok
15:03:40.0207 4376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:03:40.0207 4376 mountmgr - ok
15:03:40.0247 4376 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:03:40.0247 4376 MozillaMaintenance - ok
15:03:40.0287 4376 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:03:40.0287 4376 MpFilter - ok
15:03:40.0307 4376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:03:40.0307 4376 mpio - ok
15:03:40.0327 4376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:03:40.0337 4376 mpsdrv - ok
15:03:40.0367 4376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:03:40.0387 4376 MpsSvc - ok
15:03:40.0397 4376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:03:40.0407 4376 MRxDAV - ok
15:03:40.0427 4376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:40.0437 4376 mrxsmb - ok
15:03:40.0447 4376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:40.0457 4376 mrxsmb10 - ok
15:03:40.0467 4376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:40.0477 4376 mrxsmb20 - ok
15:03:40.0487 4376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:03:40.0487 4376 msahci - ok
15:03:40.0507 4376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:03:40.0517 4376 msdsm - ok
15:03:40.0527 4376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:03:40.0537 4376 MSDTC - ok
15:03:40.0557 4376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:03:40.0557 4376 Msfs - ok
15:03:40.0567 4376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:03:40.0567 4376 mshidkmdf - ok
15:03:40.0577 4376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:03:40.0587 4376 msisadrv - ok
15:03:40.0617 4376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:03:40.0627 4376 MSiSCSI - ok
15:03:40.0627 4376 msiserver - ok
15:03:40.0647 4376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:03:40.0657 4376 MSKSSRV - ok
15:03:40.0697 4376 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:03:40.0697 4376 MsMpSvc - ok
15:03:40.0707 4376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:40.0717 4376 MSPCLOCK - ok
15:03:40.0737 4376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:03:40.0737 4376 MSPQM - ok
15:03:40.0757 4376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:03:40.0757 4376 MsRPC - ok
15:03:40.0777 4376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:40.0777 4376 mssmbios - ok
15:03:40.0787 4376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:03:40.0797 4376 MSTEE - ok
15:03:40.0797 4376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:03:40.0797 4376 MTConfig - ok
15:03:40.0817 4376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:03:40.0817 4376 Mup - ok
15:03:40.0897 4376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:03:40.0927 4376 napagent - ok
15:03:40.0967 4376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:03:40.0977 4376 NativeWifiP - ok
15:03:41.0017 4376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:03:41.0037 4376 NDIS - ok
15:03:41.0057 4376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:41.0057 4376 NdisCap - ok
15:03:41.0091 4376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:41.0094 4376 NdisTapi - ok
15:03:41.0129 4376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:41.0129 4376 Ndisuio - ok
15:03:41.0139 4376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:41.0149 4376 NdisWan - ok
15:03:41.0159 4376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:03:41.0169 4376 NDProxy - ok
15:03:41.0179 4376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:03:41.0179 4376 NetBIOS - ok
15:03:41.0199 4376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:03:41.0209 4376 NetBT - ok
15:03:41.0219 4376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:03:41.0219 4376 Netlogon - ok
15:03:41.0269 4376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:03:41.0279 4376 Netman - ok
15:03:41.0309 4376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:03:41.0329 4376 netprofm - ok
15:03:41.0379 4376 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:03:41.0379 4376 NetTcpPortSharing - ok
15:03:41.0429 4376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:03:41.0429 4376 nfrd960 - ok
15:03:41.0459 4376 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:03:41.0469 4376 NisDrv - ok
15:03:41.0489 4376 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:03:41.0499 4376 NisSrv - ok
15:03:41.0529 4376 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:03:41.0539 4376 NlaSvc - ok
15:03:41.0539 4376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:03:41.0549 4376 Npfs - ok
15:03:41.0569 4376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:03:41.0569 4376 nsi - ok
15:03:41.0589 4376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:03:41.0589 4376 nsiproxy - ok
15:03:41.0640 4376 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:03:41.0670 4376 Ntfs - ok
15:03:41.0680 4376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:03:41.0680 4376 Null - ok
15:03:41.0710 4376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:03:41.0720 4376 nvraid - ok
15:03:41.0730 4376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:03:41.0740 4376 nvstor - ok
15:03:41.0760 4376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:03:41.0770 4376 nv_agp - ok
15:03:41.0780 4376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:03:41.0780 4376 ohci1394 - ok
15:03:41.0820 4376 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:41.0820 4376 ose64 - ok
15:03:41.0950 4376 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:03:42.0050 4376 osppsvc - ok
15:03:42.0080 4376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:03:42.0097 4376 p2pimsvc - ok
15:03:42.0122 4376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:03:42.0132 4376 p2psvc - ok
15:03:42.0162 4376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:03:42.0162 4376 Parport - ok
15:03:42.0192 4376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:03:42.0192 4376 partmgr - ok
15:03:42.0212 4376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:03:42.0222 4376 PcaSvc - ok
15:03:42.0232 4376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:03:42.0242 4376 pci - ok
15:03:42.0252 4376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:03:42.0262 4376 pciide - ok
15:03:42.0272 4376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:03:42.0272 4376 pcmcia - ok
15:03:42.0292 4376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:03:42.0292 4376 pcw - ok
15:03:42.0312 4376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:03:42.0322 4376 PEAUTH - ok
15:03:42.0392 4376 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:03:42.0432 4376 PeerDistSvc - ok
15:03:42.0522 4376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:03:42.0532 4376 PerfHost - ok
15:03:42.0624 4376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:03:42.0664 4376 pla - ok
15:03:42.0704 4376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:03:42.0714 4376 PlugPlay - ok
15:03:42.0724 4376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:03:42.0734 4376 PNRPAutoReg - ok
15:03:42.0754 4376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:03:42.0754 4376 PNRPsvc - ok
15:03:42.0774 4376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:03:42.0794 4376 PolicyAgent - ok
15:03:42.0814 4376 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:03:42.0824 4376 Power - ok
15:03:42.0854 4376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:03:42.0864 4376 PptpMiniport - ok
15:03:42.0884 4376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:03:42.0884 4376 Processor - ok
15:03:42.0914 4376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:03:42.0914 4376 ProfSvc - ok
15:03:42.0934 4376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:03:42.0934 4376 ProtectedStorage - ok
15:03:42.0944 4376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:03:42.0944 4376 Psched - ok
15:03:42.0984 4376 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:03:42.0984 4376 PxHlpa64 - ok
15:03:43.0024 4376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:03:43.0054 4376 ql2300 - ok
15:03:43.0074 4376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:03:43.0084 4376 ql40xx - ok
15:03:43.0123 4376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:03:43.0136 4376 QWAVE - ok
15:03:43.0146 4376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:03:43.0156 4376 QWAVEdrv - ok
15:03:43.0166 4376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:03:43.0166 4376 RasAcd - ok
15:03:43.0196 4376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:03:43.0196 4376 RasAgileVpn - ok
15:03:43.0206 4376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:03:43.0216 4376 RasAuto - ok
15:03:43.0226 4376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:03:43.0226 4376 Rasl2tp - ok
15:03:43.0256 4376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:03:43.0266 4376 RasMan - ok
15:03:43.0276 4376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:03:43.0276 4376 RasPppoe - ok
15:03:43.0306 4376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:03:43.0306 4376 RasSstp - ok
15:03:43.0326 4376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:03:43.0326 4376 rdbss - ok
15:03:43.0336 4376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:03:43.0336 4376 rdpbus - ok
15:03:43.0356 4376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:03:43.0356 4376 RDPCDD - ok
15:03:43.0376 4376 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:03:43.0386 4376 RDPDR - ok
15:03:43.0406 4376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:03:43.0406 4376 RDPENCDD - ok
15:03:43.0416 4376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:03:43.0416 4376 RDPREFMP - ok
15:03:43.0446 4376 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:03:43.0446 4376 RdpVideoMiniport - ok
15:03:43.0466 4376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:03:43.0476 4376 RDPWD - ok
15:03:43.0496 4376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:03:43.0496 4376 rdyboost - ok
15:03:43.0536 4376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:03:43.0536 4376 RemoteAccess - ok
15:03:43.0586 4376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:03:43.0586 4376 RemoteRegistry - ok
15:03:43.0656 4376 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:03:43.0656 4376 RFCOMM - ok
15:03:43.0686 4376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:03:43.0696 4376 RpcEptMapper - ok
15:03:43.0726 4376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:03:43.0726 4376 RpcLocator - ok
15:03:43.0746 4376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:03:43.0746 4376 RpcSs - ok
15:03:43.0806 4376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:03:43.0806 4376 rspndr - ok
15:03:43.0846 4376 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:03:43.0856 4376 s3cap - ok
15:03:43.0876 4376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:03:43.0876 4376 SamSs - ok
15:03:43.0916 4376 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:03:43.0916 4376 SASDIFSV - ok
15:03:43.0946 4376 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:03:43.0946 4376 SASKUTIL - ok
15:03:43.0956 4376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:03:43.0966 4376 sbp2port - ok
15:03:43.0986 4376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:03:43.0996 4376 SCardSvr - ok
15:03:44.0016 4376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:03:44.0016 4376 scfilter - ok
15:03:44.0046 4376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:03:44.0066 4376 Schedule - ok
15:03:44.0076 4376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:03:44.0086 4376 SCPolicySvc - ok
15:03:44.0096 4376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:03:44.0096 4376 SDRSVC - ok
15:03:44.0126 4376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:03:44.0126 4376 secdrv - ok
15:03:44.0136 4376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:03:44.0146 4376 seclogon - ok
15:03:44.0156 4376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:03:44.0166 4376 SENS - ok
15:03:44.0176 4376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:03:44.0186 4376 SensrSvc - ok
15:03:44.0196 4376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:03:44.0196 4376 Serenum - ok
15:03:44.0216 4376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:03:44.0216 4376 Serial - ok
15:03:44.0226 4376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:03:44.0236 4376 sermouse - ok
15:03:44.0256 4376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:03:44.0266 4376 SessionEnv - ok
15:03:44.0266 4376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:03:44.0266 4376 sffdisk - ok
15:03:44.0276 4376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:03:44.0276 4376 sffp_mmc - ok
15:03:44.0286 4376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:03:44.0286 4376 sffp_sd - ok
15:03:44.0286 4376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:03:44.0286 4376 sfloppy - ok
15:03:44.0326 4376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:03:44.0336 4376 SharedAccess - ok
15:03:44.0356 4376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:03:44.0356 4376 ShellHWDetection - ok
15:03:44.0376 4376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:03:44.0386 4376 SiSRaid2 - ok
15:03:44.0386 4376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:03:44.0386 4376 SiSRaid4 - ok
15:03:44.0416 4376 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:03:44.0416 4376 SkypeUpdate - ok
15:03:44.0436 4376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:03:44.0436 4376 Smb - ok
15:03:44.0456 4376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:03:44.0466 4376 SNMPTRAP - ok
15:03:44.0506 4376 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
15:03:44.0506 4376 speedfan - ok
15:03:44.0526 4376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:03:44.0536 4376 spldr - ok
15:03:44.0566 4376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:03:44.0586 4376 Spooler - ok
15:03:44.0856 4376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:03:45.0006 4376 sppsvc - ok
15:03:45.0036 4376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:03:45.0046 4376 sppuinotify - ok
15:03:45.0096 4376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:03:45.0106 4376 srv - ok
15:03:45.0136 4376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:03:45.0156 4376 srv2 - ok
15:03:45.0176 4376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:03:45.0176 4376 srvnet - ok
15:03:45.0216 4376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:03:45.0216 4376 SSDPSRV - ok
15:03:45.0226 4376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:03:45.0226 4376 SstpSvc - ok
15:03:45.0286 4376 [ 7E4677D8D47A11ADF40B2697B2A326F3 ] STacSV c:\program files (x86)\idt\apple_v50\wdm\STacSV64.exe
15:03:45.0296 4376 STacSV - ok
15:03:45.0316 4376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:03:45.0316 4376 stexstor - ok
15:03:45.0356 4376 [ DB67EAD601756DA58E30E9CC841B36AA ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:03:45.0356 4376 STHDA - ok
15:03:45.0396 4376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:03:45.0416 4376 stisvc - ok
15:03:45.0436 4376 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:03:45.0436 4376 storflt - ok
15:03:45.0446 4376 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:03:45.0456 4376 storvsc - ok
15:03:45.0476 4376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:03:45.0476 4376 swenum - ok
15:03:45.0506 4376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:03:45.0516 4376 swprv - ok
15:03:45.0536 4376 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
15:03:45.0546 4376 Synth3dVsc - ok
15:03:45.0586 4376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:03:45.0629 4376 SysMain - ok
15:03:45.0646 4376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:03:45.0646 4376 TabletInputService - ok
15:03:45.0656 4376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:03:45.0672 4376 TapiSrv - ok
15:03:45.0681 4376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:03:45.0683 4376 TBS - ok
15:03:45.0728 4376 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:03:45.0758 4376 Tcpip - ok
15:03:45.0818 4376 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:03:45.0828 4376 TCPIP6 - ok
15:03:45.0868 4376 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:03:45.0868 4376 tcpipreg - ok
15:03:45.0898 4376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:03:45.0898 4376 TDPIPE - ok
15:03:45.0918 4376 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:03:45.0918 4376 TDTCP - ok
15:03:45.0938 4376 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:03:45.0938 4376 tdx - ok
15:03:45.0948 4376 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:03:45.0948 4376 TermDD - ok
15:03:45.0968 4376 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys
15:03:45.0968 4376 terminpt - ok
15:03:46.0358 4376 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:03:46.0408 4376 TermService - ok
15:03:46.0458 4376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:03:46.0498 4376 Themes - ok
15:03:46.0548 4376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:03:46.0548 4376 THREADORDER - ok
15:03:46.0598 4376 [ F1D49F98F97AC1FA1B7E9F04268AE7EE ] TPAutoConnSvc C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
15:03:46.0748 4376 TPAutoConnSvc - ok
15:03:46.0786 4376 [ 072F5C08107AF972993796F3F7E13F61 ] TPVCGateway C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
15:03:46.0860 4376 TPVCGateway - ok
15:03:46.0880 4376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:03:46.0890 4376 TrkWks - ok
15:03:46.0930 4376 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:03:46.0930 4376 TrustedInstaller - ok
15:03:46.0960 4376 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:03:46.0960 4376 tssecsrv - ok
15:03:46.0990 4376 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:03:46.0990 4376 TsUsbFlt - ok
15:03:47.0010 4376 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:03:47.0020 4376 TsUsbGD - ok
15:03:47.0040 4376 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
15:03:47.0040 4376 tsusbhub - ok
15:03:47.0080 4376 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:03:47.0080 4376 tunnel - ok
15:03:47.0100 4376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:03:47.0100 4376 uagp35 - ok
15:03:47.0120 4376 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:03:47.0130 4376 udfs - ok
15:03:47.0170 4376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:03:47.0175 4376 UI0Detect - ok
15:03:47.0188 4376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:03:47.0191 4376 uliagpkx - ok
15:03:47.0202 4376 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:03:47.0202 4376 umbus - ok
15:03:47.0212 4376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:03:47.0212 4376 UmPass - ok
15:03:47.0232 4376 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:03:47.0242 4376 UmRdpService - ok
15:03:47.0262 4376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:03:47.0272 4376 upnphost - ok
15:03:47.0302 4376 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:03:47.0302 4376 USBAAPL64 - ok
15:03:47.0352 4376 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:03:47.0352 4376 usbaudio - ok
15:03:47.0382 4376 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:03:47.0382 4376 usbccgp - ok
15:03:47.0412 4376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:03:47.0412 4376 usbcir - ok
15:03:47.0432 4376 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:03:47.0432 4376 usbehci - ok
15:03:47.0462 4376 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:03:47.0462 4376 usbhub - ok
15:03:47.0492 4376 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:03:47.0492 4376 usbohci - ok
15:03:47.0502 4376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:03:47.0512 4376 usbprint - ok
15:03:47.0532 4376 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:03:47.0542 4376 USBSTOR - ok
15:03:47.0552 4376 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:03:47.0552 4376 usbuhci - ok
15:03:47.0582 4376 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:03:47.0592 4376 usbvideo - ok
15:03:47.0602 4376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:03:47.0612 4376 UxSms - ok
15:03:47.0622 4376 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:03:47.0622 4376 VaultSvc - ok
15:03:47.0632 4376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:03:47.0632 4376 vdrvroot - ok
15:03:47.0652 4376 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:03:47.0682 4376 vds - ok
15:03:47.0702 4376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:03:47.0702 4376 vga - ok
15:03:47.0722 4376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:03:47.0722 4376 VgaSave - ok
15:03:47.0722 4376 VGPU - ok
15:03:47.0742 4376 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:03:47.0752 4376 vhdmp - ok
15:03:47.0762 4376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:03:47.0762 4376 viaide - ok
15:03:47.0802 4376 [ E8C693F4412892DA9454E8815961947F ] vm3dmp C:\Windows\system32\DRIVERS\vm3dmp.sys
15:03:47.0802 4376 vm3dmp - ok
15:03:47.0832 4376 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:03:47.0832 4376 vmbus - ok
15:03:47.0842 4376 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:03:47.0852 4376 VMBusHID - ok
15:03:47.0882 4376 [ 6203C901DEFF10631AAD919B3BD1489B ] vmci C:\Windows\system32\DRIVERS\vmci.sys
15:03:47.0882 4376 vmci - ok
15:03:47.0912 4376 [ C5047BD8C7EAF0A4698B1AE18C09EC2E ] vmhgfs C:\Windows\system32\drivers\vmhgfs.sys
15:03:47.0922 4376 vmhgfs - ok
15:03:47.0952 4376 [ 108E3D0F26C5F65D65485F6EF45B3D39 ] VMMEMCTL C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys
15:03:47.0952 4376 VMMEMCTL - ok
15:03:47.0982 4376 [ BBE7ED0ED87295C4E4F7A323D260DE19 ] vmmouse C:\Windows\system32\DRIVERS\vmmouse.sys
15:03:47.0992 4376 vmmouse - ok
15:03:48.0002 4376 [ 64F46436DC6F5C9BD5932C6BBFF270D8 ] vmrawdsk C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
15:03:48.0002 4376 vmrawdsk - ok
15:03:48.0022 4376 [ 61B1DFB9703D0D678E108E0156FCBB69 ] VMTools C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
15:03:48.0022 4376 VMTools - ok
15:03:48.0042 4376 [ 13F9A99C2311E01CC31E84A196DD070F ] vmusbmouse C:\Windows\system32\DRIVERS\vmusbmouse.sys
15:03:48.0042 4376 vmusbmouse - ok
15:03:48.0052 4376 vmvss - ok
15:03:48.0082 4376 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:03:48.0082 4376 volmgr - ok
15:03:48.0102 4376 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:03:48.0112 4376 volmgrx - ok
15:03:48.0122 4376 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:03:48.0132 4376 volsnap - ok
15:03:48.0152 4376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:03:48.0162 4376 vsmraid - ok
15:03:48.0162 4376 [ EF1E48D431223F670CFFD6169B1A136F ] vsock C:\Windows\system32\drivers\vsock.sys
15:03:48.0172 4376 vsock - ok
15:03:48.0222 4376 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:03:48.0252 4376 VSS - ok
15:03:48.0262 4376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:03:48.0272 4376 vwifibus - ok
15:03:48.0292 4376 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:03:48.0292 4376 vwififlt - ok
15:03:48.0302 4376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:03:48.0312 4376 W32Time - ok
15:03:48.0322 4376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:03:48.0322 4376 WacomPen - ok
15:03:48.0352 4376 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:03:48.0352 4376 WANARP - ok
15:03:48.0362 4376 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:03:48.0362 4376 Wanarpv6 - ok
15:03:48.0412 4376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:03:48.0442 4376 WatAdminSvc - ok
15:03:48.0492 4376 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:03:48.0522 4376 wbengine - ok
15:03:48.0542 4376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:03:48.0552 4376 WbioSrvc - ok
15:03:48.0562 4376 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:03:48.0572 4376 wcncsvc - ok
15:03:48.0572 4376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:03:48.0582 4376 WcsPlugInService - ok
15:03:48.0612 4376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:03:48.0612 4376 Wd - ok
15:03:48.0642 4376 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:03:48.0652 4376 Wdf01000 - ok
15:03:48.0662 4376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:03:48.0672 4376 WdiServiceHost - ok
15:03:48.0682 4376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:03:48.0692 4376 WdiSystemHost - ok
15:03:48.0719 4376 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:03:48.0726 4376 WebClient - ok
15:03:48.0754 4376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:03:48.0774 4376 Wecsvc - ok
15:03:48.0794 4376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:03:48.0804 4376 wercplsupport - ok
15:03:48.0824 4376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:03:48.0824 4376 WerSvc - ok
15:03:48.0854 4376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:03:48.0864 4376 WfpLwf - ok
15:03:48.0874 4376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:03:48.0874 4376 WIMMount - ok
15:03:48.0894 4376 WinDefend - ok
15:03:48.0904 4376 WinHttpAutoProxySvc - ok
15:03:48.0994 4376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:03:49.0004 4376 Winmgmt - ok
15:03:49.0044 4376 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:03:49.0094 4376 WinRM - ok
15:03:49.0144 4376 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:03:49.0144 4376 WinUsb - ok
15:03:49.0174 4376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:03:49.0194 4376 Wlansvc - ok
15:03:49.0264 4376 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:49.0284 4376 wlidsvc - ok
15:03:49.0304 4376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:03:49.0304 4376 WmiAcpi - ok
15:03:49.0334 4376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:03:49.0344 4376 wmiApSrv - ok
15:03:49.0364 4376 WMPNetworkSvc - ok
15:03:49.0374 4376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:03:49.0384 4376 WPCSvc - ok
15:03:49.0394 4376 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:03:49.0404 4376 WPDBusEnum - ok
15:03:49.0414 4376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:03:49.0414 4376 ws2ifsl - ok
15:03:49.0434 4376 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:03:49.0444 4376 wscsvc - ok
15:03:49.0444 4376 WSearch - ok
15:03:49.0504 4376 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:03:49.0544 4376 wuauserv - ok
15:03:49.0574 4376 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:03:49.0574 4376 WudfPf - ok
15:03:49.0594 4376 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:03:49.0594 4376 WUDFRd - ok
15:03:49.0604 4376 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:03:49.0614 4376 wudfsvc - ok
15:03:49.0624 4376 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:03:49.0634 4376 WwanSvc - ok
15:03:49.0664 4376 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:03:49.0664 4376 yukonw7 - ok
15:03:49.0684 4376 ================ Scan global ===============================
15:03:49.0704 4376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:03:49.0734 4376 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:03:49.0744 4376 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:03:49.0774 4376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:03:49.0814 4376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:03:49.0834 4376 [Global] - ok
15:03:49.0834 4376 ================ Scan MBR ==================================
15:03:49.0854 4376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:03:50.0394 4376 \Device\Harddisk0\DR0 - ok
15:03:50.0394 4376 ================ Scan VBR ==================================
15:03:50.0404 4376 [ E651B42D0D28151FB40116ACAAA197C4 ] \Device\Harddisk0\DR0\Partition1
15:03:50.0404 4376 \Device\Harddisk0\DR0\Partition1 - ok
15:03:50.0414 4376 [ 8ABB0A4CB87E306B9E29D099C3915207 ] \Device\Harddisk0\DR0\Partition2
15:03:50.0414 4376 \Device\Harddisk0\DR0\Partition2 - ok
15:03:50.0424 4376 [ D12FECA4D9D3BD5C613165B478B51F95 ] \Device\Harddisk0\DR0\Partition3
15:03:50.0434 4376 \Device\Harddisk0\DR0\Partition3 - ok
15:03:50.0434 4376 [ 146DC646FA813793521B0DA660BC7181 ] \Device\Harddisk0\DR0\Partition4
15:03:50.0444 4376 \Device\Harddisk0\DR0\Partition4 - ok
15:03:50.0444 4376 [ 146DC646FA813793521B0DA660BC7181 ] \Device\Harddisk0\DR0\Partition5
15:03:50.0444 4376 \Device\Harddisk0\DR0\Partition5 - ok
15:03:50.0444 4376 ============================================================
15:03:50.0444 4376 Scan finished
15:03:50.0444 4376 ============================================================
15:03:50.0464 1164 Detected object count: 0
15:03:50.0464 1164 Actual detected object count: 0


Avast Stopped working, both in normal and safe mode. These are the problem details:

Problem signature:
Problem Event Name: APPCRASH
Application Name: aswMBR.exe
Application Version: 0.9.9.1707
Application Timestamp: 509be8bf
Fault Module Name: ntdll.dll
Fault Module Version: 6.1.7601.17725
Fault Module Timestamp: 4ec49b8f
Exception Code: c0000005
Exception Offset: 0002e41b
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789


ESET is still scanning. Any suggestion on Getting Avast to work? I will post the ESET log in a few hours. Thanks for the quick reply earlier.

EDJHK

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 15 January 2013 - 08:16 AM

Try to run ASWMBR in safemode with networking

#5 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 January 2013 - 09:06 AM

I did run it in both regular and safe mode with networking. Both failed. ESET found nothing. What next?

EDJHK

Edited by edjhk, 15 January 2013 - 09:06 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 15 January 2013 - 09:43 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 January 2013 - 01:06 PM

Things just go worse. After running Malware, had to reboot. Rebooted into normal mode, and started to install mini toolbox. The virus came back on. When i tried to reboot into safemode, the virus was taking over there as well. All I could do was get to control-alt-delete - and restart. Could not see the task manager. My only thought now is to take the drive out and take it somewhere. Any ideas on how i can turn it off from the computer?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 15 January 2013 - 05:08 PM

Restart the PC

Press F8 on bootup

Select REPAIR YOUR COMPUTER

Click on REPAIR

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Can you get to this screen?

If yes, select system restore and try restoring to previous point

#9 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 16 January 2013 - 03:57 AM

Repaired. Seems to be working fine. Ran all of the suggested programs in posting #6; all ran without issue, except that Adware did not produce a report on restart. Although the "hulk" by javarif does not appear in the startup programs, I have to think that this thing was so vicious, it could very well still be on here somewhere.

Here are the logs of all of the reports:

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Apple_KbdMgr" "Boot Camp Manager" "Apple Inc." "c:\program files\boot camp\bootcamp.exe"
+ "BCSSync" "Microsoft Office 2010 component" "Microsoft Corporation" "c:\program files\microsoft office\office14\bcssync.exe"
+ "IME14 CHS Setup" "Microsoft Office IME 2010" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ime14\shared\imeklmg.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "SysTrayApp" "IDT PC Audio" "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
+ "VMware User Process" "VMware Tools Core Service" "VMware, Inc." "c:\program files\vmware\vmware tools\vmtoolsd.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray.exe"
+ "Adobe Acrobat Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrobat_sl.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe_ID0ENQBO" "Adobe Version Cue CS4" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4tray.exe"
+ "AdobeCS4ServiceManager" "Adobe CS4 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "IME14 CHS Setup" "Microsoft Office IME 2010" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\ime14\shared\imeklmg.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "KiesTrayAgent" "Kies TrayAgent Application" "Samsung Electronics Co., Ltd." "c:\program files (x86)\samsung\kies\kiestrayagent.exe"
+ "LWS" "Logitech Webcam Software" "Logitech Inc." "c:\program files (x86)\logitech\lws\webcam software\lws.exe"
+ "SunJavaUpdateSched" "Java™ Update Scheduler" "Sun Microsystems, Inc." "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Audible Download Manager.lnk" "Download Manager for Audible content" "Audible, Inc." "c:\program files (x86)\audible\bin\audibledownloadhelper.exe"
"C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Dropbox.lnk" "Dropbox" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropbox.exe"
+ "Logitech . Product Registration.lnk" "Product Registration" "Leader Technologies/Logitech" "c:\program files (x86)\logitech\ereg\ereg.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "ApplePhotoStreams" "ApplePhotoStreams.exe" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\applephotostreams.exe"
+ "iCloudServices" "iCloud" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\icloudservices.exe"
+ "KiesAirMessage" "" "Samsung Electronics" "c:\program files (x86)\samsung\kies\kiesairmessage.exe"
+ "KiesPreload" "Kies" "Samsung" "c:\program files (x86)\samsung\kies\kies.exe"
+ "Messenger (Yahoo!)" "Yahoo! Messenger" "Yahoo! Inc." "c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe"
+ "msnmsgr" "Windows Live Messenger" "Microsoft Corporation" "c:\program files (x86)\windows live\messenger\msnmsgr.exe"
+ "QQIntl" "" "" "File not found: C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office14\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "Groove GFS Stub Execution Hook" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "PhotoStreamsExt" "" "" "c:\program files\common files\apple\internet services\shellstreams64.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "PhotoStreamsExt" "ShellStreams.dll" "Apple Inc." "c:\program files (x86)\common files\apple\internet services\shellstreams.dll"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKCU\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext_64.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files (x86)\filezilla ftp client\fzshellext.dll"
"HKCU\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "DropboxExt" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe Drive CS4" "Adobe Drive Menu" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe drive cs4\adfsmenu.dll"
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "AudibleShlExt Class" "AudibleExt Module" "Audible, Inc." "c:\program files (x86)\audible\bin\audibleext.dll"
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu64.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files (x86)\adobe\acrobat 9.0\acrobat elements\contextmenu.dll"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ " SkyDrive1" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"
+ " SkyDrive2" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"
+ " SkyDrive3" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\amd64\skydriveshell64.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "DropboxExt4" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext64.17.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers" "" "" ""
+ " SkyDrive1" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"
+ " SkyDrive2" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"
+ " SkyDrive3" "Microsoft SkyDrive Shell Extension" "Microsoft Corporation" "c:\users\edward\appdata\local\microsoft\skydrive\16.4.6013.0910\skydriveshell.dll"
+ "DropboxExt1" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt2" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "DropboxExt3" "Dropbox Shell Extension" "Dropbox, Inc." "c:\users\edward\appdata\roaming\dropbox\bin\dropboxext.17.dll"
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files\microsoft office\office14\grooveex.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files\microsoft office\office14\urlredir.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Groove GFS Browser Helper" "Microsoft SharePoint Workspace Extensions" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\grooveex.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\jp2ssv.dll"
+ "Java™ Plug-In SSV Helper" "Java™ Platform SE binary" "Oracle Corporation" "c:\program files (x86)\java\jre7\bin\ssv.dll"
+ "Office Document Cache Handler" "Microsoft Office Document Cache Handler" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\urlredir.dll"
+ "SmartSelect Class" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office14\onbttnie.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "OneNote Lin&ked Notes" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll"
+ "Se&nd to OneNote" "Microsoft OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office14\onbttnie.dll"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Adobe Version Cue CS4" "Adobe Version Cue CS4" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "AppleOSSMgr" "Provides support for switching between Mac OS X and Windows" "" "c:\windows\system32\appleossmgr.exe"
+ "AppleTimeSrv" "Maintains time and date when switching between Mac OS X and Windows" "Apple Inc." "c:\windows\system32\appletimesrv.exe"
+ "Ati External Event Utility" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "FLEXnet Licensing Service 64" "This service performs licensing functions on behalf of FLEXnet enabled products." "Acresso Software Inc." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe"
+ "fsssvc" "This service enables Family Safety on the computer. If this service is not running, Family Safety will not work." "Microsoft Corporation" "c:\program files (x86)\windows live\family safety\fsssvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "gusvc" "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "ImeDictUpdateService" "Microsoft Office IME 2010" "Microsoft Corporation" "c:\program files\common files\microsoft shared\ime14\shared\imedictupdate.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft SharePoint Workspace Audit Service" "Microsoft SharePoint Workspace" "Microsoft Corporation" "c:\program files\microsoft office\office14\groove.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "ose64" "保存用于更新和修复的安装文件,并且在下载安装程序更新和 Watson 错误报告时必须使用。" "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "osppsvc" "Office Software Protection Platform Service (unlocalized description)" "Microsoft Corporation" "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"
+ "SkypeUpdate" "Enables the detection, download and installation of updates for Skype." "Skype Technologies" "c:\program files (x86)\skype\updater\updater.exe"
+ "STacSV" "Manages audio jack configurations." "IDT, Inc." "c:\program files (x86)\idt\apple_v50\wdm\stacsv64.exe"
+ "TPAutoConnSvc" "ThinPrint .print component for printing with ThinPrint Ports and automatic creation of printer objects. If this service is stopped, printing with ThinPrint .print technology will not be possible." "Cortado AG" "c:\program files\vmware\vmware tools\tpautoconnsvc.exe"
+ "TPVCGateway" "ThinPrint component that receives print data from dedicated print servers and forwards it to ThinPrint ICA/RDP Clients." "Cortado AG" "c:\program files\vmware\vmware tools\tpvcgateway.exe"
+ "VMTools" "Provides support for synchronizing objects between the host and guest operating systems." "VMware, Inc." "c:\program files\vmware\vmware tools\vmtoolsd.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "aapltctp" "Apple Trackpad Enabler" "Apple Inc." "c:\windows\system32\drivers\aapltctp.sys"
+ "aapltp" "Apple Trackpad Driver" "Apple Inc." "c:\windows\system32\drivers\aapltp.sys"
+ "adfs" "Adobe Drive File System Driver" "Adobe Systems, Inc." "c:\windows\system32\drivers\adfs.sys"
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "AppleDisplayFlt" "Apple Display Driver" "Apple Inc." "c:\windows\system32\drivers\aaplmonf.sys"
+ "AppleHFS" "Apple HFS" "Apple Inc." "c:\windows\system32\drivers\applehfs.sys"
+ "AppleMNT" "Apple Mount Manager" "Apple Inc." "c:\windows\system32\drivers\applemnt.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "CMB8100" "" "" "c:\windows\syswow64\drivers\certclient.dat"
+ "CMBProtector" "" "" "c:\windows\syswow64\drivers\cmbprotector.dat"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "DevUpper" "Apple iSight Driver" "Apple Inc." "c:\windows\system32\drivers\isightft.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g6032e.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IRRemoteFlt" "IR Receiver Driver" "Apple Inc." "c:\windows\system32\drivers\irfilter.sys"
+ "iSightUpdate" "Apple iSight Update Driver" "Apple Inc." "c:\windows\system32\drivers\isightup.sys"
+ "KeyAgent" "Apple KeyAgent Driver" "Apple Inc." "c:\windows\system32\drivers\keyagent.sys"
+ "KeyMagic" "Apple Keyboard Driver" "Apple Inc." "c:\windows\system32\drivers\keymagic.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "LVRS64" "Logitech Kernel Audio Improvement Filter Driver" "Logitech Inc." "c:\windows\system32\drivers\lvrs64.sys"
+ "LVUVC64" "Logitech USB Video Class Driver" "Logitech Inc." "c:\windows\system32\drivers\lvuvc64.sys"
+ "MacHALDriver" "Mac HAL Driver" "Apple Inc." "c:\windows\system32\drivers\machaldriver.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PxHlpa64" "Px Engine Device Driver for 64-bit Windows" "Sonic Solutions" "c:\windows\system32\drivers\pxhlpa64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "speedfan" "SpeedFan x64 Driver" "Almico Software" "c:\windows\syswow64\speedfan.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "STHDA" "IDT PC Audio" "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vm3dmp" "VMware SVGA 3D Miniport" "VMware, Inc." "c:\windows\system32\drivers\vm3dmp.sys"
+ "vmci" "VMware PCI VMCI Bus Device" "VMware, Inc." "c:\windows\system32\drivers\vmci.sys"
+ "vmhgfs" "Implements the VMware HGFS protocol. This protocol provides connectivity to host files provided by the HGFS server." "VMware, Inc." "c:\windows\system32\drivers\vmhgfs.sys"
+ "VMMEMCTL" "Driver to provide enhanced memory management of this virtual machine." "VMware, Inc." "c:\program files\common files\vmware\drivers\memctl\vmmemctl.sys"
+ "vmmouse" "VMware Pointing PS/2 Device Driver" "VMware, Inc." "c:\windows\system32\drivers\vmmouse.sys"
+ "vmrawdsk" "VMware Vista Physical Disk Helper" "VMware, Inc." "c:\program files\vmware\vmware tools\vmrawdsk.sys"
+ "vmusbmouse" "VMware Pointing USB Device Driver" "VMware, Inc." "c:\windows\system32\drivers\vmusbmouse.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "vsock" "vSockets Driver" "VMware, Inc." "c:\windows\system32\drivers\vsock.sys"
+ "yukonw7" "" "" "c:\windows\system32\drivers\yk62x64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\system32\lvcod64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.i420" "Video Codec" "Logitech Inc." "c:\windows\syswow64\lvcodec2.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ ""MainConcept (Adobe2) AAC Decoder"" "AAC audio decoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2daac.ax"
+ ""MainConcept (Adobe2) AAC Encoder"" "AAC audio encoder filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2eaac.ax"
+ ""MainConcept (Adobe2) H.264 Encoder"" "DirectShow H.264/AVC Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2esh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Decoder"" "DirectShow H.264/AVC Decoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2dsh264.ax"
+ ""MainConcept (Adobe2) H.264/AVC Video Encoder"" "DirectShow H.264/AVC Video Encoder Filter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2evh264.ax"
+ ""MainConcept (Adobe2) MPEG Audio Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Audio Encoder"" "MPEG Audio Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mceampeg.ax"
+ ""MainConcept (Adobe2) MPEG Encoder"" "MPEG Encoder and Muxer" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcesmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Multiplexer"" "MPEG Multiplexer" "" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcmuxmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Splitter"" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcspmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Decoder"" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcdsmpeg.ax"
+ ""MainConcept (Adobe2) MPEG Video Encoder"" "MPEG Video Encoder" "MainConcept AG" "c:\program files (x86)\adobe\adobe premiere pro cs4\ad2mcevmpeg.ax"
+ "AC3 Decoder Filter" "TODO: <파일 설명>" "TODO: <회사 이름>" "c:\program files (x86)\myfree codec\1.0b beta\ac-3\ac3dx.ax"
+ "Audible Words Codec" "Audible Audio Files DirectShow Source Filter" "Audible, Inc." "c:\windows\syswow64\awrdscdc.ax"
+ "Capture File Writer" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "MACSReaderMP3 Filter" "MACSReaderMP3 Filter" "" "c:\program files (x86)\samsung\kies\external\mediamodules\macsreaderavi.ax"
+ "MyFree Codec Filter" "" "" "c:\program files (x86)\myfree codec\1.0b beta\myfree.ax"
+ "NEDFilter4Samsung Filter" "MACSReaderMP3 Filter" "L544™ Technology" "c:\program files (x86)\samsung\kies\external\mediamodules\nedfilter4samsung.ax"
+ "Record Queue" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "SelfMusicVideo Dump Filter" "SelfMusicVideo Dump Filter (DShow)" "ENJsoft Corporation" "c:\program files (x86)\samsung\kies\external\transmodules\tg_dump0708.dll"
+ "SendVideo" "" "" "File not found: C:\Program Files (x86)\Tencent\QQIntl\Plugin\Com.Tencent.HDVideo\bin\SendVideo.dll"
+ "WM VIH2 Fix" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Photo Gallery Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\program files (x86)\myfree codec\1.0b beta\xvid-core\xvid.ax"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries" "" "" ""
+ "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
+ "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64" "" "" ""
+ "VMCI sockets DGRAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
+ "VMCI sockets STREAM" "VSockets Library" "VMware, Inc." "c:\windows\system32\vsocklib.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corp." "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port Monitor" "Adobe PDF Port Monitor DLL" "Adobe Systems Inc" "c:\windows\system32\adobepdf.dll"
+ "ThinPrint Print Port Monitor for VMWare" ".print for VMware Print Port Monitor" "ThinPrint AG" "c:\windows\system32\tpvmmon.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "AdobeDriveCS4_NP" "Adobe Drive CS4 Network" "Adobe Systems Incorporated" "c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"
+ "vmhgfs" "VMware Shared Folders" "VMware, Inc." "c:\windows\system32\vmhgfs.dll"

#10 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 16 January 2013 - 11:09 AM

In the meantime, I ran Kapersky TDS Killer (no threat), Super-antispyware (no threats) and Hitman pro (nothing but some cookies). Any other suggestions to confirm that the malware is gone, or steps I should take to ensure it is gone?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 16 January 2013 - 12:04 PM

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here

#12 edjhk

edjhk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 17 January 2013 - 03:31 AM

kill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/17/2013 04:29:46 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/17/2013 04:30:13 PM
Execution time: 0 hours(s), 0 minute(s), and 26 seconds(s)

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:12 AM

Posted 17 January 2013 - 04:50 AM

That looks good

Remove temporary and junk files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users