Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ieframe.dll Problem [Closed] [Solved]


  • This topic is locked This topic is locked

#1
yorozuya

yorozuya

    Member

  • Member
  • PipPip
  • 69 posts
I'm posting this log here after being advised to do so in THIS THREAD. In that thread there is a description of my problem please read it.

OTL logfile created on: 3/7/2012 3:43:39 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Joyce Wavey\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 73.94% Memory free
6.19 Gb Paging File | 5.56 Gb Available in Paging File | 89.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 420.94 Gb Free Space | 90.38% Space Free | Partition Type: NTFS

Computer Name: JOYCEWAVEY-PC | User Name: Joyce Wavey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/06 20:43:19 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce Wavey\Documents\OTL.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/03 08:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/09 03:00:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM05Mon.exe
PRC - [2007/02/13 13:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/13 13:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe


========== Modules (No Company Name) ==========

MOD - [2007/02/13 13:33:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/02/13 13:14:18 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/01/07 16:13:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (OMCI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (DFUBTUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (btusbflt)
DRV - [2011/11/14 21:50:16 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/04/10 22:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008/08/23 01:35:00 | 007,475,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/20 11:02:22 | 001,030,784 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (hcw85bda)
DRV - [2007/07/20 03:00:00 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/06/29 19:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 13:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2007/06/08 03:00:02 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/13 15:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/03/05 20:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2006/11/02 01:41:53 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.ipl...q={searchTerms}
IE - HKCU\..\SearchScopes\{7ACCF42E-B13A-47C3-88A4-609990AAB8EC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/02/10 07:21:44 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober2367783.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D8D04988-F7FD-408A-9622-22BF212D7D99}: DhcpNameServer = 64.59.176.13 64.59.176.15 64.59.177.226
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Joyce Wavey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joyce Wavey\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{56083f9b-1d3a-11e0-8f40-001c26dcdf3e}\Shell\AutoRun\command - "" = L:\PMBP_Win.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\StarterMediaBackup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 20:43:18 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Joyce Wavey\Documents\OTL.exe
[2012/02/11 16:36:25 | 009,889,896 | ---- | C] (CCCP Project ) -- C:\Users\Joyce Wavey\Documents\Combined-Community-Codec-Pack-2011-11-11.exe
[2012/02/10 18:37:37 | 000,000,000 | ---D | C] -- C:\Users\Joyce Wavey\AppData\Roaming\Malwarebytes
[2012/02/10 18:37:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/10 18:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/10 18:37:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/10 18:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/10 18:36:04 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Joyce Wavey\Documents\mbam--setup-1.60.1.1000.exe
[2012/02/10 15:52:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/02/10 07:23:05 | 000,000,000 | ---D | C] -- C:\Users\Joyce Wavey\AppData\Local\Oberon Games
[2012/02/10 07:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2012/02/10 07:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media
[2012/02/10 07:17:06 | 022,738,864 | ---- | C] (Oberon Media Inc.) -- C:\Users\Joyce Wavey\Documents\Bubbletown-setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 15:40:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 15:40:54 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 15:40:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 15:40:45 | 3219,066,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 13:20:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/07 07:58:25 | 000,606,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 07:58:25 | 000,104,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 07:54:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/06 20:43:19 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Joyce Wavey\Documents\OTL.exe
[2012/02/17 00:10:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/12 14:44:32 | 000,081,920 | ---- | M] () -- C:\Users\Joyce Wavey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 16:36:48 | 009,889,896 | ---- | M] (CCCP Project ) -- C:\Users\Joyce Wavey\Documents\Combined-Community-Codec-Pack-2011-11-11.exe
[2012/02/10 18:37:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 18:36:42 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Joyce Wavey\Documents\mbam--setup-1.60.1.1000.exe
[2012/02/10 18:06:46 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 17:33:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/10 17:33:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/10 07:22:04 | 000,001,156 | ---- | M] () -- C:\Users\Joyce Wavey\Desktop\MSN Games.lnk
[2012/02/10 07:19:00 | 022,738,864 | ---- | M] (Oberon Media Inc.) -- C:\Users\Joyce Wavey\Documents\Bubbletown-setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 18:37:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/10 17:33:57 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/02/10 17:33:57 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/02/10 15:53:16 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 15:53:03 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/10 07:22:04 | 000,001,156 | ---- | C] () -- C:\Users\Joyce Wavey\Desktop\MSN Games.lnk
[2011/10/10 19:37:40 | 000,032,256 | ---- | C] () -- C:\Windows\System32\kailleraclient.dll
[2011/09/19 01:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/09/19 01:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/03/11 11:08:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/11 11:08:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/10 12:28:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/11 09:06:31 | 000,081,920 | ---- | C] () -- C:\Users\Joyce Wavey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 17:58:02 | 000,000,680 | ---- | C] () -- C:\Users\Joyce Wavey\AppData\Local\d3d9caps.dat
[2011/01/07 16:57:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2011/01/07 16:41:12 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/01/07 16:28:54 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0F4A7B6A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:029E021F

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello yorozuya and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

So...we meet again :). Let's beggin

Step 1

Do you use GamesBar? If not then please uninstall it from your system.

Step 2

Please update your Malwarebytes and do Quick Scan. Post log after the scan.

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

  • Malwarebytes log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#3
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Joyce Wavey :: JOYCEWAVEY-PC [administrator]

4/1/2012 6:03:38 PM
mbam-log-2012-04-01 (18-03-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197638
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#4
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 18:54:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500630AS rev.3.ADG
Running: 0eyvhj7k.exe; Driver: C:\Users\JOYCEW~1\AppData\Local\Temp\kwlirfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E404340, 0x3DC187, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000065 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000067 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000067 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26dcdf3e
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001c26dcdf3e (not active ControlSet)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 PE file @ sector 976771116

---- EOF - GMER 1.0.15 ----
  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi yorozuya,

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi yorozuya,

Please post your logs here.
  • 0

#8
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
17:31:57.0211 3092 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
17:31:57.0601 3092 ============================================================
17:31:57.0601 3092 Current date / time: 2012/04/03 17:31:57.0601
17:31:57.0601 3092 SystemInfo:
17:31:57.0601 3092
17:31:57.0601 3092 OS Version: 6.0.6002 ServicePack: 2.0
17:31:57.0601 3092 Product type: Workstation
17:31:57.0601 3092 ComputerName: JOYCEWAVEY-PC
17:31:57.0601 3092 UserName: Joyce Wavey
17:31:57.0601 3092 Windows directory: C:\Windows
17:31:57.0601 3092 System windows directory: C:\Windows
17:31:57.0601 3092 Processor architecture: Intel x86
17:31:57.0601 3092 Number of processors: 4
17:31:57.0601 3092 Page size: 0x1000
17:31:57.0601 3092 Boot type: Normal boot
17:31:57.0601 3092 ============================================================
17:31:58.0272 3092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:31:58.0335 3092 \Device\Harddisk0\DR0:
17:31:58.0350 3092 MBR used
17:31:58.0350 3092 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
17:31:58.0366 3092 Initialize success
17:31:58.0366 3092 ============================================================
17:33:42.0153 0328 ============================================================
17:33:42.0153 0328 Scan started
17:33:42.0153 0328 Mode: Manual; SigCheck; TDLFS;
17:33:42.0153 0328 ============================================================
17:33:43.0011 0328 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:33:44.0259 0328 !SASCORE - ok
17:33:44.0383 0328 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:33:44.0415 0328 ACPI - ok
17:33:44.0508 0328 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:33:44.0555 0328 AdobeARMservice - ok
17:33:44.0617 0328 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:33:44.0649 0328 adp94xx - ok
17:33:44.0711 0328 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:33:44.0773 0328 adpahci - ok
17:33:44.0789 0328 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:33:44.0820 0328 adpu160m - ok
17:33:44.0851 0328 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:33:44.0883 0328 adpu320 - ok
17:33:44.0914 0328 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
17:33:45.0007 0328 AeLookupSvc - ok
17:33:45.0070 0328 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:33:45.0117 0328 AFD - ok
17:33:45.0148 0328 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:33:45.0179 0328 agp440 - ok
17:33:45.0226 0328 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:33:45.0241 0328 aic78xx - ok
17:33:45.0304 0328 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
17:33:45.0351 0328 ALG - ok
17:33:45.0382 0328 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
17:33:45.0397 0328 aliide - ok
17:33:45.0429 0328 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:33:45.0460 0328 amdagp - ok
17:33:45.0475 0328 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
17:33:45.0491 0328 amdide - ok
17:33:45.0522 0328 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:33:45.0569 0328 AmdK7 - ok
17:33:45.0585 0328 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:33:45.0647 0328 AmdK8 - ok
17:33:45.0678 0328 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
17:33:45.0725 0328 Appinfo - ok
17:33:45.0772 0328 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:33:45.0803 0328 arc - ok
17:33:45.0850 0328 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:33:45.0881 0328 arcsas - ok
17:33:45.0959 0328 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:33:46.0006 0328 AsyncMac - ok
17:33:46.0068 0328 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:33:46.0084 0328 atapi - ok
17:33:46.0131 0328 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:33:46.0209 0328 AudioEndpointBuilder - ok
17:33:46.0240 0328 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
17:33:46.0271 0328 Audiosrv - ok
17:33:46.0318 0328 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
17:33:46.0365 0328 BCM43XV - ok
17:33:46.0411 0328 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:33:46.0443 0328 Beep - ok
17:33:46.0505 0328 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
17:33:46.0552 0328 BFE - ok
17:33:46.0614 0328 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
17:33:46.0661 0328 BITS - ok
17:33:46.0677 0328 blbdrive - ok
17:33:46.0708 0328 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:33:46.0755 0328 bowser - ok
17:33:46.0817 0328 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:33:46.0833 0328 BrFiltLo - ok
17:33:46.0864 0328 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:33:46.0895 0328 BrFiltUp - ok
17:33:46.0942 0328 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
17:33:46.0973 0328 Browser - ok
17:33:47.0020 0328 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:33:47.0082 0328 Brserid - ok
17:33:47.0113 0328 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:33:47.0176 0328 BrSerWdm - ok
17:33:47.0207 0328 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:33:47.0254 0328 BrUsbMdm - ok
17:33:47.0269 0328 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:33:47.0316 0328 BrUsbSer - ok
17:33:47.0363 0328 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
17:33:47.0394 0328 BthEnum - ok
17:33:47.0425 0328 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:33:47.0488 0328 BTHMODEM - ok
17:33:47.0503 0328 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
17:33:47.0535 0328 BthPan - ok
17:33:47.0581 0328 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
17:33:47.0613 0328 BTHPORT - ok
17:33:47.0644 0328 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
17:33:47.0675 0328 BthServ - ok
17:33:47.0706 0328 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
17:33:47.0737 0328 BTHUSB - ok
17:33:47.0769 0328 btusbflt - ok
17:33:47.0800 0328 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
17:33:47.0847 0328 btwaudio - ok
17:33:47.0878 0328 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
17:33:47.0909 0328 btwavdt - ok
17:33:47.0925 0328 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
17:33:47.0971 0328 btwrchid - ok
17:33:48.0034 0328 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:33:48.0081 0328 cdfs - ok
17:33:48.0143 0328 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:33:48.0190 0328 cdrom - ok
17:33:48.0252 0328 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:33:48.0315 0328 CertPropSvc - ok
17:33:48.0346 0328 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:33:48.0408 0328 circlass - ok
17:33:48.0455 0328 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:33:48.0486 0328 CLFS - ok
17:33:48.0533 0328 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:33:48.0595 0328 clr_optimization_v2.0.50727_32 - ok
17:33:48.0658 0328 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:33:48.0673 0328 clr_optimization_v4.0.30319_32 - ok
17:33:48.0720 0328 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
17:33:48.0736 0328 cmdide - ok
17:33:48.0767 0328 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:33:48.0783 0328 Compbatt - ok
17:33:48.0798 0328 COMSysApp - ok
17:33:48.0814 0328 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:33:48.0829 0328 crcdisk - ok
17:33:48.0845 0328 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:33:48.0907 0328 Crusoe - ok
17:33:48.0954 0328 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
17:33:48.0985 0328 CryptSvc - ok
17:33:49.0048 0328 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:33:49.0095 0328 DcomLaunch - ok
17:33:49.0157 0328 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:33:49.0204 0328 DfsC - ok
17:33:49.0297 0328 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
17:33:49.0469 0328 DFSR - ok
17:33:49.0500 0328 DFUBTUSB - ok
17:33:49.0547 0328 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
17:33:49.0578 0328 Dhcp - ok
17:33:49.0625 0328 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:33:49.0656 0328 disk - ok
17:33:49.0703 0328 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
17:33:49.0765 0328 Dnscache - ok
17:33:49.0812 0328 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
17:33:49.0843 0328 dot3svc - ok
17:33:49.0906 0328 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
17:33:49.0937 0328 DPS - ok
17:33:49.0984 0328 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:33:50.0015 0328 drmkaud - ok
17:33:50.0062 0328 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:33:50.0093 0328 DXGKrnl - ok
17:33:50.0171 0328 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
17:33:50.0218 0328 e1express - ok
17:33:50.0249 0328 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:33:50.0311 0328 E1G60 - ok
17:33:50.0343 0328 EagleXNt - ok
17:33:50.0374 0328 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
17:33:50.0405 0328 EapHost - ok
17:33:50.0467 0328 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:33:50.0499 0328 Ecache - ok
17:33:50.0545 0328 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
17:33:50.0608 0328 ehRecvr - ok
17:33:50.0639 0328 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
17:33:50.0686 0328 ehSched - ok
17:33:50.0701 0328 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
17:33:50.0717 0328 ehstart - ok
17:33:50.0795 0328 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:33:50.0826 0328 elxstor - ok
17:33:50.0873 0328 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
17:33:50.0920 0328 EMDMgmt - ok
17:33:50.0982 0328 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
17:33:51.0013 0328 EventSystem - ok
17:33:51.0076 0328 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:33:51.0123 0328 exfat - ok
17:33:51.0154 0328 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:33:51.0185 0328 fastfat - ok
17:33:51.0216 0328 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:33:51.0279 0328 fdc - ok
17:33:51.0310 0328 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
17:33:51.0341 0328 fdPHost - ok
17:33:51.0357 0328 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
17:33:51.0403 0328 FDResPub - ok
17:33:51.0450 0328 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:33:51.0481 0328 FileInfo - ok
17:33:51.0513 0328 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:33:51.0559 0328 Filetrace - ok
17:33:51.0575 0328 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:33:51.0622 0328 flpydisk - ok
17:33:51.0637 0328 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:33:51.0669 0328 FltMgr - ok
17:33:51.0715 0328 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
17:33:51.0809 0328 FontCache - ok
17:33:51.0840 0328 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:33:51.0856 0328 FontCache3.0.0.0 - ok
17:33:51.0918 0328 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:33:51.0934 0328 Fs_Rec - ok
17:33:51.0965 0328 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:33:51.0996 0328 gagp30kx - ok
17:33:52.0059 0328 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
17:33:52.0074 0328 GoToAssist - ok
17:33:52.0137 0328 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
17:33:52.0215 0328 gpsvc - ok
17:33:52.0277 0328 hcw85bda (f2f6730eabf0a06561b34858982695cb) C:\Windows\system32\drivers\HCW85BDA.sys
17:33:52.0402 0328 hcw85bda - ok
17:33:52.0480 0328 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
17:33:52.0511 0328 HdAudAddService - ok
17:33:52.0558 0328 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:33:52.0605 0328 HDAudBus - ok
17:33:52.0667 0328 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:33:52.0729 0328 HidBth - ok
17:33:52.0745 0328 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:33:52.0792 0328 HidIr - ok
17:33:52.0839 0328 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
17:33:52.0854 0328 hidserv - ok
17:33:52.0885 0328 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:33:52.0917 0328 HidUsb - ok
17:33:52.0963 0328 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
17:33:52.0995 0328 hkmsvc - ok
17:33:53.0057 0328 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:33:53.0073 0328 HpCISSs - ok
17:33:53.0119 0328 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:33:53.0166 0328 HSF_DPV - ok
17:33:53.0229 0328 HSXHWBS2 (5f60f0ad32d43b9ab9ac9373117d8e54) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
17:33:53.0244 0328 HSXHWBS2 - ok
17:33:53.0291 0328 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:33:53.0338 0328 HTTP - ok
17:33:53.0400 0328 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:33:53.0416 0328 i2omp - ok
17:33:53.0478 0328 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:33:53.0525 0328 i8042prt - ok
17:33:53.0541 0328 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:33:53.0572 0328 iaStorV - ok
17:33:53.0634 0328 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:33:53.0743 0328 idsvc - ok
17:33:53.0759 0328 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:33:53.0775 0328 iirsp - ok
17:33:53.0837 0328 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
17:33:53.0884 0328 IKEEXT - ok
17:33:53.0931 0328 intelide (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
17:33:53.0946 0328 intelide - ok
17:33:53.0993 0328 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:33:54.0024 0328 intelppm - ok
17:33:54.0055 0328 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
17:33:54.0087 0328 IPBusEnum - ok
17:33:54.0133 0328 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:33:54.0165 0328 IpFilterDriver - ok
17:33:54.0196 0328 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
17:33:54.0258 0328 iphlpsvc - ok
17:33:54.0258 0328 IpInIp - ok
17:33:54.0321 0328 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:33:54.0383 0328 IPMIDRV - ok
17:33:54.0445 0328 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:33:54.0477 0328 IPNAT - ok
17:33:54.0539 0328 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:33:54.0570 0328 IRENUM - ok
17:33:54.0617 0328 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:33:54.0633 0328 isapnp - ok
17:33:54.0679 0328 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:33:54.0695 0328 iScsiPrt - ok
17:33:54.0711 0328 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:33:54.0742 0328 iteatapi - ok
17:33:54.0757 0328 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:33:54.0789 0328 iteraid - ok
17:33:54.0804 0328 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:33:54.0835 0328 kbdclass - ok
17:33:54.0867 0328 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:33:54.0898 0328 kbdhid - ok
17:33:54.0913 0328 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:33:54.0976 0328 KeyIso - ok
17:33:54.0991 0328 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:33:55.0023 0328 KSecDD - ok
17:33:55.0101 0328 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
17:33:55.0179 0328 KtmRm - ok
17:33:55.0210 0328 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
17:33:55.0257 0328 LanmanServer - ok
17:33:55.0288 0328 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
17:33:55.0335 0328 LanmanWorkstation - ok
17:33:55.0381 0328 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:33:55.0428 0328 lltdio - ok
17:33:55.0475 0328 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
17:33:55.0522 0328 lltdsvc - ok
17:33:55.0569 0328 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
17:33:55.0615 0328 lmhosts - ok
17:33:55.0678 0328 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:33:55.0693 0328 LSI_FC - ok
17:33:55.0709 0328 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:33:55.0740 0328 LSI_SAS - ok
17:33:55.0756 0328 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:33:55.0771 0328 LSI_SCSI - ok
17:33:55.0803 0328 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:33:55.0849 0328 luafv - ok
17:33:55.0896 0328 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
17:33:55.0927 0328 Mcx2Svc - ok
17:33:55.0943 0328 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:33:55.0959 0328 mdmxsdk - ok
17:33:56.0021 0328 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:33:56.0037 0328 megasas - ok
17:33:56.0083 0328 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:33:56.0115 0328 MMCSS - ok
17:33:56.0161 0328 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:33:56.0193 0328 Modem - ok
17:33:56.0224 0328 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:33:56.0271 0328 monitor - ok
17:33:56.0302 0328 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:33:56.0317 0328 mouclass - ok
17:33:56.0333 0328 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:33:56.0380 0328 mouhid - ok
17:33:56.0427 0328 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:33:56.0458 0328 MountMgr - ok
17:33:56.0505 0328 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
17:33:56.0551 0328 MpFilter - ok
17:33:56.0614 0328 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:33:56.0661 0328 mpio - ok
17:33:56.0785 0328 MpKsl01f2cd1e (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71F31A99-0286-4799-95E8-E9AEB96D4BDE}\MpKsl01f2cd1e.sys
17:33:56.0801 0328 MpKsl01f2cd1e - ok
17:33:56.0848 0328 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
17:33:56.0879 0328 MpNWMon - ok
17:33:56.0910 0328 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:33:56.0941 0328 mpsdrv - ok
17:33:56.0973 0328 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
17:33:57.0019 0328 MpsSvc - ok
17:33:57.0082 0328 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:33:57.0097 0328 Mraid35x - ok
17:33:57.0144 0328 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:33:57.0160 0328 MRxDAV - ok
17:33:57.0207 0328 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:33:57.0253 0328 mrxsmb - ok
17:33:57.0285 0328 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:33:57.0316 0328 mrxsmb10 - ok
17:33:57.0331 0328 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:33:57.0363 0328 mrxsmb20 - ok
17:33:57.0394 0328 msahci (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
17:33:57.0409 0328 msahci - ok
17:33:57.0441 0328 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:33:57.0472 0328 msdsm - ok
17:33:57.0503 0328 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
17:33:57.0550 0328 MSDTC - ok
17:33:57.0597 0328 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:33:57.0628 0328 Msfs - ok
17:33:57.0659 0328 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:33:57.0675 0328 msisadrv - ok
17:33:57.0706 0328 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
17:33:57.0753 0328 MSiSCSI - ok
17:33:57.0768 0328 msiserver - ok
17:33:57.0784 0328 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:33:57.0815 0328 MSKSSRV - ok
17:33:57.0877 0328 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
17:33:57.0893 0328 MsMpSvc - ok
17:33:57.0924 0328 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:33:57.0955 0328 MSPCLOCK - ok
17:33:57.0971 0328 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:33:58.0002 0328 MSPQM - ok
17:33:58.0033 0328 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:33:58.0080 0328 MsRPC - ok
17:33:58.0111 0328 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:33:58.0127 0328 mssmbios - ok
17:33:58.0158 0328 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:33:58.0189 0328 MSTEE - ok
17:33:58.0221 0328 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:33:58.0252 0328 Mup - ok
17:33:58.0299 0328 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
17:33:58.0330 0328 napagent - ok
17:33:58.0392 0328 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:33:58.0423 0328 NativeWifiP - ok
17:33:58.0470 0328 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:33:58.0517 0328 NDIS - ok
17:33:58.0548 0328 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:33:58.0564 0328 NdisTapi - ok
17:33:58.0611 0328 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:33:58.0642 0328 Ndisuio - ok
17:33:58.0673 0328 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:33:58.0704 0328 NdisWan - ok
17:33:58.0720 0328 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:33:58.0767 0328 NDProxy - ok
17:33:58.0782 0328 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:33:58.0829 0328 NetBIOS - ok
17:33:58.0876 0328 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:33:58.0923 0328 netbt - ok
17:33:58.0954 0328 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:33:58.0985 0328 Netlogon - ok
17:33:59.0032 0328 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
17:33:59.0079 0328 Netman - ok
17:33:59.0125 0328 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
17:33:59.0172 0328 netprofm - ok
17:33:59.0250 0328 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:33:59.0266 0328 NetTcpPortSharing - ok
17:33:59.0313 0328 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:33:59.0328 0328 nfrd960 - ok
17:33:59.0391 0328 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:33:59.0422 0328 NisDrv - ok
17:33:59.0469 0328 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
17:33:59.0515 0328 NisSrv - ok
17:33:59.0562 0328 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
17:33:59.0593 0328 NlaSvc - ok
17:33:59.0640 0328 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:33:59.0687 0328 Npfs - ok
17:33:59.0718 0328 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
17:33:59.0749 0328 nsi - ok
17:33:59.0765 0328 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:33:59.0796 0328 nsiproxy - ok
17:33:59.0859 0328 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:33:59.0983 0328 Ntfs - ok
17:34:00.0030 0328 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:34:00.0077 0328 ntrigdigi - ok
17:34:00.0108 0328 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:34:00.0139 0328 Null - ok
17:34:00.0311 0328 nvlddmkm (57d3a8241b13a34ded58db36331223ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:34:00.0857 0328 nvlddmkm - ok
17:34:01.0185 0328 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
17:34:01.0231 0328 nvraid - ok
17:34:01.0263 0328 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
17:34:01.0294 0328 nvstor - ok
17:34:01.0356 0328 nvsvc (d22508cdf91873069b425b758e1daebe) C:\Windows\system32\nvvsvc.exe
17:34:01.0403 0328 nvsvc - ok
17:34:01.0450 0328 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:34:01.0465 0328 nv_agp - ok
17:34:01.0497 0328 NwlnkFlt - ok
17:34:01.0528 0328 NwlnkFwd - ok
17:34:01.0575 0328 OEM05Afx (58f478fd0115012ceec75fb73628901c) C:\Windows\system32\Drivers\OEM05Afx.sys
17:34:01.0606 0328 OEM05Afx - ok
17:34:01.0653 0328 OEM05Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM05Vfx.sys
17:34:01.0668 0328 OEM05Vfx - ok
17:34:01.0715 0328 OEM05Vid (3c60c2022cb93073da2574da90c962c2) C:\Windows\system32\DRIVERS\OEM05Vid.sys
17:34:01.0731 0328 OEM05Vid - ok
17:34:01.0793 0328 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:34:01.0824 0328 ohci1394 - ok
17:34:01.0855 0328 OMCI - ok
17:34:01.0918 0328 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:34:01.0980 0328 p2pimsvc - ok
17:34:02.0027 0328 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:34:02.0058 0328 p2psvc - ok
17:34:02.0136 0328 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
17:34:02.0199 0328 Parport - ok
17:34:02.0245 0328 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:34:02.0277 0328 partmgr - ok
17:34:02.0292 0328 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
17:34:02.0339 0328 Parvdm - ok
17:34:02.0370 0328 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
17:34:02.0401 0328 PcaSvc - ok
17:34:02.0417 0328 PcdrNdisuio - ok
17:34:02.0464 0328 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:34:02.0479 0328 pci - ok
17:34:02.0495 0328 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:34:02.0526 0328 pciide - ok
17:34:02.0573 0328 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:34:02.0589 0328 pcmcia - ok
17:34:02.0651 0328 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:34:02.0698 0328 PEAUTH - ok
17:34:02.0776 0328 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
17:34:02.0901 0328 pla - ok
17:34:02.0947 0328 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
17:34:03.0805 0328 PlugPlay - ok
17:34:03.0883 0328 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:34:03.0930 0328 PNRPAutoReg - ok
17:34:03.0977 0328 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
17:34:04.0024 0328 PNRPsvc - ok
17:34:04.0102 0328 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
17:34:04.0149 0328 PolicyAgent - ok
17:34:04.0242 0328 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:34:04.0273 0328 PptpMiniport - ok
17:34:04.0336 0328 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:34:04.0383 0328 Processor - ok
17:34:04.0414 0328 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
17:34:04.0461 0328 ProfSvc - ok
17:34:04.0492 0328 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:34:04.0523 0328 ProtectedStorage - ok
17:34:04.0554 0328 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:34:04.0601 0328 PSched - ok
17:34:04.0648 0328 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:34:04.0695 0328 ql2300 - ok
17:34:04.0757 0328 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:34:04.0804 0328 ql40xx - ok
17:34:04.0851 0328 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
17:34:04.0913 0328 QWAVE - ok
17:34:04.0960 0328 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:34:04.0991 0328 QWAVEdrv - ok
17:34:05.0131 0328 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:34:05.0178 0328 RasAcd - ok
17:34:05.0256 0328 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
17:34:05.0303 0328 RasAuto - ok
17:34:05.0334 0328 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:34:05.0381 0328 Rasl2tp - ok
17:34:05.0412 0328 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
17:34:05.0459 0328 RasMan - ok
17:34:05.0475 0328 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:34:05.0506 0328 RasPppoe - ok
17:34:05.0537 0328 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:34:05.0568 0328 RasSstp - ok
17:34:05.0615 0328 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:34:05.0662 0328 rdbss - ok
17:34:05.0693 0328 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:34:05.0724 0328 RDPCDD - ok
17:34:05.0771 0328 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
17:34:05.0833 0328 rdpdr - ok
17:34:05.0865 0328 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:34:05.0896 0328 RDPENCDD - ok
17:34:05.0943 0328 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
17:34:05.0989 0328 RDPWD - ok
17:34:06.0052 0328 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
17:34:06.0130 0328 RemoteAccess - ok
17:34:06.0177 0328 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
17:34:06.0223 0328 RemoteRegistry - ok
17:34:06.0270 0328 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
17:34:06.0301 0328 RFCOMM - ok
17:34:06.0333 0328 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
17:34:06.0364 0328 RpcLocator - ok
17:34:06.0426 0328 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
17:34:06.0457 0328 RpcSs - ok
17:34:06.0504 0328 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:34:06.0551 0328 rspndr - ok
17:34:06.0582 0328 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
17:34:06.0613 0328 SamSs - ok
17:34:06.0676 0328 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:34:06.0785 0328 SASDIFSV - ok
17:34:06.0801 0328 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:34:06.0847 0328 SASKUTIL - ok
17:34:06.0879 0328 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:34:06.0910 0328 sbp2port - ok
17:34:06.0957 0328 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
17:34:06.0988 0328 SCardSvr - ok
17:34:07.0050 0328 SCDEmu (9a8925f0e6919272a768d7c42232aa3a) C:\Windows\system32\drivers\SCDEmu.sys
17:34:07.0159 0328 SCDEmu - ok
17:34:07.0206 0328 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
17:34:07.0300 0328 Schedule - ok
17:34:07.0331 0328 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
17:34:07.0362 0328 SCPolicySvc - ok
17:34:07.0409 0328 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
17:34:07.0471 0328 SDRSVC - ok
17:34:07.0503 0328 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:34:07.0549 0328 secdrv - ok
17:34:07.0581 0328 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
17:34:07.0612 0328 seclogon - ok
17:34:07.0627 0328 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
17:34:07.0674 0328 SENS - ok
17:34:07.0705 0328 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
17:34:07.0752 0328 Serenum - ok
17:34:07.0783 0328 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
17:34:07.0830 0328 Serial - ok
17:34:07.0877 0328 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:34:07.0908 0328 sermouse - ok
17:34:07.0955 0328 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
17:34:07.0986 0328 SessionEnv - ok
17:34:08.0017 0328 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:34:08.0064 0328 sffdisk - ok
17:34:08.0080 0328 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:34:08.0127 0328 sffp_mmc - ok
17:34:08.0158 0328 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:34:08.0189 0328 sffp_sd - ok
17:34:08.0220 0328 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
17:34:08.0251 0328 sfloppy - ok
17:34:08.0298 0328 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
17:34:08.0361 0328 SharedAccess - ok
17:34:08.0392 0328 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
17:34:08.0439 0328 ShellHWDetection - ok
17:34:08.0470 0328 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:34:08.0501 0328 sisagp - ok
17:34:08.0517 0328 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:34:08.0532 0328 SiSRaid2 - ok
17:34:08.0563 0328 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:34:08.0579 0328 SiSRaid4 - ok
17:34:08.0673 0328 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
17:34:08.0797 0328 slsvc - ok
17:34:08.0860 0328 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
17:34:08.0891 0328 SLUINotify - ok
17:34:08.0922 0328 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:34:08.0969 0328 Smb - ok
17:34:09.0000 0328 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
17:34:09.0031 0328 SNMPTRAP - ok
17:34:09.0078 0328 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:34:09.0094 0328 spldr - ok
17:34:09.0141 0328 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
17:34:09.0172 0328 Spooler - ok
17:34:09.0234 0328 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:34:09.0265 0328 srv - ok
17:34:09.0312 0328 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:34:09.0359 0328 srv2 - ok
17:34:09.0375 0328 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:34:09.0406 0328 srvnet - ok
17:34:09.0437 0328 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
17:34:09.0484 0328 SSDPSRV - ok
17:34:09.0531 0328 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
17:34:09.0562 0328 SstpSvc - ok
17:34:09.0609 0328 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
17:34:09.0655 0328 stisvc - ok
17:34:09.0702 0328 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:34:09.0718 0328 swenum - ok
17:34:09.0749 0328 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
17:34:09.0796 0328 swprv - ok
17:34:09.0843 0328 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:34:09.0858 0328 Symc8xx - ok
17:34:09.0874 0328 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:34:09.0889 0328 Sym_hi - ok
17:34:09.0921 0328 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:34:09.0936 0328 Sym_u3 - ok
17:34:09.0983 0328 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
17:34:10.0045 0328 SysMain - ok
17:34:10.0077 0328 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
17:34:10.0092 0328 TabletInputService - ok
17:34:10.0123 0328 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
17:34:10.0170 0328 TapiSrv - ok
17:34:10.0201 0328 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
17:34:10.0233 0328 TBS - ok
17:34:10.0311 0328 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:34:10.0342 0328 Tcpip - ok
17:34:10.0389 0328 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:34:10.0435 0328 Tcpip6 - ok
17:34:10.0482 0328 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:34:10.0513 0328 tcpipreg - ok
17:34:10.0545 0328 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:34:10.0576 0328 TDPIPE - ok
17:34:10.0607 0328 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:34:10.0638 0328 TDTCP - ok
17:34:10.0685 0328 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:34:10.0732 0328 tdx - ok
17:34:10.0763 0328 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:34:10.0794 0328 TermDD - ok
17:34:10.0825 0328 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
17:34:10.0872 0328 TermService - ok
17:34:10.0919 0328 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
17:34:10.0950 0328 Themes - ok
17:34:10.0981 0328 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
17:34:11.0028 0328 THREADORDER - ok
17:34:11.0059 0328 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
17:34:11.0091 0328 TrkWks - ok
17:34:11.0137 0328 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
17:34:11.0184 0328 TrustedInstaller - ok
17:34:11.0278 0328 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:34:11.0309 0328 tssecsrv - ok
17:34:11.0340 0328 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:34:11.0356 0328 tunmp - ok
17:34:11.0371 0328 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:34:11.0387 0328 tunnel - ok
17:34:11.0418 0328 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:34:11.0449 0328 uagp35 - ok
17:34:11.0496 0328 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:34:11.0527 0328 udfs - ok
17:34:11.0543 0328 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
17:34:11.0574 0328 UI0Detect - ok
17:34:11.0605 0328 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:34:11.0637 0328 uliagpkx - ok
17:34:11.0699 0328 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:34:11.0746 0328 uliahci - ok
17:34:11.0777 0328 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
17:34:11.0808 0328 UlSata - ok
17:34:11.0824 0328 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:34:11.0839 0328 ulsata2 - ok
17:34:11.0871 0328 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:34:11.0917 0328 umbus - ok
17:34:11.0949 0328 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
17:34:11.0995 0328 upnphost - ok
17:34:12.0042 0328 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
17:34:12.0089 0328 usbaudio - ok
17:34:12.0120 0328 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:34:12.0167 0328 usbccgp - ok
17:34:12.0198 0328 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:34:12.0292 0328 usbcir - ok
17:34:12.0339 0328 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:34:12.0370 0328 usbehci - ok
17:34:12.0401 0328 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:34:12.0432 0328 usbhub - ok
17:34:12.0448 0328 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
17:34:12.0495 0328 usbohci - ok
17:34:12.0510 0328 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
17:34:12.0573 0328 usbprint - ok
17:34:12.0604 0328 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:34:12.0651 0328 USBSTOR - ok
17:34:12.0666 0328 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
17:34:12.0697 0328 usbuhci - ok
17:34:12.0729 0328 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
17:34:12.0775 0328 usbvideo - ok
17:34:12.0807 0328 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
17:34:12.0838 0328 UxSms - ok
17:34:12.0869 0328 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
17:34:12.0931 0328 vds - ok
17:34:12.0947 0328 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:34:13.0009 0328 vga - ok
17:34:13.0025 0328 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:34:13.0056 0328 VgaSave - ok
17:34:13.0103 0328 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:34:13.0134 0328 viaagp - ok
17:34:13.0150 0328 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:34:13.0212 0328 ViaC7 - ok
17:34:13.0243 0328 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
17:34:13.0259 0328 viaide - ok
17:34:13.0290 0328 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:34:13.0321 0328 volmgr - ok
17:34:13.0353 0328 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:34:13.0384 0328 volmgrx - ok
17:34:13.0415 0328 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:34:13.0431 0328 volsnap - ok
17:34:13.0462 0328 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:34:13.0509 0328 vsmraid - ok
17:34:13.0555 0328 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
17:34:13.0633 0328 VSS - ok
17:34:13.0711 0328 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
17:34:13.0743 0328 VSTHWBS2 - ok
17:34:13.0821 0328 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:34:13.0883 0328 VST_DPV - ok
17:34:13.0930 0328 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
17:34:13.0961 0328 W32Time - ok
17:34:13.0992 0328 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:34:14.0039 0328 WacomPen - ok
17:34:14.0086 0328 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:14.0133 0328 Wanarp - ok
17:34:14.0133 0328 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:34:14.0179 0328 Wanarpv6 - ok
17:34:14.0226 0328 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
17:34:14.0289 0328 wcncsvc - ok
17:34:14.0320 0328 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
17:34:14.0367 0328 WcsPlugInService - ok
17:34:14.0476 0328 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:34:14.0491 0328 Wd - ok
17:34:14.0538 0328 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:34:14.0569 0328 Wdf01000 - ok
17:34:14.0601 0328 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:34:14.0647 0328 WdiServiceHost - ok
17:34:14.0663 0328 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
17:34:14.0710 0328 WdiSystemHost - ok
17:34:14.0741 0328 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
17:34:14.0772 0328 WebClient - ok
17:34:14.0803 0328 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
17:34:14.0850 0328 Wecsvc - ok
17:34:14.0897 0328 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
17:34:14.0928 0328 wercplsupport - ok
17:34:14.0975 0328 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
17:34:15.0022 0328 WerSvc - ok
17:34:15.0069 0328 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:34:15.0100 0328 winachsf - ok
17:34:15.0178 0328 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
17:34:15.0225 0328 WinDefend - ok
17:34:15.0225 0328 WinHttpAutoProxySvc - ok
17:34:15.0271 0328 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
17:34:15.0318 0328 Winmgmt - ok
17:34:15.0365 0328 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
17:34:15.0443 0328 WinRM - ok
17:34:15.0552 0328 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
17:34:15.0583 0328 WinUsb - ok
17:34:15.0615 0328 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
17:34:15.0677 0328 Wlansvc - ok
17:34:15.0739 0328 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:34:15.0786 0328 WmiAcpi - ok
17:34:15.0864 0328 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
17:34:15.0927 0328 wmiApSrv - ok
17:34:16.0020 0328 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:34:16.0239 0328 WMPNetworkSvc - ok
17:34:16.0317 0328 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
17:34:16.0348 0328 WPCSvc - ok
17:34:16.0395 0328 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
17:34:16.0441 0328 WPDBusEnum - ok
17:34:16.0535 0328 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:34:16.0582 0328 WPFFontCache_v0400 - ok
17:34:16.0644 0328 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:34:16.0675 0328 ws2ifsl - ok
17:34:16.0707 0328 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
17:34:16.0769 0328 wscsvc - ok
17:34:16.0785 0328 WSearch - ok
17:34:16.0863 0328 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
17:34:16.0987 0328 wuauserv - ok
17:34:17.0050 0328 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:34:17.0097 0328 WUDFRd - ok
17:34:17.0128 0328 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
17:34:17.0175 0328 wudfsvc - ok
17:34:17.0190 0328 XAudio (e3fcf2870b5d7979b3bf10e98a71c847) C:\Windows\system32\DRIVERS\xaudio.sys
17:34:17.0206 0328 XAudio - ok
17:34:17.0237 0328 XAudioService (96db5621857e1fddd1aa60733748bf17) C:\Windows\system32\DRIVERS\xaudio.exe
17:34:17.0284 0328 XAudioService - ok
17:34:17.0331 0328 XDva391 - ok
17:34:17.0377 0328 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
17:34:17.0440 0328 xnacc - ok
17:34:17.0471 0328 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
17:34:17.0533 0328 xusb21 - ok
17:34:17.0549 0328 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:34:17.0643 0328 \Device\Harddisk0\DR0 - ok
17:34:17.0643 0328 Boot (0x1200) (b7c4186e7bbbcc1bfe17fab243999557) \Device\Harddisk0\DR0\Partition0
17:34:17.0643 0328 \Device\Harddisk0\DR0\Partition0 - ok
17:34:17.0643 0328 ============================================================
17:34:17.0643 0328 Scan finished
17:34:17.0643 0328 ============================================================
17:34:17.0658 3604 Detected object count: 0
17:34:17.0658 3604 Actual detected object count: 0
17:34:42.0799 1636 Deinitialize success
  • 0

#9
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 17:34:49
-----------------------------
17:34:49.645 OS Version: Windows 6.0.6002 Service Pack 2
17:34:49.645 Number of processors: 4 586 0xF0B
17:34:49.645 ComputerName: JOYCEWAVEY-PC UserName: Joyce Wavey
17:35:16.118 Initialize success
17:38:21.431 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:38:21.431 Disk 0 Vendor: ST3500630AS 3.ADG Size: 476940MB BusType: 3
17:38:21.431 Disk 0 MBR read successfully
17:38:21.446 Disk 0 MBR scan
17:38:21.446 Disk 0 Windows VISTA default MBR code
17:38:21.446 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
17:38:21.462 Disk 0 scanning sectors +976771072
17:38:21.477 Disk 0 PE file @ sector 976771116 !
17:38:21.524 Disk 0 scanning C:\Windows\system32\drivers
17:38:27.951 Service scanning
17:38:32.553 Service MpKsl01f2cd1e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71F31A99-0286-4799-95E8-E9AEB96D4BDE}\MpKsl01f2cd1e.sys **LOCKED** 32
17:38:32.600 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:38:39.386 Modules scanning
17:38:43.770 Disk 0 trace - called modules:
17:38:43.801 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll pciide.sys PCIIDEX.SYS atapi.sys
17:38:43.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860f6ac8]
17:38:43.817 3 CLASSPNP.SYS[8a7a88b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84d72b98]
17:38:43.817 Scan finished successfully
17:38:54.456 Disk 0 MBR has been saved successfully to "C:\Users\Joyce Wavey\Documents\MBR.dat"
17:38:54.471 The log file has been saved successfully to "C:\Users\Joyce Wavey\Documents\aswMBR.txt"
  • 0

#10
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I tried to attach the MBR.dat file as instructed, but I got the error that I wasn't permitted to upload that kind of file.
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Just quick update... How is your system now?
  • 0

#12
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Well, considering how I haven't performed any fixes so far, just scans, nothings changed.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Yes I know... Let's try to reinstall you network device.

Go to Start then clik on Control Panel
Click on System and Maintenance then System and Device Manager (Device Manager is located under "Tasks" in the left hand column of the "System" menu)

Find your network device under Network adapters
Right click on it and end select Uninstall
Now make sure to Uncheck Delete the driver software for this device

Now restart your system and wait until Windows finds and install your network adapter again.

If all goes fine you will have your internet connection. Please check Windows update now and page problems. Let me know results.
  • 0

#14
yorozuya

yorozuya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
So yeah, got around to trying it, sorry for taking so long. It seems to have worked, everything seems to be back to normal, thanks!
  • 0

#15
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi yorozuya,

Thank you for letting me know. I appreciate it.

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP