Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:JS/Medfos.B


  • Please log in to reply
12 replies to this topic

#1 craighogan

craighogan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 18 January 2013 - 02:02 AM

I've started getting the Microsoft Security Essentials noticiation of a virus being quarantined. After deleting the item, it reappears within 5 minutes. file path provided is ile:C:\Users\Craig Hogan\AppData\Local\9784c330-1dd4-4cba-9b61-4736f95f3262.crx. I saw on another post to download the Malwarebytes application which I've done. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 18 January 2013 - 02:08 AM

Please download MINITOOLBOX and run it.
http://download.bleepingcomputer.com/farbar/MiniToolBox.exe

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
Reset Ie proxy Settins
Reset FF proxy settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.

Download Adware Cleaner run it Click the delete button allow it to run and post the log it creates.

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


Download the junkware removal tool save it to your desktop run it in safe mode post the log.
http://thisisudax.org/downloads/JRT.exe


Download Emsisoft Emergency Kit and save it to your desktop. Right-click on EmsisoftEmergencyKit.zip and select Extract All.... Leave all settings as they are and click Extract. You will now have a folder named EmsisoftEmergencyKit on your desktop.

Open the EmsisoftEmergencyKit
http://www.emsisoft.com/en/software/eek/download/
folder and double-click Start.exe.
A new window will open. Under "Run Directly:" click Emergency Kit Scanner.
When asked to run an online update, click Yes.
When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
Select the Deep Scan option and click the SCAN button.
When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
Copy/paste the report contents in your next reply.

#3 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 18 January 2013 - 07:44 AM

Mini Tool Box Post

MiniToolBox by Farbar Version:10-01-2013
Ran by Craig Hogan (administrator) on 18-01-2013 at 06:41:26
Running from "C:\Users\Craig Hogan\Documents"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

HighSpeed USB-Ethernet Adapter = Local Area Connection 2 (Disconnected)
Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-2B-CB-D5-D7-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : 4C-EB-42-24-F9-8C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::97d:e9d5:99d7:7858%15(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.81(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, January 17, 2013 10:28:04 PM
Lease Expires . . . . . . . . . . : Friday, January 18, 2013 10:28:04 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 340585282
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-6A-51-71-78-2B-CB-D5-D7-29
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 4C-EB-42-24-F9-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HighSpeed USB-Ethernet Adapter
Physical Address. . . . . . . . . : 00-24-9B-03-59-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {79A24345-A809-460B-A082-42F7E8F5806C}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {9E92627D-00D0-46FC-82C7-CFA597A5C396}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BF5DAC7A-3DD1-4107-B02E-3A84A7E15467}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4000:802::1002
74.125.225.227
74.125.225.228
74.125.225.229
74.125.225.230
74.125.225.231
74.125.225.232
74.125.225.233
74.125.225.238
74.125.225.224
74.125.225.225
74.125.225.226


Pinging google.com [74.125.225.228] with 32 bytes of data:
Request timed out.
Reply from 74.125.225.228: bytes=32 time=7ms TTL=53

Ping statistics for 74.125.225.228:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 7ms, Maximum = 7ms, Average = 7ms
Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=119ms TTL=46
Reply from 206.190.36.45: bytes=32 time=108ms TTL=46

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 119ms, Average = 113ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
16...78 2b cb d5 d7 29 ......Realtek PCIe GBE Family Controller
15...4c eb 42 24 f9 8c ......Intel® Centrino® Wireless-N 1030
14...4c eb 42 24 f9 90 ......Bluetooth Device (Personal Area Network)
12...00 24 9b 03 59 5f ......HighSpeed USB-Ethernet Adapter
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.81 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.81 281
192.168.1.81 255.255.255.255 On-link 192.168.1.81 281
192.168.1.255 255.255.255.255 On-link 192.168.1.81 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.81 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.81 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 281 fe80::/64 On-link
15 281 fe80::97d:e9d5:99d7:7858/128
On-link
1 306 ff00::/8 On-link
15 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/17/2013 10:59:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x027ae0d8
Faulting process id: 0x278
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (01/17/2013 10:28:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 10:21:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x02ee00c4
Faulting process id: 0x142c
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3

Error: (01/17/2013 09:14:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04468b08
Faulting process id: 0xe98
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/17/2013 02:58:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 00:36:28 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1278

Start Time: 01cdf4d99f19267b

Termination Time: 29

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (01/17/2013 11:55:55 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14dc

Start Time: 01cdf4d8d84b6e67

Termination Time: 52

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id:

Error: (01/17/2013 11:31:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 08:52:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2013 11:57:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/18/2013 00:15:39 AM) (Source: Service Control Manager) (User: )
Description: The System Event Notification Service service terminated with the following error:
%%997

Error: (01/17/2013 10:29:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/17/2013 10:28:06 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service terminated with the following error:
%%5

Error: (01/17/2013 09:14:28 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/17/2013 02:59:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/17/2013 02:57:37 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/17/2013 02:57:37 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error:
%%5

Error: (01/17/2013 02:57:37 PM) (Source: Service Control Manager) (User: )
Description: The Diagnostic Policy Service service failed to start due to the following error:
%%1079

Error: (01/17/2013 02:57:36 PM) (Source: Service Control Manager) (User: )
Description: The Base Filtering Engine service terminated with the following error:
%%5

Error: (01/17/2013 11:33:34 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/17/2013 10:59:09 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c0000005027ae0d827801cdf5344e0fd162C:\Windows\SysWOW64\rundll32.exeunknownca89e6bd-612b-11e2-9e24-4ceb4224f990

Error: (01/17/2013 10:28:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 10:21:40 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637unknown0.0.0.000000000c000000502ee00c4142c01cdf52f98789ecbC:\Windows\SysWOW64\rundll32.exeunknown8dec5d74-6126-11e2-ab6c-4ceb4224f990

Error: (01/17/2013 09:14:02 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1645750a2f9e3unknown0.0.0.000000000c000000504468b08e9801cdf4f7c87b3c6dC:\Program Files (x86)\Internet Explorer\iexplore.exeunknown1b76878d-611d-11e2-ab6c-4ceb4224f990

Error: (01/17/2013 02:58:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 00:36:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16457127801cdf4d99f19267b29C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (01/17/2013 11:55:55 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1645714dc01cdf4d8d84b6e6752C:\Program Files (x86)\Internet Explorer\iexplore.exe

Error: (01/17/2013 11:31:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2013 08:52:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2013 11:57:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146)
Adobe Reader X (10.1.5) (Version: 10.1.5)
Advanced Audio FX Engine (Version: 1.12.05)
Citrix Authentication Manager (Version: 2.0.0.41479)
Citrix Receiver (HDX Flash Redirection) (Version: 13.1.201.3)
Citrix Receiver (Version: 13.1.201.3)
Citrix Receiver Inside (Version: 3.2.0.5844)
Citrix Receiver(Aero) (Version: 13.1.201.3)
Citrix Receiver(DV) (Version: 13.1.201.3)
Citrix Receiver(USB) (Version: 13.1.201.3)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3426)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.67)
Dell DataSafe Local Backup (Version: 9.4.67)
Dell Display Manager
Dell Support Center (Version: 3.1.5907.16)
Dell Touchpad (Version: 15.2.5.2)
Dell Webcam Central (Version: 1.40.05)
DigitalPersona Fingerprint Software 5.20 (Version: 5.20.230)
DirectX 9 Runtime (Version: 1.00.0000)
DisplayLink Core Software (Version: 6.3.40660.0)
DisplayLink Graphics (Version: 6.1.35912.0)
GoToMeeting 5.3.0.1009 (Version: 5.3.0.1009)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 22.50.231.0)
HP Officejet Pro 8500 A910 Help (Version: 140.0.2.2)
HP Update (Version: 5.002.006.003)
IDR_XA (Version: 1.0)
IDT Audio (Version: 1.0.6365.0)
Intel® Processor Graphics (Version: 8.15.10.2361)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.0.0454)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Dynamics Sure Step 2010 (Version: 3.0.11)
Microsoft Lync Web App Plug-in (Version: 4.0.7577.205)
Microsoft Mouse and Keyboard Center (Version: 2.0.162.0)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Online Plug-in (Version: 13.1.201.3)
PC Cleaners
PhotoShowExpress (Version: 2.0.063)
Quickset64 (Version: 10.09.20)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Self-service Plug-in (Version: 3.2.0.24226)
Skype™ 6.0 (Version: 6.0.126)
Snagit 10.0.2 (Version: 10.0.2)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
USB-Ethernet Adapter Device
Validity Sensors DDK (Version: 4.3.108.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 4003.17 MB
Available physical RAM: 1215.35 MB
Total Pagefile: 8004.54 MB
Available Pagefile: 4214.21 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.33 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:284.42 GB) (Free:145.49 GB) NTFS
3 Drive e: () (Fixed) (Total:189.91 GB) (Free:62.33 GB) NTFS
4 Drive y: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.23 GB) NTFS

========================= Users: ========================================



**** End of log ****

#4 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 18 January 2013 - 08:03 AM

# AdwCleaner v2.106 - Logfile created 01/18/2013 at 06:44:54
# Updated 17/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Craig Hogan - MININT-46KNA9J
# Boot Mode : Normal
# Running from : C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJJD8WZ8\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [691 octets] - [18/01/2013 06:44:54]

########## EOF - C:\AdwCleaner[S1].txt - [750 octets] ##########

#5 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 18 January 2013 - 04:19 PM

As soon as you post the other logs we will continue. :thumbup2:

#6 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 18 January 2013 - 05:23 PM

Emsisoft Emergency Kit - Version 3.0
Last update: 1/18/2013 7:16:15 AM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, E:\

Detect Riskware: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 1/18/2013 9:08:40 AM

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{80F7CA8D-E1D7-5FE3-A439-9439C7EEAF57}-wgsdgsdgdsgsd.exe -> (Quarantine-PE) detected: Trojan.Generic.KDZ.4677
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9CCDE997-8B28-DAB4-F765-426BADAF9290}-ruego.exe -> (Quarantine-PE) detected: Trojan.Cridex.A
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{C01D8F5C-6976-BC26-76C5-2B94E7EF6AB8}-LR2CT73Y.exe -> (Quarantine-PE) detected: Trojan.Generic.KDV.833414
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\AP\0363020.exe detected: Trojan.Generic.KDV.825927
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\BM\1151000.exe detected: Trojan.Generic.8423285
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\GRZIP00.EXE detected: Trojan.Generic.KDV.825926
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\OM\4040100.exe detected: Trojan.Generic.KDZ.249
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\pafpm00.exe detected: Trojan.Generic.KDV.825892
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\paidm00.exe detected: Trojan.Generic.KDV.825925
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\PAMSC00.exe detected: Trojan.Generic.KDZ.273
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\PASIT00.EXE detected: Trojan.Generic.KDV.804042
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PR\0255000.exe detected: Trojan.Generic.KDV.825880
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\SD\SD00200.EXE detected: Trojan.Generic.KDZ.3919
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\SE\SE40100.EXE detected: Trojan.Generic.KDZ.3920
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\AP\0363020.exe detected: Trojan.Generic.KDV.825927
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\BM\1151000.exe detected: Trojan.Generic.8423285
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\GRZIP00.EXE detected: Trojan.Generic.KDV.825926
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\OM\4040100.exe detected: Trojan.Generic.KDZ.249
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\pafpm00.exe detected: Trojan.Generic.KDV.825892
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\paidm00.exe detected: Trojan.Generic.KDV.825925
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\PAMSC00.exe detected: Trojan.Generic.KDZ.273
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\PASIT00.EXE detected: Trojan.Generic.KDV.804042
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PR\0255000.exe detected: Trojan.Generic.KDV.825880
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\SD\SD00200.EXE detected: Trojan.Generic.KDZ.3919
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\SE\SE40100.EXE detected: Trojan.Generic.KDZ.3920

Scanned 566041
Found 25

Scan end: 1/18/2013 11:25:47 AM
Scan time: 2:17:07

C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\SE\SE40100.EXE Quarantined Trojan.Generic.KDZ.3920
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\SE\SE40100.EXE Quarantined Trojan.Generic.KDZ.3920
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\SD\SD00200.EXE Quarantined Trojan.Generic.KDZ.3919
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\SD\SD00200.EXE Quarantined Trojan.Generic.KDZ.3919
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PR\0255000.exe Quarantined Trojan.Generic.KDV.825880
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PR\0255000.exe Quarantined Trojan.Generic.KDV.825880
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\PASIT00.EXE Quarantined Trojan.Generic.KDV.804042
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\PASIT00.EXE Quarantined Trojan.Generic.KDV.804042
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\PAMSC00.exe Quarantined Trojan.Generic.KDZ.273
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\PAMSC00.exe Quarantined Trojan.Generic.KDZ.273
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\paidm00.exe Quarantined Trojan.Generic.KDV.825925
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\paidm00.exe Quarantined Trojan.Generic.KDV.825925
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\PA\pafpm00.exe Quarantined Trojan.Generic.KDV.825892
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\PA\pafpm00.exe Quarantined Trojan.Generic.KDV.825892
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\OM\4040100.exe Quarantined Trojan.Generic.KDZ.249
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\OM\4040100.exe Quarantined Trojan.Generic.KDZ.249
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\GRZIP00.EXE Quarantined Trojan.Generic.KDV.825926
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\GRZIP00.EXE Quarantined Trojan.Generic.KDV.825926
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\BM\1151000.exe Quarantined Trojan.Generic.8423285
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\BM\1151000.exe Quarantined Trojan.Generic.8423285
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson C Drive\SL Software\60disk1\SolIV\AP\0363020.exe Quarantined Trojan.Generic.KDV.825927
C:\Users\Craig Hogan\Documents\z - One Touch External Hard Drive\Russ Hudson\SL Software\60disk1\SolIV\AP\0363020.exe Quarantined Trojan.Generic.KDV.825927
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{C01D8F5C-6976-BC26-76C5-2B94E7EF6AB8}-LR2CT73Y.exe -> (Quarantine-PE) Quarantined Trojan.Generic.KDV.833414
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9CCDE997-8B28-DAB4-F765-426BADAF9290}-ruego.exe -> (Quarantine-PE) Quarantined Trojan.Cridex.A
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{80F7CA8D-E1D7-5FE3-A439-9439C7EEAF57}-wgsdgsdgdsgsd.exe -> (Quarantine-PE) Quarantined Trojan.Generic.KDZ.4677

Quarantined 25

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 18 January 2013 - 05:45 PM

Download tdss killer

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


Right Click it Run As Admin . Click on Change parameters Select TDLFS file system

Hit the Scan button Post the LOG In your next reply

Do not change the default options on scan results



Update and do a quick scan with Malwarebytes remove all that it finds and reboot.
http://www.filehippo.com/download_malwarebytes_anti_malware/download/ecf14848530d11a2f09a94b92a69fcfa/

Post the log here,


Update do a quick scan with Superantispyware remove all this finds reboot.
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
post the log here.




Run a scan with Eset. You will need to disable your antivirus during this scan.
http://www.eset.com/us/online-scanner/
Make sure remove found threats and scan archives is checked.
When the scan finish list found threats save to clipboard copy to notepad Post the log here.

Download the program below.
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Run the program hit the scan button allow it to finish.
Then hit the delete button.
Reboot your machine post the Rouge killer log please.

#8 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 22 January 2013 - 01:09 PM

13:10:40.0678 6988 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:10:41.0145 6988 ============================================================
13:10:41.0145 6988 Current date / time: 2013/01/20 13:10:41.0145
13:10:41.0145 6988 SystemInfo:
13:10:41.0145 6988
13:10:41.0145 6988 OS Version: 6.1.7601 ServicePack: 1.0
13:10:41.0145 6988 Product type: Workstation
13:10:41.0145 6988 ComputerName: MININT-46KNA9J
13:10:41.0146 6988 UserName: Craig Hogan
13:10:41.0146 6988 Windows directory: C:\Windows
13:10:41.0146 6988 System windows directory: C:\Windows
13:10:41.0146 6988 Running under WOW64
13:10:41.0146 6988 Processor architecture: Intel x64
13:10:41.0146 6988 Number of processors: 4
13:10:41.0146 6988 Page size: 0x1000
13:10:41.0146 6988 Boot type: Normal boot
13:10:41.0146 6988 ============================================================
13:10:42.0070 6988 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:10:42.0141 6988 Drive \Device\Harddisk1\DR1 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:10:42.0143 6988 ============================================================
13:10:42.0143 6988 \Device\Harddisk0\DR0:
13:10:42.0143 6988 MBR partitions:
13:10:42.0143 6988 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x238D5000
13:10:42.0143 6988 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D5800, BlocksNum 0x1B58800
13:10:42.0143 6988 \Device\Harddisk1\DR1:
13:10:42.0143 6988 MBR partitions:
13:10:42.0144 6988 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x17BD13D8
13:10:42.0144 6988 ============================================================
13:10:42.0193 6988 C: <-> \Device\Harddisk0\DR0\Partition1
13:10:42.0821 6988 E: <-> \Device\Harddisk1\DR1\Partition1
13:10:42.0821 6988 ============================================================
13:10:42.0821 6988 Initialize success
13:10:42.0821 6988 ============================================================
13:11:27.0395 8392 ============================================================
13:11:27.0395 8392 Scan started
13:11:27.0395 8392 Mode: Manual; TDLFS;
13:11:27.0395 8392 ============================================================
13:11:27.0510 8392 ================ Scan system memory ========================
13:11:27.0510 8392 System memory - ok
13:11:27.0511 8392 ================ Scan services =============================
13:11:27.0700 8392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:11:27.0706 8392 1394ohci - ok
13:11:27.0739 8392 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
13:11:27.0742 8392 Acceler - ok
13:11:27.0764 8392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:11:27.0771 8392 ACPI - ok
13:11:27.0796 8392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:11:27.0798 8392 AcpiPmi - ok
13:11:27.0911 8392 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
13:11:27.0916 8392 acsock - ok
13:11:28.0067 8392 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:11:28.0070 8392 AdobeARMservice - ok
13:11:28.0218 8392 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:11:28.0224 8392 AdobeFlashPlayerUpdateSvc - ok
13:11:28.0276 8392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:11:28.0306 8392 adp94xx - ok
13:11:28.0355 8392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:11:28.0363 8392 adpahci - ok
13:11:28.0388 8392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:11:28.0392 8392 adpu320 - ok
13:11:28.0425 8392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:11:28.0427 8392 AeLookupSvc - ok
13:11:28.0536 8392 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:11:28.0540 8392 AESTFilters - ok
13:11:28.0578 8392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:11:28.0589 8392 AFD - ok
13:11:28.0616 8392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:11:28.0619 8392 agp440 - ok
13:11:28.0638 8392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:11:28.0642 8392 ALG - ok
13:11:28.0658 8392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:11:28.0660 8392 aliide - ok
13:11:28.0674 8392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:11:28.0676 8392 amdide - ok
13:11:28.0686 8392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:11:28.0688 8392 AmdK8 - ok
13:11:28.0701 8392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:11:28.0703 8392 AmdPPM - ok
13:11:28.0722 8392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:11:28.0725 8392 amdsata - ok
13:11:28.0747 8392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:11:28.0751 8392 amdsbs - ok
13:11:28.0775 8392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:11:28.0775 8392 amdxata - ok
13:11:28.0802 8392 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:11:28.0805 8392 AppID - ok
13:11:28.0812 8392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:11:28.0814 8392 AppIDSvc - ok
13:11:28.0849 8392 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:11:28.0851 8392 Appinfo - ok
13:11:28.0866 8392 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:11:28.0870 8392 AppMgmt - ok
13:11:28.0890 8392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:11:28.0893 8392 arc - ok
13:11:28.0897 8392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:11:28.0898 8392 arcsas - ok
13:11:28.0931 8392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:11:28.0933 8392 AsyncMac - ok
13:11:28.0967 8392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:11:28.0968 8392 atapi - ok
13:11:28.0990 8392 [ 4119870B90E1B5E7797D6433D21F9216 ] AthDfu C:\Windows\System32\Drivers\AthDfu.sys
13:11:28.0991 8392 AthDfu - ok
13:11:29.0025 8392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:11:29.0052 8392 AudioEndpointBuilder - ok
13:11:29.0080 8392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:11:29.0084 8392 AudioSrv - ok
13:11:29.0104 8392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:11:29.0107 8392 AxInstSV - ok
13:11:29.0134 8392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:11:29.0140 8392 b06bdrv - ok
13:11:29.0173 8392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:11:29.0178 8392 b57nd60a - ok
13:11:29.0201 8392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:11:29.0203 8392 BDESVC - ok
13:11:29.0221 8392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:11:29.0223 8392 Beep - ok
13:11:29.0249 8392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:11:29.0272 8392 BFE - ok
13:11:29.0333 8392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:11:29.0363 8392 BITS - ok
13:11:29.0378 8392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:11:29.0381 8392 blbdrive - ok
13:11:29.0513 8392 [ 093B1B419EF25B15D3A1CA6953F41AFB ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:11:29.0545 8392 Bluetooth Device Monitor - ok
13:11:29.0592 8392 [ 03A7341E94ACD92E0831336D4F3ACE92 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:11:29.0607 8392 Bluetooth Media Service - ok
13:11:29.0676 8392 [ A2EBF384ED105FED7D05C5465500EF2E ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:11:29.0710 8392 Bluetooth OBEX Service - ok
13:11:29.0750 8392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:11:29.0752 8392 bowser - ok
13:11:29.0798 8392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:11:29.0800 8392 BrFiltLo - ok
13:11:29.0821 8392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:11:29.0823 8392 BrFiltUp - ok
13:11:29.0918 8392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:11:29.0922 8392 Browser - ok
13:11:29.0942 8392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:11:29.0950 8392 Brserid - ok
13:11:29.0967 8392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:11:29.0970 8392 BrSerWdm - ok
13:11:29.0983 8392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:11:29.0985 8392 BrUsbMdm - ok
13:11:30.0003 8392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:11:30.0005 8392 BrUsbSer - ok
13:11:30.0033 8392 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows\system32\drivers\btath_bus.sys
13:11:30.0035 8392 BTATH_BUS - ok
13:11:30.0057 8392 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows\system32\drivers\btath_hcrp.sys
13:11:30.0061 8392 BTATH_HCRP - ok
13:11:30.0080 8392 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows\system32\drivers\btath_rcp.sys
13:11:30.0084 8392 BTATH_RCP - ok
13:11:30.0170 8392 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:11:30.0174 8392 BthEnum - ok
13:11:30.0181 8392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:11:30.0184 8392 BTHMODEM - ok
13:11:30.0259 8392 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:11:30.0264 8392 BthPan - ok
13:11:30.0293 8392 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:11:30.0315 8392 BTHPORT - ok
13:11:30.0375 8392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:11:30.0378 8392 bthserv - ok
13:11:30.0401 8392 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:11:30.0405 8392 BTHUSB - ok
13:11:30.0455 8392 [ 16C1BAC9760C9FA85A30F3FA0FBB1B7A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
13:11:30.0458 8392 btmaux - ok
13:11:30.0531 8392 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
13:11:30.0540 8392 btmhsf - ok
13:11:30.0578 8392 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
13:11:30.0582 8392 btwavdt - ok
13:11:30.0600 8392 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\Windows\system32\drivers\btwrchid.sys
13:11:30.0602 8392 btwrchid - ok
13:11:30.0623 8392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:11:30.0629 8392 cdfs - ok
13:11:30.0712 8392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:11:30.0716 8392 cdrom - ok
13:11:30.0756 8392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:11:30.0758 8392 CertPropSvc - ok
13:11:30.0788 8392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:11:30.0791 8392 circlass - ok
13:11:30.0816 8392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:11:30.0823 8392 CLFS - ok
13:11:30.0923 8392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:11:30.0927 8392 clr_optimization_v2.0.50727_32 - ok
13:11:30.0976 8392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:11:30.0979 8392 clr_optimization_v2.0.50727_64 - ok
13:11:31.0131 8392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:11:31.0136 8392 clr_optimization_v4.0.30319_32 - ok
13:11:31.0198 8392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:11:31.0202 8392 clr_optimization_v4.0.30319_64 - ok
13:11:31.0241 8392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:11:31.0243 8392 CmBatt - ok
13:11:31.0260 8392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:11:31.0262 8392 cmdide - ok
13:11:31.0298 8392 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:11:31.0306 8392 CNG - ok
13:11:31.0345 8392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:11:31.0346 8392 Compbatt - ok
13:11:31.0352 8392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:11:31.0355 8392 CompositeBus - ok
13:11:31.0377 8392 COMSysApp - ok
13:11:31.0393 8392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:11:31.0395 8392 crcdisk - ok
13:11:31.0470 8392 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:11:31.0476 8392 CryptSvc - ok
13:11:31.0507 8392 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:11:31.0516 8392 CSC - ok
13:11:31.0559 8392 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:11:31.0587 8392 CscService - ok
13:11:31.0651 8392 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:11:31.0656 8392 CtClsFlt - ok
13:11:31.0718 8392 [ F02D7FD231AF76C69A8F09C619DEE384 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
13:11:31.0764 8392 ctxusbm - ok
13:11:31.0864 8392 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:11:31.0869 8392 dc3d - ok
13:11:31.0929 8392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:11:31.0952 8392 DcomLaunch - ok
13:11:32.0001 8392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:11:32.0009 8392 defragsvc - ok
13:11:32.0052 8392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:11:32.0056 8392 DfsC - ok
13:11:32.0093 8392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:11:32.0101 8392 Dhcp - ok
13:11:32.0118 8392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:11:32.0119 8392 discache - ok
13:11:32.0150 8392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:11:32.0152 8392 Disk - ok
13:11:32.0463 8392 [ 95422E960A0ABD922D4CD47CEA2A06E0 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
13:11:32.0659 8392 DisplayLinkService - ok
13:11:32.0716 8392 [ 8DEB7C73F210D0983091EAB3F734EA0B ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.3.40660.0.sys
13:11:32.0717 8392 DisplayLinkUsbPort - ok
13:11:32.0761 8392 [ 4CE52D98C4C865276607FFBE92781C62 ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
13:11:32.0768 8392 dlkmd - ok
13:11:32.0834 8392 [ 9EE92A1B53E11B1CA33011192DAC158B ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
13:11:32.0836 8392 dlkmdldr - ok
13:11:32.0870 8392 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
13:11:32.0873 8392 dmvsc - ok
13:11:32.0950 8392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:11:32.0957 8392 Dnscache - ok
13:11:32.0974 8392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:11:32.0981 8392 dot3svc - ok
13:11:33.0050 8392 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
13:11:33.0057 8392 DpHost - ok
13:11:33.0074 8392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:11:33.0079 8392 DPS - ok
13:11:33.0094 8392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:11:33.0099 8392 drmkaud - ok
13:11:33.0139 8392 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:11:33.0176 8392 DXGKrnl - ok
13:11:33.0191 8392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:11:33.0194 8392 EapHost - ok
13:11:33.0277 8392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:11:33.0362 8392 ebdrv - ok
13:11:33.0398 8392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:11:33.0400 8392 EFS - ok
13:11:33.0495 8392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:11:33.0525 8392 ehRecvr - ok
13:11:33.0546 8392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:11:33.0550 8392 ehSched - ok
13:11:33.0590 8392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:11:33.0612 8392 elxstor - ok
13:11:33.0622 8392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:11:33.0624 8392 ErrDev - ok
13:11:33.0675 8392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:11:33.0681 8392 EventSystem - ok
13:11:33.0706 8392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:11:33.0709 8392 exfat - ok
13:11:33.0729 8392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:11:33.0732 8392 fastfat - ok
13:11:33.0786 8392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:11:33.0812 8392 Fax - ok
13:11:33.0830 8392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:11:33.0832 8392 fdc - ok
13:11:33.0879 8392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:11:33.0882 8392 fdPHost - ok
13:11:33.0895 8392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:11:33.0897 8392 FDResPub - ok
13:11:33.0911 8392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:11:33.0913 8392 FileInfo - ok
13:11:33.0933 8392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:11:33.0935 8392 Filetrace - ok
13:11:33.0946 8392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:11:33.0948 8392 flpydisk - ok
13:11:33.0974 8392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:11:33.0979 8392 FltMgr - ok
13:11:34.0017 8392 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:11:34.0053 8392 FontCache - ok
13:11:34.0109 8392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:11:34.0112 8392 FontCache3.0.0.0 - ok
13:11:34.0133 8392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:11:34.0137 8392 FsDepends - ok
13:11:34.0199 8392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:11:34.0202 8392 Fs_Rec - ok
13:11:34.0211 8392 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:11:34.0214 8392 fvevol - ok
13:11:34.0267 8392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:11:34.0271 8392 gagp30kx - ok
13:11:34.0325 8392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:11:34.0359 8392 gpsvc - ok
13:11:34.0383 8392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:11:34.0385 8392 hcw85cir - ok
13:11:34.0429 8392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:11:34.0435 8392 HdAudAddService - ok
13:11:34.0470 8392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:11:34.0473 8392 HDAudBus - ok
13:11:34.0494 8392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:11:34.0497 8392 HidBatt - ok
13:11:34.0521 8392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:11:34.0523 8392 HidBth - ok
13:11:34.0541 8392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:11:34.0543 8392 HidIr - ok
13:11:34.0559 8392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:11:34.0561 8392 hidserv - ok
13:11:34.0611 8392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:11:34.0650 8392 HidUsb - ok
13:11:34.0685 8392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:11:34.0689 8392 hkmsvc - ok
13:11:34.0718 8392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:11:34.0728 8392 HomeGroupListener - ok
13:11:34.0765 8392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:11:34.0770 8392 HomeGroupProvider - ok
13:11:34.0808 8392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:11:34.0811 8392 HpSAMD - ok
13:11:34.0858 8392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:11:34.0880 8392 HTTP - ok
13:11:34.0898 8392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:11:34.0898 8392 hwpolicy - ok
13:11:34.0924 8392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:11:34.0927 8392 i8042prt - ok
13:11:34.0969 8392 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
13:11:34.0972 8392 iaStor - ok
13:11:35.0002 8392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:11:35.0009 8392 iaStorV - ok
13:11:35.0082 8392 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
13:11:35.0085 8392 iBtFltCoex - ok
13:11:35.0144 8392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:11:35.0179 8392 idsvc - ok
13:11:35.0440 8392 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:11:35.0668 8392 igfx - ok
13:11:35.0706 8392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:11:35.0708 8392 iirsp - ok
13:11:35.0762 8392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:11:35.0797 8392 IKEEXT - ok
13:11:35.0840 8392 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
13:11:35.0844 8392 Impcd - ok
13:11:35.0881 8392 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:11:35.0887 8392 IntcDAud - ok
13:11:35.0914 8392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:11:35.0916 8392 intelide - ok
13:11:35.0943 8392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:11:35.0946 8392 intelppm - ok
13:11:35.0986 8392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:11:35.0989 8392 IPBusEnum - ok
13:11:36.0008 8392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:11:36.0011 8392 IpFilterDriver - ok
13:11:36.0069 8392 [ 08C2957BB30058E663720C5606885653 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
13:11:36.0079 8392 IpHlpSvc - ok
13:11:36.0092 8392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:11:36.0094 8392 IPMIDRV - ok
13:11:36.0126 8392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:11:36.0129 8392 IPNAT - ok
13:11:36.0150 8392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:11:36.0154 8392 IRENUM - ok
13:11:36.0173 8392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:11:36.0175 8392 isapnp - ok
13:11:36.0202 8392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:11:36.0208 8392 iScsiPrt - ok
13:11:36.0222 8392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:11:36.0224 8392 kbdclass - ok
13:11:36.0237 8392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:11:36.0277 8392 kbdhid - ok
13:11:36.0299 8392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:11:36.0302 8392 KeyIso - ok
13:11:36.0340 8392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:11:36.0342 8392 KSecDD - ok
13:11:36.0357 8392 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:11:36.0360 8392 KSecPkg - ok
13:11:36.0371 8392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:11:36.0373 8392 ksthunk - ok
13:11:36.0411 8392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:11:36.0420 8392 KtmRm - ok
13:11:36.0460 8392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:11:36.0466 8392 LanmanServer - ok
13:11:36.0503 8392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:11:36.0508 8392 LanmanWorkstation - ok
13:11:36.0533 8392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:11:36.0536 8392 lltdio - ok
13:11:36.0569 8392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:11:36.0576 8392 lltdsvc - ok
13:11:36.0598 8392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:11:36.0600 8392 lmhosts - ok
13:11:36.0640 8392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:11:36.0643 8392 LSI_FC - ok
13:11:36.0652 8392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:11:36.0655 8392 LSI_SAS - ok
13:11:36.0675 8392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:11:36.0678 8392 LSI_SAS2 - ok
13:11:36.0717 8392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:11:36.0721 8392 LSI_SCSI - ok
13:11:36.0738 8392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:11:36.0740 8392 luafv - ok
13:11:36.0766 8392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:11:36.0771 8392 Mcx2Svc - ok
13:11:36.0787 8392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:11:36.0790 8392 megasas - ok
13:11:36.0810 8392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:11:36.0815 8392 MegaSR - ok
13:11:36.0897 8392 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:11:36.0899 8392 MEIx64 - ok
13:11:37.0009 8392 Microsoft SharePoint Workspace Audit Service - ok
13:11:37.0043 8392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:11:37.0048 8392 MMCSS - ok
13:11:37.0072 8392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:11:37.0075 8392 Modem - ok
13:11:37.0122 8392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:11:37.0124 8392 monitor - ok
13:11:37.0180 8392 [ 1CC353D6B0EFBC411BC34AE70E5F5B38 ] MOSUMAC C:\Windows\system32\DRIVERS\USBMAC64.SYS
13:11:37.0182 8392 MOSUMAC - ok
13:11:37.0197 8392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:11:37.0199 8392 mouclass - ok
13:11:37.0215 8392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:11:37.0233 8392 mouhid - ok
13:11:37.0244 8392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:11:37.0247 8392 mountmgr - ok
13:11:37.0306 8392 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
13:11:37.0310 8392 MpFilter - ok
13:11:37.0333 8392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:11:37.0338 8392 mpio - ok
13:11:37.0353 8392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:11:37.0356 8392 mpsdrv - ok
13:11:37.0381 8392 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:11:37.0404 8392 MpsSvc - ok
13:11:37.0426 8392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:11:37.0430 8392 MRxDAV - ok
13:11:37.0456 8392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:11:37.0459 8392 mrxsmb - ok
13:11:37.0470 8392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:11:37.0474 8392 mrxsmb10 - ok
13:11:37.0495 8392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:11:37.0497 8392 mrxsmb20 - ok
13:11:37.0527 8392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:11:37.0529 8392 msahci - ok
13:11:37.0548 8392 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:11:37.0551 8392 msdsm - ok
13:11:37.0574 8392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:11:37.0578 8392 MSDTC - ok
13:11:37.0604 8392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:11:37.0604 8392 Msfs - ok
13:11:37.0629 8392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:11:37.0631 8392 mshidkmdf - ok
13:11:37.0661 8392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:11:37.0662 8392 msisadrv - ok
13:11:37.0709 8392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:11:37.0713 8392 MSiSCSI - ok
13:11:37.0716 8392 msiserver - ok
13:11:37.0747 8392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:11:37.0748 8392 MSKSSRV - ok
13:11:37.0843 8392 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:11:37.0843 8392 MsMpSvc - ok
13:11:37.0870 8392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:11:37.0872 8392 MSPCLOCK - ok
13:11:37.0887 8392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:11:37.0888 8392 MSPQM - ok
13:11:37.0911 8392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:11:37.0918 8392 MsRPC - ok
13:11:37.0940 8392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:11:37.0952 8392 mssmbios - ok
13:11:37.0958 8392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:11:37.0959 8392 MSTEE - ok
13:11:37.0986 8392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:11:37.0988 8392 MTConfig - ok
13:11:38.0008 8392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:11:38.0009 8392 Mup - ok
13:11:38.0080 8392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:11:38.0102 8392 napagent - ok
13:11:38.0140 8392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:11:38.0148 8392 NativeWifiP - ok
13:11:38.0255 8392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:11:38.0294 8392 NDIS - ok
13:11:38.0320 8392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:11:38.0323 8392 NdisCap - ok
13:11:38.0350 8392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:11:38.0352 8392 NdisTapi - ok
13:11:38.0387 8392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:11:38.0390 8392 Ndisuio - ok
13:11:38.0405 8392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:11:38.0410 8392 NdisWan - ok
13:11:38.0415 8392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:11:38.0417 8392 NDProxy - ok
13:11:38.0429 8392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:11:38.0429 8392 NetBIOS - ok
13:11:38.0447 8392 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:11:38.0452 8392 NetBT - ok
13:11:38.0465 8392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:11:38.0466 8392 Netlogon - ok
13:11:38.0530 8392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:11:38.0536 8392 Netman - ok
13:11:38.0559 8392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:11:38.0566 8392 netprofm - ok
13:11:38.0586 8392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:11:38.0587 8392 NetTcpPortSharing - ok
13:11:38.0804 8392 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
13:11:39.0002 8392 NETwNs64 - ok
13:11:39.0050 8392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:11:39.0052 8392 nfrd960 - ok
13:11:39.0101 8392 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:11:39.0104 8392 NisDrv - ok
13:11:39.0142 8392 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:11:39.0149 8392 NisSrv - ok
13:11:39.0220 8392 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:11:39.0227 8392 NlaSvc - ok
13:11:39.0238 8392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:11:39.0239 8392 Npfs - ok
13:11:39.0294 8392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:11:39.0298 8392 nsi - ok
13:11:39.0319 8392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:11:39.0321 8392 nsiproxy - ok
13:11:39.0421 8392 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:11:39.0461 8392 Ntfs - ok
13:11:39.0549 8392 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:11:39.0553 8392 NuidFltr - ok
13:11:39.0599 8392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:11:39.0605 8392 Null - ok
13:11:39.0687 8392 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:11:39.0691 8392 nusb3hub - ok
13:11:39.0735 8392 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:11:39.0740 8392 nusb3xhc - ok
13:11:39.0784 8392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:11:39.0788 8392 nvraid - ok
13:11:39.0806 8392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:11:39.0811 8392 nvstor - ok
13:11:39.0831 8392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:11:39.0834 8392 nv_agp - ok
13:11:39.0857 8392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:11:39.0860 8392 ohci1394 - ok
13:11:39.0960 8392 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:11:39.0966 8392 ose64 - ok
13:11:40.0228 8392 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:11:40.0364 8392 osppsvc - ok
13:11:40.0413 8392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:11:40.0444 8392 p2pimsvc - ok
13:11:40.0469 8392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:11:40.0500 8392 p2psvc - ok
13:11:40.0548 8392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:11:40.0553 8392 Parport - ok
13:11:40.0586 8392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:11:40.0589 8392 partmgr - ok
13:11:40.0607 8392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:11:40.0615 8392 PcaSvc - ok
13:11:40.0656 8392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:11:40.0661 8392 pci - ok
13:11:40.0679 8392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:11:40.0682 8392 pciide - ok
13:11:40.0709 8392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:11:40.0714 8392 pcmcia - ok
13:11:40.0722 8392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:11:40.0723 8392 pcw - ok
13:11:40.0743 8392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:11:40.0752 8392 PEAUTH - ok
13:11:40.0784 8392 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:11:40.0818 8392 PeerDistSvc - ok
13:11:40.0890 8392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:11:40.0894 8392 PerfHost - ok
13:11:40.0963 8392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:11:40.0997 8392 pla - ok
13:11:41.0056 8392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:11:41.0065 8392 PlugPlay - ok
13:11:41.0078 8392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:11:41.0082 8392 PNRPAutoReg - ok
13:11:41.0103 8392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:11:41.0107 8392 PNRPsvc - ok
13:11:41.0179 8392 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:11:41.0183 8392 Point64 - ok
13:11:41.0245 8392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:11:41.0267 8392 PolicyAgent - ok
13:11:41.0283 8392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:11:41.0287 8392 Power - ok
13:11:41.0337 8392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:11:41.0342 8392 PptpMiniport - ok
13:11:41.0372 8392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:11:41.0376 8392 Processor - ok
13:11:41.0421 8392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:11:41.0428 8392 ProfSvc - ok
13:11:41.0444 8392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:11:41.0446 8392 ProtectedStorage - ok
13:11:41.0488 8392 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:11:41.0491 8392 Psched - ok
13:11:41.0562 8392 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:11:41.0563 8392 PxHlpa64 - ok
13:11:41.0630 8392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:11:41.0663 8392 ql2300 - ok
13:11:41.0685 8392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:11:41.0689 8392 ql40xx - ok
13:11:41.0718 8392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:11:41.0724 8392 QWAVE - ok
13:11:41.0739 8392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:11:41.0741 8392 QWAVEdrv - ok
13:11:41.0757 8392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:11:41.0759 8392 RasAcd - ok
13:11:41.0798 8392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:11:41.0800 8392 RasAgileVpn - ok
13:11:41.0820 8392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:11:41.0824 8392 RasAuto - ok
13:11:41.0842 8392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:11:41.0845 8392 Rasl2tp - ok
13:11:41.0867 8392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:11:41.0874 8392 RasMan - ok
13:11:41.0894 8392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:11:41.0906 8392 RasPppoe - ok
13:11:41.0911 8392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:11:41.0914 8392 RasSstp - ok
13:11:41.0938 8392 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:11:41.0943 8392 rdbss - ok
13:11:41.0962 8392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:11:41.0964 8392 rdpbus - ok
13:11:41.0981 8392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:11:41.0982 8392 RDPCDD - ok
13:11:42.0015 8392 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:11:42.0020 8392 RDPDR - ok
13:11:42.0037 8392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:11:42.0038 8392 RDPENCDD - ok
13:11:42.0044 8392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:11:42.0044 8392 RDPREFMP - ok
13:11:42.0079 8392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:11:42.0084 8392 RDPWD - ok
13:11:42.0103 8392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:11:42.0107 8392 rdyboost - ok
13:11:42.0153 8392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:11:42.0156 8392 RemoteAccess - ok
13:11:42.0174 8392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:11:42.0178 8392 RemoteRegistry - ok
13:11:42.0255 8392 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:11:42.0261 8392 RFCOMM - ok
13:11:42.0457 8392 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:11:42.0501 8392 RoxMediaDB12OEM - ok
13:11:42.0536 8392 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:11:42.0541 8392 RoxWatch12 - ok
13:11:42.0589 8392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:11:42.0592 8392 RpcEptMapper - ok
13:11:42.0631 8392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:11:42.0634 8392 RpcLocator - ok
13:11:42.0657 8392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:11:42.0663 8392 RpcSs - ok
13:11:42.0703 8392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:11:42.0706 8392 rspndr - ok
13:11:42.0762 8392 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:11:42.0764 8392 RSUSBSTOR - ok
13:11:42.0833 8392 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:11:42.0856 8392 RTL8167 - ok
13:11:42.0876 8392 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:11:42.0879 8392 s3cap - ok
13:11:42.0907 8392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:11:42.0910 8392 SamSs - ok
13:11:42.0974 8392 sapiiqrd - ok
13:11:43.0004 8392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:11:43.0008 8392 sbp2port - ok
13:11:43.0032 8392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:11:43.0038 8392 SCardSvr - ok
13:11:43.0061 8392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:11:43.0063 8392 scfilter - ok
13:11:43.0100 8392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:11:43.0135 8392 Schedule - ok
13:11:43.0178 8392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:11:43.0179 8392 SCPolicySvc - ok
13:11:43.0191 8392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:11:43.0196 8392 SDRSVC - ok
13:11:43.0209 8392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:11:43.0211 8392 secdrv - ok
13:11:43.0229 8392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:11:43.0233 8392 seclogon - ok
13:11:43.0248 8392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:11:43.0252 8392 SENS - ok
13:11:43.0268 8392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:11:43.0280 8392 SensrSvc - ok
13:11:43.0306 8392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:11:43.0308 8392 Serenum - ok
13:11:43.0322 8392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:11:43.0325 8392 Serial - ok
13:11:43.0340 8392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:11:43.0342 8392 sermouse - ok
13:11:43.0377 8392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:11:43.0381 8392 SessionEnv - ok
13:11:43.0401 8392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:11:43.0404 8392 sffdisk - ok
13:11:43.0418 8392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:11:43.0420 8392 sffp_mmc - ok
13:11:43.0430 8392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:11:43.0433 8392 sffp_sd - ok
13:11:43.0481 8392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:11:43.0483 8392 sfloppy - ok
13:11:43.0579 8392 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:11:43.0657 8392 SftService - ok
13:11:43.0716 8392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:11:43.0726 8392 SharedAccess - ok
13:11:43.0750 8392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:11:43.0758 8392 ShellHWDetection - ok
13:11:43.0780 8392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:11:43.0782 8392 SiSRaid2 - ok
13:11:43.0800 8392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:11:43.0804 8392 SiSRaid4 - ok
13:11:43.0874 8392 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:11:43.0878 8392 SkypeUpdate - ok
13:11:43.0908 8392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:11:43.0911 8392 Smb - ok
13:11:43.0933 8392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:11:43.0938 8392 SNMPTRAP - ok
13:11:43.0954 8392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:11:43.0955 8392 spldr - ok
13:11:44.0034 8392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:11:44.0057 8392 Spooler - ok
13:11:44.0142 8392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:11:44.0255 8392 sppsvc - ok
13:11:44.0268 8392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:11:44.0271 8392 sppuinotify - ok
13:11:44.0291 8392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:11:44.0297 8392 srv - ok
13:11:44.0318 8392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:11:44.0323 8392 srv2 - ok
13:11:44.0340 8392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:11:44.0343 8392 srvnet - ok
13:11:44.0370 8392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:11:44.0374 8392 SSDPSRV - ok
13:11:44.0396 8392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:11:44.0399 8392 SstpSvc - ok
13:11:44.0447 8392 [ 7BF818B11C1FEDC3E76D233124470A30 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:11:44.0452 8392 STacSV - ok
13:11:44.0507 8392 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
13:11:44.0508 8392 stdcfltn - ok
13:11:44.0539 8392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:11:44.0541 8392 stexstor - ok
13:11:44.0600 8392 [ EBC1A5E076A9BE314D3D9E8ED19ABB0A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:11:44.0622 8392 STHDA - ok
13:11:44.0706 8392 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:11:44.0711 8392 StillCam - ok
13:11:44.0759 8392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:11:44.0781 8392 stisvc - ok
13:11:44.0851 8392 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:11:44.0937 8392 stllssvr - ok
13:11:44.0943 8392 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:11:44.0944 8392 storflt - ok
13:11:44.0976 8392 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
13:11:44.0978 8392 StorSvc - ok
13:11:44.0998 8392 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:11:45.0001 8392 storvsc - ok
13:11:45.0015 8392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:11:45.0018 8392 swenum - ok
13:11:45.0036 8392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:11:45.0044 8392 swprv - ok
13:11:45.0108 8392 [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:11:45.0162 8392 SynTP - ok
13:11:45.0240 8392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:11:45.0285 8392 SysMain - ok
13:11:45.0305 8392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:11:45.0309 8392 TabletInputService - ok
13:11:45.0329 8392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:11:45.0336 8392 TapiSrv - ok
13:11:45.0359 8392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:11:45.0363 8392 TBS - ok
13:11:45.0463 8392 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:11:45.0569 8392 Tcpip - ok
13:11:45.0618 8392 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:11:45.0630 8392 TCPIP6 - ok
13:11:45.0711 8392 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:11:45.0715 8392 tcpipreg - ok
13:11:45.0765 8392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:11:45.0768 8392 TDPIPE - ok
13:11:45.0800 8392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:11:45.0802 8392 TDTCP - ok
13:11:45.0819 8392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:11:45.0823 8392 tdx - ok
13:11:45.0833 8392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:11:45.0836 8392 TermDD - ok
13:11:45.0869 8392 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:11:45.0897 8392 TermService - ok
13:11:45.0917 8392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:11:45.0921 8392 Themes - ok
13:11:45.0970 8392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:11:45.0972 8392 THREADORDER - ok
13:11:46.0016 8392 [ FF879027C552A37897D107BE6CEDF6DF ] tihub3 C:\Windows\system32\drivers\tihub3.sys
13:11:46.0020 8392 tihub3 - ok
13:11:46.0039 8392 [ 133C3B4A3E44616F8F571A0EBBEF9B74 ] tixhci C:\Windows\system32\drivers\tixhci.sys
13:11:46.0046 8392 tixhci - ok
13:11:46.0078 8392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:11:46.0083 8392 TrkWks - ok
13:11:46.0172 8392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:11:46.0178 8392 TrustedInstaller - ok
13:11:46.0208 8392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:11:46.0210 8392 tssecsrv - ok
13:11:46.0254 8392 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:11:46.0256 8392 TsUsbFlt - ok
13:11:46.0292 8392 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:11:46.0295 8392 TsUsbGD - ok
13:11:46.0323 8392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:11:46.0326 8392 tunnel - ok
13:11:46.0350 8392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:11:46.0353 8392 uagp35 - ok
13:11:46.0371 8392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:11:46.0377 8392 udfs - ok
13:11:46.0387 8392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:11:46.0390 8392 UI0Detect - ok
13:11:46.0396 8392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:11:46.0399 8392 uliagpkx - ok
13:11:46.0416 8392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:11:46.0418 8392 umbus - ok
13:11:46.0446 8392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
13:11:46.0448 8392 UmPass - ok
13:11:46.0472 8392 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:11:46.0477 8392 UmRdpService - ok
13:11:46.0502 8392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:11:46.0508 8392 upnphost - ok
13:11:46.0584 8392 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:11:46.0589 8392 usbaudio - ok
13:11:46.0608 8392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:11:46.0625 8392 usbccgp - ok
13:11:46.0640 8392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:11:46.0642 8392 usbcir - ok
13:11:46.0678 8392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:11:46.0680 8392 usbehci - ok
13:11:46.0703 8392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:11:46.0709 8392 usbhub - ok
13:11:46.0723 8392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:11:46.0726 8392 usbohci - ok
13:11:46.0737 8392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:11:46.0739 8392 usbprint - ok
13:11:46.0758 8392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:11:46.0761 8392 USBSTOR - ok
13:11:46.0780 8392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:11:46.0783 8392 usbuhci - ok
13:11:46.0834 8392 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:11:46.0838 8392 usbvideo - ok
13:11:46.0848 8392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:11:46.0851 8392 UxSms - ok
13:11:46.0864 8392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:11:46.0866 8392 VaultSvc - ok
13:11:46.0983 8392 [ 8C51E58D59CBF2639832484EC9ED8DDA ] vcsFPService C:\Windows\system32\vcsFPService.exe
13:11:47.0051 8392 vcsFPService - ok
13:11:47.0071 8392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:11:47.0073 8392 vdrvroot - ok
13:11:47.0092 8392 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:11:47.0099 8392 vds - ok
13:11:47.0134 8392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:11:47.0136 8392 vga - ok
13:11:47.0152 8392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:11:47.0154 8392 VgaSave - ok
13:11:47.0174 8392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:11:47.0178 8392 vhdmp - ok
13:11:47.0189 8392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:11:47.0191 8392 viaide - ok
13:11:47.0205 8392 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:11:47.0208 8392 vmbus - ok
13:11:47.0226 8392 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:11:47.0228 8392 VMBusHID - ok
13:11:47.0245 8392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:11:47.0247 8392 volmgr - ok
13:11:47.0268 8392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:11:47.0272 8392 volmgrx - ok
13:11:47.0286 8392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:11:47.0290 8392 volsnap - ok
13:11:47.0359 8392 [ 845DAE50510383B7F6ACA73CE2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
13:11:47.0361 8392 vpnva - ok
13:11:47.0469 8392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:11:47.0473 8392 vsmraid - ok
13:11:47.0524 8392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:11:47.0570 8392 VSS - ok
13:11:47.0591 8392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:11:47.0605 8392 vwifibus - ok
13:11:47.0649 8392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:11:47.0652 8392 vwififlt - ok
13:11:47.0670 8392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:11:47.0679 8392 W32Time - ok
13:11:47.0695 8392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:11:47.0698 8392 WacomPen - ok
13:11:47.0728 8392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:11:47.0732 8392 WANARP - ok
13:11:47.0753 8392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:11:47.0755 8392 Wanarpv6 - ok
13:11:47.0866 8392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:11:47.0905 8392 WatAdminSvc - ok
13:11:47.0953 8392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:11:47.0999 8392 wbengine - ok
13:11:48.0018 8392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:11:48.0024 8392 WbioSrvc - ok
13:11:48.0049 8392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:11:48.0078 8392 wcncsvc - ok
13:11:48.0091 8392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:11:48.0095 8392 WcsPlugInService - ok
13:11:48.0111 8392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:11:48.0114 8392 Wd - ok
13:11:48.0187 8392 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:11:48.0215 8392 Wdf01000 - ok
13:11:48.0238 8392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:11:48.0243 8392 WdiServiceHost - ok
13:11:48.0250 8392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:11:48.0253 8392 WdiSystemHost - ok
13:11:48.0317 8392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:11:48.0338 8392 WebClient - ok
13:11:48.0360 8392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:11:48.0370 8392 Wecsvc - ok
13:11:48.0393 8392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:11:48.0398 8392 wercplsupport - ok
13:11:48.0416 8392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:11:48.0420 8392 WerSvc - ok
13:11:48.0431 8392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:11:48.0433 8392 WfpLwf - ok
13:11:48.0500 8392 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:11:48.0504 8392 WimFltr - ok
13:11:48.0528 8392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:11:48.0530 8392 WIMMount - ok
13:11:48.0551 8392 WinDefend - ok
13:11:48.0558 8392 WinHttpAutoProxySvc - ok
13:11:48.0644 8392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:11:48.0652 8392 Winmgmt - ok
13:11:48.0735 8392 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:11:48.0825 8392 WinRM - ok
13:11:48.0920 8392 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
13:11:48.0922 8392 WinUSB - ok
13:11:48.0954 8392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:11:48.0981 8392 Wlansvc - ok
13:11:49.0182 8392 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:11:49.0285 8392 wlidsvc - ok
13:11:49.0312 8392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:11:49.0314 8392 WmiAcpi - ok
13:11:49.0356 8392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:11:49.0360 8392 wmiApSrv - ok
13:11:49.0394 8392 WMPNetworkSvc - ok
13:11:49.0423 8392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:11:49.0426 8392 WPCSvc - ok
13:11:49.0445 8392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:11:49.0450 8392 WPDBusEnum - ok
13:11:49.0469 8392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:11:49.0471 8392 ws2ifsl - ok
13:11:49.0496 8392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:11:49.0501 8392 wscsvc - ok
13:11:49.0576 8392 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
13:11:49.0579 8392 WSDPrintDevice - ok
13:11:49.0588 8392 WSearch - ok
13:11:49.0716 8392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:11:49.0846 8392 wuauserv - ok
13:11:49.0896 8392 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:11:49.0899 8392 WudfPf - ok
13:11:49.0921 8392 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:11:49.0926 8392 WUDFRd - ok
13:11:49.0992 8392 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:11:49.0997 8392 wudfsvc - ok
13:11:50.0027 8392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:11:50.0034 8392 WwanSvc - ok
13:11:50.0071 8392 ================ Scan global ===============================
13:11:50.0102 8392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:11:50.0135 8392 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:11:50.0146 8392 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
13:11:50.0192 8392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:11:50.0237 8392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:11:50.0245 8392 [Global] - ok
13:11:50.0245 8392 ================ Scan MBR ==================================
13:11:50.0256 8392 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:11:50.0601 8392 \Device\Harddisk0\DR0 - ok
13:11:50.0607 8392 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:11:51.0552 8392 \Device\Harddisk1\DR1 - ok
13:11:51.0553 8392 ================ Scan VBR ==================================
13:11:51.0596 8392 [ 0E0400AA08D82CDDFA75D26D53A25E40 ] \Device\Harddisk0\DR0\Partition1
13:11:51.0601 8392 \Device\Harddisk0\DR0\Partition1 - ok
13:11:51.0607 8392 [ 2715656801BA2936C34EB87F4426093E ] \Device\Harddisk0\DR0\Partition2
13:11:51.0611 8392 \Device\Harddisk0\DR0\Partition2 - ok
13:11:51.0619 8392 [ D4B0C1A6B82DB327C08D9FF657D46C28 ] \Device\Harddisk1\DR1\Partition1
13:11:51.0622 8392 \Device\Harddisk1\DR1\Partition1 - ok
13:11:51.0624 8392 ============================================================
13:11:51.0624 8392 Scan finished
13:11:51.0624 8392 ============================================================
13:11:51.0642 5460 Detected object count: 0
13:11:51.0642 5460 Actual detected object count: 0

#9 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 22 January 2013 - 01:17 PM

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.22.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Craig Hogan :: MININT-46KNA9J [administrator]

1/22/2013 12:12:17 PM
mbam-log-2013-01-22 (12-12-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211521
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Craig Hogan\AppData\Roaming\wihet.dll (Trojan.Medfos) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|wihet (Trojan.Medfos) -> Data: rundll32.exe "C:\Users\Craig Hogan\AppData\Roaming\wihet.dll",DeleteIndex -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Oxdiedkyu (Trojan.Agent.ED) -> Data: "C:\Users\Craig Hogan\AppData\Roaming\Wuyba\ruego.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Craig Hogan\AppData\Roaming\wihet.dll (Trojan.Medfos) -> Delete on reboot.
C:\Users\Craig Hogan\AppData\Roaming\Wuyba\ruego.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)

#10 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 22 January 2013 - 01:34 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/22/2013 at 12:32 PM

Application Version : 5.6.1014

Core Rules Database Version : 9905
Trace Rules Database Version: 7717

Scan type : Quick Scan
Total Scan Time : 00:07:10

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 620
Memory threats detected : 0
Registry items scanned : 61196
Registry threats detected : 0
File items scanned : 10698
File threats detected : 48

Adware.Tracking Cookie
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3LYM4XI5.txt [ Cookie:craig hogan@casalemedia.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1NNWN074.txt [ Cookie:craig hogan@at.atwola.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DWP4ZH51.txt [ Cookie:craig hogan@liveperson.net/hc/55601019 ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZHOHJXZ.txt [ Cookie:craig hogan@a.intentmedia.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UWMAB5N3.txt [ Cookie:craig hogan@a1.interclick.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\741Y6PFI.txt [ Cookie:craig hogan@collective-media.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2R80WJWD.txt [ Cookie:craig hogan@realmedia.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\919G3H90.txt [ Cookie:craig hogan@liveperson.net/hc/52266821 ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CHRNNGZE.txt [ Cookie:craig hogan@burstnet.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BTCS8B4N.txt [ Cookie:craig hogan@revsci.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZC2C1TF.txt [ Cookie:craig hogan@imrworldwide.com/cgi-bin ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\2ZA6C1JX.txt [ Cookie:craig hogan@atdmt.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\FCVH3LDX.txt [ Cookie:craig hogan@fastclick.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BHJ8PPUJ.txt [ Cookie:craig hogan@advertise.admarket.me/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WBHDHJ4.txt [ Cookie:craig hogan@statse.webtrendslive.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GAF17HT4.txt [ Cookie:craig hogan@pro-market.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BBYKZUC.txt [ Cookie:craig hogan@c.atdmt.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQ4EJW2P.txt [ Cookie:craig hogan@tribalfusion.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\R0FLH498.txt [ Cookie:craig hogan@premiumtv.122.2o7.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C2EU7DDL.txt [ Cookie:craig hogan@legolas-media.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSAGKMOV.txt [ Cookie:craig hogan@invitemedia.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1BQDNRO.txt [ Cookie:craig hogan@doubleclick.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\DGJR8ICB.txt [ Cookie:craig hogan@advertising.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UYUIL3XU.txt [ Cookie:craig hogan@serving-sys.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\J2JOUIZH.txt [ Cookie:craig hogan@pointroll.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\7QM6E7MU.txt [ Cookie:craig hogan@insightexpressai.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C6EBITIS.txt [ Cookie:craig hogan@www.advertise.admarket.me/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\514I6PZP.txt [ Cookie:craig hogan@liveperson.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZE0M88GW.txt [ Cookie:craig hogan@247realmedia.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NT7SSY68.txt [ Cookie:craig hogan@questionmarket.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MJVEF3EI.txt [ Cookie:craig hogan@statcounter.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\K7K4YAUE.txt [ Cookie:craig hogan@c1.atdmt.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3MWYFQ2.txt [ Cookie:craig hogan@ad.mlnadvertising.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F45Q62AE.txt [ Cookie:craig hogan@zedo.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MO32JTQ4.txt [ Cookie:craig hogan@yieldmanager.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1ISJ7MSX.txt [ Cookie:craig hogan@www.findaset.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AYC29957.txt [ Cookie:craig hogan@mediacatchers.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\I61VO3UZ.txt [ Cookie:craig hogan@adtech.de/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIKQTFT1.txt [ Cookie:craig hogan@interclick.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N86H65MO.txt [ Cookie:craig hogan@ad.yieldmanager.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\81OVZPZZ.txt [ Cookie:craig hogan@click.livesearchnow.com/ads-clicktrack/click/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LE2W4IJ2.txt [ Cookie:craig hogan@mediaplex.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\98YW51LJ.txt [ Cookie:craig hogan@liveperson.net/hc/61732089 ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KNOOHJLU.txt [ Cookie:craig hogan@accounts.google.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EV8M5HF7.txt [ Cookie:craig hogan@server.iad.liveperson.net/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\C5JSMMAK.txt [ Cookie:craig hogan@ads.pointroll.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\93ZY52QA.txt [ Cookie:craig hogan@citygridmedia.com/ ]
C:\USERS\CRAIG HOGAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\64SPCJ6B.txt [ Cookie:craig hogan@gmgmacmortgage.112.2o7.net/ ]

#11 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 22 January 2013 - 04:51 PM

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Craig Hogan [Admin rights]
Mode : Scan -- Date : 01/22/2013 15:50:34

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : nasmsn ("C:\Windows\System32\rundll32.exe" "C:\Users\Craig Hogan\AppData\Roaming\nasmsn.dll",CallMethod) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1485091747-1754223835-4253842178-1002[...]\Run : nasmsn ("C:\Windows\System32\rundll32.exe" "C:\Users\Craig Hogan\AppData\Roaming\nasmsn.dll",CallMethod) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$2e0b5fc39d8a908be92b11a5939acb28\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1485091747-1754223835-4253842178-1002\$2e0b5fc39d8a908be92b11a5939acb28\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$2e0b5fc39d8a908be92b11a5939acb28\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1485091747-1754223835-4253842178-1002\$2e0b5fc39d8a908be92b11a5939acb28\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST320LT020-9YG142 +++++
--- User ---
[MBR] ef09b613e07f5fbc892f754db40eaeb1
[BSP] 409426718c364abe01ada19b47c4e60f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 291242 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 596465664 | Size: 14001 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor OneTouch II USB Device +++++
--- User ---
[MBR] 749f240eb473515ab20cb5667d553a1c
[BSP] aef1da31a6a1e38145d69b8bb4c66662 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 194466 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01222013_02d1550.txt >>
RKreport[1]_S_01222013_02d1550.txt

#12 craighogan

craighogan
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 23 January 2013 - 07:53 AM

Scan Log
Version of virus signature database: 7921 (20130122)
Date: 1/22/2013 Time: 11:13:22 PM
Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProj.dat - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » _TUProjDT.dat - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » DataSafe_Green.ico - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG1.JPG - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » IRIMG2.JPG - error - password-protected file
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat » ZIP » Wow64.lmd - error - password-protected file
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\ProgramData\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock - error opening [4]
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin - error opening [4]
C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\IMpServiceEDB4FA23-53B8-4AFA-8C5D-99752CCA7094.lock - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\MpDiag.bin - error opening [4]
C:\Users\All Users\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\MpScanCache-1.bin - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - error opening [4]
C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - error opening [4]
C:\Users\Craig Hogan\NTUSER.DAT - error opening [4]
C:\Users\Craig Hogan\ntuser.dat.LOG1 - error opening [4]
C:\Users\Craig Hogan\ntuser.dat.LOG2 - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{263FC3F4-64E0-11E2-9BB8-4CEB4224F990}.dat - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4106B5F0-64E0-11E2-9BB8-4CEB4224F990}.dat - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\UsrClass.dat - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9CAD4D5F-7F41-4F8F-A879-DD8A28452FEF}.tmp - error opening [4]
C:\Users\Craig Hogan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FBB7A48B-36C8-49C2-B24F-0378F132652D}.tmp - error opening [4]
C:\Windows\Installer\9f616.msi » MSI » required.cab » CAB - error reading archive
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - error opening [4]
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 - error opening [4]
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 - error opening [4]
C:\Windows\System32\catroot2\edb.log - error opening [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - error opening [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - error opening [4]
Number of scanned objects: 400368
Number of threats found: 0
Time of completion: 11:55:25 PM Total scanning time: 2523 sec (00:42:03)

Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.

#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 23 January 2013 - 08:25 PM

To make sure that there is not something serious going on here More tools than are aloud in this forum see the link below follow steps 6 through 8.

http://www.bleepingcomputer.com/forums/topic34773.html




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users