Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Needed - WIN32/Alureon.FK


  • Please log in to reply
40 replies to this topic

#1 UghhhHelpMe

UghhhHelpMe

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 March 2012 - 07:49 AM

My laptop (Windows 7) shut down unexpectedly. When I restarted it took a long time and showed a black screen for a while then finally showed my desktop - when I try to open my browser or any programs nothing happens - there were no messages, they just wouldn't open.

I rebooted in safe mode and did start up repair and a restore but still nothing worked.

I was able to connect to the internet through a link in windows live help. I used the Microsoft security scan and it found Trojan:WIN32/Alureon.FK and partially removed it. I have tried downloading Malwarebytes but I'm not able to run it (or any other programs). Nothing is working :(

Please Help! What can I do to get rid of it and restore my computer?

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 15 March 2012 - 10:46 PM

Welcome to Bleeping Computer, UghhhHelpMe.

Let's get a hold of the infected laptop...

You will need a USB flash drive and access to a clean computer for the procedure outlined below.

Also, you may want to print these instructions so you can have access to follow them.


Please plug a flash drive into a clean computer.
Go to Start > Computer
Double-click Computer, and select the flash drive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.

Now, if your Operating System is 64-bit, download Farbar Recovery Scan Tool x64
If the Operating System is 32-bit, download Farbar Recovery Scan Tool
Save the program to the >> USB flash drive.

Next, plug the flash drive into the infected computer.

>>>Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select your language settings, and click: Next
  • Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the Command window, at the bliking cursor type notepad and press: Enter
[*]In Notepad, under the File menu select: Open
[*]Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
[*]Close out of Notepad.
[*]Click the Command window
[*]Type g:\frst64.exe (or \frst.exe, if 32-bit), and press: Enter
Note: Replace the drive letter g with the drive letter of your flash drive!
[*]The tool will start and prepare to run. Follow the prompts.
[*]You may be asked to once again type: g:\frst64.exe (or \frst.exe, if 32-bit) at the Command prompt, and press: Enter
[*]Click Yes to the disclaimer.
[*]Press the Scan button.
[*]The program saves the FRST.txt, on the flash drive.
[*]Click the Command prompt window, type exit, and press: Enter
[*]Back at the System Recovery Options, press: ShutDown[/list]
Please remove the USB flash drive from the infected computer, plug it into the clean computer, and copy/paste the FRST.txt in your reply.

Old duck...


#3 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 18 March 2012 - 10:11 PM

Please remove the USB flash drive from the infected computer, plug it into the clean computer, and copy/paste the FRST.txt in your reply.


Thank you Aaflac, here is the FRST.txt -

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 19-03-2012 03:04:00
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [358912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-08-07] (Egis Technology Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [159232 2009-09-02] (Intel Corporation)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [380928 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2011-11-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]
HKLM-x32\...\Run: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [181480 2009-08-04] (Acer Corp.)
HKLM-x32\...\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [225280 2011-09-15] (MyHeritage)
HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression SE\ArcMonitor.exe [73728 2010-04-21] (ArcSoft, Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [128296 2009-07-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2011-04-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-01-03] (Adobe Systems Inc.)
HKU\Dyck\...\Run: [AdobeBridge] [x]
HKU\Dyck\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Dyck\...\Run: [SmileboxTray] "C:\Users\Dyck\AppData\Roaming\Smilebox\SmileboxTray.exe" [313160 2012-01-12] (Smilebox, Inc.)
HKU\Dyck\...\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe [53248 2012-02-24] (MediaMall Technologies, Inc.)
HKU\Dyck\...\Run: [Pixetell] "C:\Users\Dyck\AppData\Local\Pixetell\Pixetell.exe" /MsiLaunchFeature [x]
HKU\Dyck\...\Run: [Google Update] "C:\Users\Dyck\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-16] (Google Inc.)
HKU\Dyck\...\Policies\system: [LogonHoursAction] 2
HKU\Dyck\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lindsey\...\Policies\system: [LogonHoursAction] 2
HKU\Lindsey\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBHAFUAVABHAC0AMABWAEwAUQBVAC0ANAA5AEQAMABBAC0AMwA0AEgATABDAC0AOQBUAFkAWABKAA"&"inst=NwA2AC0ANgAxADAANAA0ADEAOQA1ADMALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEAEQAVAArADIANwAwADgAOAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEA"&"prod=94"&"ver=9.0.894 [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2011-04-14] (Adobe Systems Incorporated)
2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2011-02-03] (Acresso Software Inc.)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-11-03] (Lavasoft Limited)
2 MediaMall Server; "C:\Program Files (x86)\MediaMall\MediaMallServer.exe" [2000760 2012-02-24] (MediaMall Technologies, Inc.)
2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [311592 2009-08-07] (Egis Technology Inc.)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62720 2009-08-20] (NewTech Infosystems, Inc.)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 TipCtrl; "C:\Program Files (x86)\uTIPu\TipCtrl.exe" [318144 2010-09-27] (Utipu inc.)
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [267488 2011-07-27] ()

========================== Drivers (Whitelisted) =============

2 adfs; C:\Windows\System32\Drivers\adfs.sys [86584 2011-04-14] (Adobe Systems, Inc.)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [86584 2011-04-14] (Adobe Systems, Inc.)
3 Afc; C:\Windows\SysWow64\Drivers\Afc.sys [22784 2006-11-14] (Arcsoft, Inc.)
3 dfmirage; C:\Windows\System32\Drivers\dfmirage.sys [36432 2008-03-26] (DemoForge, LLC)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-17] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-19 03:03 - 2012-03-19 03:04 - 0000000 ____D C:\FRST
2012-03-15 01:07 - 2012-03-15 01:07 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Dyck\Desktop\mbam--setup-1.60.1.1000.exe
2012-03-14 03:28 - 2012-03-14 03:28 - 0000000 ____D C:\Users\Dyck\Desktop\tdsskiller
2012-03-14 03:27 - 2012-03-14 03:27 - 2044822 ____A C:\Users\Dyck\Desktop\tdsskiller.zip
2012-03-14 02:26 - 2012-03-14 02:29 - 0000000 ____D C:\Users\Dyck\Documents\exefix_w7[1]
2012-03-14 02:23 - 2012-03-14 02:24 - 0000341 ____A C:\Users\Dyck\Desktop\exefix.reg
2012-03-13 22:39 - 2012-03-15 09:40 - 0524426 ____A C:\Windows\ntbtlog.txt
2012-03-13 20:54 - 2012-03-18 22:56 - 0003356 ____A C:\aaw7boot.log
2012-03-12 20:37 - 2012-03-02 07:12 - 0001005 ____A C:\Users\Dyck\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-12 20:37 - 2012-03-02 07:12 - 0001005 ____A C:\Users\Dyck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-12 20:37 - 2011-12-30 22:36 - 0001203 ____A C:\Users\Dyck\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-12 20:37 - 2011-12-30 22:36 - 0001203 ____A C:\Users\Dyck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2012-03-12 20:34 - 2012-03-12 20:37 - 0000000 ____D C:\Windows\pss
2012-03-12 19:20 - 2009-07-13 17:14 - 0020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-03-11 20:52 - 2012-03-11 20:53 - 0012132 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-BurntOrange_Charcoal.png
2012-03-11 12:40 - 2012-03-11 12:40 - 0011862 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-Orange_Charcoal.png
2012-03-11 12:37 - 2012-03-11 12:37 - 0011381 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-Dark_Jewels.png
2012-03-09 23:17 - 2012-03-09 23:26 - 9469023 ____A C:\Users\Dyck\Desktop\site-spotlightcreativegroup.com-20120117-002614.jpa.part
2012-03-09 22:42 - 2012-03-09 22:42 - 0000000 ____D C:\Users\Dyck\Desktop\nbill_manual_upgrade_patch_2_3_1
2012-03-09 22:37 - 2012-03-09 22:38 - 3069069 ____A C:\Users\Dyck\Desktop\nbill_manual_upgrade_patch_2_3_1.zip
2012-03-09 22:25 - 2012-03-09 22:25 - 3195911 ____A C:\Users\Dyck\Desktop\com_nbill_2_3_1_for_joomla_1.5.zip
2012-03-09 13:49 - 2012-03-09 13:49 - 6762545 ____A C:\Users\Dyck\Desktop\leatherstocking March2012 web.pdf
2012-03-07 09:05 - 2012-03-07 09:05 - 0768471 ____A C:\Users\Dyck\Desktop\2x3.5-business_card-round-ai.zip
2012-03-07 09:05 - 2012-03-07 09:05 - 0000000 ____D C:\Users\Dyck\Desktop\2x3.5-business_card-round-ai
2012-03-06 21:16 - 2012-03-06 21:16 - 0000000 ____D C:\Users\Dyck\Desktop\3.5x2-business_card-ai
2012-03-06 21:07 - 2012-03-06 21:07 - 0770752 ____A C:\Users\Dyck\Desktop\3.5x2-business_card-ai.zip
2012-03-06 21:07 - 2012-03-06 21:07 - 0000000 ____D C:\Users\Dyck\Desktop\2x3.5-business_card-round-psd
2012-03-06 21:06 - 2012-03-06 21:06 - 0888663 ____A C:\Users\Dyck\Desktop\2x3.5-business_card-round-psd.zip
2012-03-06 07:39 - 2012-03-06 07:39 - 11289881 ____A C:\Users\Dyck\Desktop\GB3.jpg
2012-03-06 06:23 - 2012-03-06 06:23 - 11908800 ____A C:\Users\Dyck\Desktop\GB15.jpg
2012-03-06 06:12 - 2012-03-06 06:12 - 9543564 ____A C:\Users\Dyck\Desktop\GB17a.jpg
2012-03-06 06:11 - 2012-03-06 06:11 - 13711361 ____A C:\Users\Dyck\Desktop\GB17.jpg
2012-03-06 06:09 - 2012-03-06 06:09 - 14003171 ____A C:\Users\Dyck\Desktop\GB14.jpg
2012-03-06 06:07 - 2012-03-06 06:07 - 13156270 ____A C:\Users\Dyck\Desktop\GB13.jpg
2012-03-06 06:05 - 2012-03-06 06:05 - 10217565 ____A C:\Users\Dyck\Desktop\GB11.jpg
2012-03-06 05:37 - 2012-03-06 05:37 - 11714089 ____A C:\Users\Dyck\Desktop\GB2.jpg
2012-03-06 05:36 - 2012-03-06 05:36 - 11078943 ____A C:\Users\Dyck\Desktop\GB6.jpg
2012-03-06 04:22 - 2012-03-06 04:23 - 3367152 ____A C:\Users\Dyck\Desktop\CB 2.jpg
2012-03-06 04:19 - 2012-03-06 04:19 - 3316670 ____A C:\Users\Dyck\Desktop\CB 2_1.jpg
2012-03-06 04:10 - 2012-03-06 04:10 - 3700155 ____A C:\Users\Dyck\Desktop\CB1.jpg
2012-03-05 08:27 - 2012-03-05 08:29 - 0000000 ____D C:\Users\Dyck\Desktop\PDFs
2012-03-05 08:18 - 2012-03-05 08:25 - 0000000 ____D C:\Users\Dyck\Desktop\Images
2012-03-05 08:16 - 2012-03-05 08:36 - 0000000 ____D C:\Users\Dyck\Desktop\Statements_Receipts
2012-03-05 08:09 - 2012-03-14 02:35 - 0000000 ____D C:\Users\Dyck\Desktop\site_backups
2012-03-05 08:06 - 2012-03-14 02:34 - 0000000 ____D C:\Users\Dyck\Desktop\JoomlaExt
2012-03-05 00:09 - 2012-03-05 00:09 - 7024709 ____A C:\Users\Dyck\Desktop\1_17886_Brontoe-Book.pdf
2012-03-03 09:01 - 2012-03-03 09:08 - 0315583 ____A C:\Users\Dyck\Desktop\connections-dancers.psd
2012-02-29 22:40 - 2012-02-29 22:40 - 0002017 ____A C:\Users\Public\Desktop\PlayOn.lnk
2012-02-29 22:38 - 2012-02-29 22:39 - 30008024 ____A (MediaMall Technologies, Inc. ) C:\Users\Dyck\Desktop\PlayOnSetup.3.4.37.exe
2012-02-28 19:43 - 2012-02-28 19:43 - 0000000 ____D C:\Users\Dyck\Desktop\12-00-375
2012-02-28 19:42 - 2012-02-28 19:42 - 0166826 ____A C:\Users\Dyck\Desktop\12-00-375.zip
2012-02-28 13:01 - 2012-02-28 13:10 - 0000472 ____A C:\Users\Dyck\Desktop\index.html
2012-02-28 12:59 - 2012-02-28 12:59 - 0000459 ____A C:\Users\Dyck\Desktop\AGTredirect.html
2012-02-27 08:13 - 2012-02-27 08:13 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-23 22:17 - 2012-03-07 10:56 - 1048227 ____A C:\Users\Dyck\Desktop\MHD.ai
2012-02-21 11:35 - 2012-02-21 11:35 - 1254264 ____A C:\Windows\Minidump\022112-20030-01.dmp
2012-02-21 05:33 - 2012-02-21 05:34 - 0153600 ____A C:\Users\Dyck\Desktop\vangogh.ppt

============ 3 Months Modified Files and Folders =============

2012-03-19 03:04 - 2012-03-19 03:03 - 0000000 ____D C:\FRST
2012-03-18 22:56 - 2012-03-13 20:54 - 0003356 ____A C:\aaw7boot.log
2012-03-18 22:56 - 2009-09-25 20:35 - 3165315072 __ASH C:\hiberfil.sys
2012-03-18 22:56 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-03-18 22:56 - 2009-07-13 20:51 - 0074032 ____A C:\Windows\setupact.log
2012-03-15 09:40 - 2012-03-13 22:39 - 0524426 ____A C:\Windows\ntbtlog.txt
2012-03-15 09:25 - 2009-07-13 21:13 - 0779266 ____A C:\Windows\System32\PerfStringBackup.INI
2012-03-15 01:07 - 2012-03-15 01:07 - 9502424 ____A (Malwarebytes Corporation ) C:\Users\Dyck\Desktop\mbam--setup-1.60.1.1000.exe
2012-03-15 00:23 - 2009-09-25 20:41 - 1547104 ____A C:\Windows\WindowsUpdate.log
2012-03-15 00:23 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-03-15 00:23 - 2009-07-13 20:45 - 0017600 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-03-15 00:18 - 2011-02-03 17:37 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-03-14 23:54 - 2011-08-16 08:52 - 0000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2801294708-3279089713-2791965329-1001UA.job
2012-03-14 23:54 - 2011-02-03 17:37 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-03-14 03:28 - 2012-03-14 03:28 - 0000000 ____D C:\Users\Dyck\Desktop\tdsskiller
2012-03-14 03:27 - 2012-03-14 03:27 - 2044822 ____A C:\Users\Dyck\Desktop\tdsskiller.zip
2012-03-14 02:37 - 2011-04-29 10:36 - 0000000 ____D C:\users\Lindsey
2012-03-14 02:37 - 2011-02-05 21:28 - 0000000 ___RD C:\Users\Dyck\Dropbox
2012-03-14 02:37 - 2009-12-12 21:18 - 0000000 ____D C:\users\Dyck
2012-03-14 02:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-03-14 02:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-14 02:36 - 2012-01-11 11:45 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-03-14 02:36 - 2011-11-17 22:20 - 0000000 ____D C:\Program Files (x86)\MediaMall
2012-03-14 02:36 - 2011-11-17 22:19 - 0000000 ____D C:\Users\All Users\MediaMall
2012-03-14 02:36 - 2011-11-17 22:19 - 0000000 ____D C:\ProgramData\MediaMall
2012-03-14 02:36 - 2011-09-20 23:24 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\Smilebox
2012-03-14 02:36 - 2011-02-08 13:06 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-03-14 02:36 - 2011-02-08 13:06 - 0000000 ____D C:\ProgramData\FLEXnet
2012-03-14 02:36 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-03-14 02:35 - 2012-03-05 08:09 - 0000000 ____D C:\Users\Dyck\Desktop\site_backups
2012-03-14 02:34 - 2012-03-05 08:06 - 0000000 ____D C:\Users\Dyck\Desktop\JoomlaExt
2012-03-14 02:34 - 2011-02-05 21:24 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\Dropbox
2012-03-14 02:34 - 2011-02-03 17:38 - 0000000 ____D C:\Users\All Users\Real
2012-03-14 02:34 - 2011-02-03 17:38 - 0000000 ____D C:\ProgramData\Real
2012-03-14 02:34 - 2009-12-12 21:24 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\Adobe
2012-03-14 02:29 - 2012-03-14 02:26 - 0000000 ____D C:\Users\Dyck\Documents\exefix_w7[1]
2012-03-14 02:24 - 2012-03-14 02:23 - 0000341 ____A C:\Users\Dyck\Desktop\exefix.reg
2012-03-13 22:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-13 22:24 - 2009-12-12 21:19 - 0091616 ____A C:\Users\Dyck\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-12 21:06 - 2011-02-03 16:41 - 0000000 ____D C:\Users\Dyck\Desktop\Client Files
2012-03-12 20:37 - 2012-03-12 20:34 - 0000000 ____D C:\Windows\pss
2012-03-12 20:22 - 2011-08-16 08:52 - 0000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2801294708-3279089713-2791965329-1001Core.job
2012-03-12 20:21 - 2009-07-13 20:45 - 3032776 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-12 18:41 - 2011-12-28 19:54 - 0000000 ____D C:\Users\Dyck\Documents\40bday
2012-03-12 18:41 - 2011-05-04 17:29 - 0000000 ___RD C:\Users\Dyck\Desktop\m4h
2012-03-12 18:41 - 2011-02-05 21:28 - 0000000 ___RD C:\Users\Dyck\Desktop\Photos
2012-03-12 18:41 - 2009-08-21 22:06 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-03-11 20:53 - 2012-03-11 20:52 - 0012132 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-BurntOrange_Charcoal.png
2012-03-11 12:40 - 2012-03-11 12:40 - 0011862 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-Orange_Charcoal.png
2012-03-11 12:37 - 2012-03-11 12:37 - 0011381 ____A C:\Users\Dyck\Desktop\COLOURlovers.com-Dark_Jewels.png
2012-03-09 23:26 - 2012-03-09 23:17 - 9469023 ____A C:\Users\Dyck\Desktop\site-spotlightcreativegroup.com-20120117-002614.jpa.part
2012-03-09 22:42 - 2012-03-09 22:42 - 0000000 ____D C:\Users\Dyck\Desktop\nbill_manual_upgrade_patch_2_3_1
2012-03-09 22:38 - 2012-03-09 22:37 - 3069069 ____A C:\Users\Dyck\Desktop\nbill_manual_upgrade_patch_2_3_1.zip
2012-03-09 22:25 - 2012-03-09 22:25 - 3195911 ____A C:\Users\Dyck\Desktop\com_nbill_2_3_1_for_joomla_1.5.zip
2012-03-09 13:49 - 2012-03-09 13:49 - 6762545 ____A C:\Users\Dyck\Desktop\leatherstocking March2012 web.pdf
2012-03-07 10:56 - 2012-02-23 22:17 - 1048227 ____A C:\Users\Dyck\Desktop\MHD.ai
2012-03-07 09:05 - 2012-03-07 09:05 - 0768471 ____A C:\Users\Dyck\Desktop\2x3.5-business_card-round-ai.zip
2012-03-07 09:05 - 2012-03-07 09:05 - 0000000 ____D C:\Users\Dyck\Desktop\2x3.5-business_card-round-ai
2012-03-06 21:16 - 2012-03-06 21:16 - 0000000 ____D C:\Users\Dyck\Desktop\3.5x2-business_card-ai
2012-03-06 21:07 - 2012-03-06 21:07 - 0770752 ____A C:\Users\Dyck\Desktop\3.5x2-business_card-ai.zip
2012-03-06 21:07 - 2012-03-06 21:07 - 0000000 ____D C:\Users\Dyck\Desktop\2x3.5-business_card-round-psd
2012-03-06 21:06 - 2012-03-06 21:06 - 0888663 ____A C:\Users\Dyck\Desktop\2x3.5-business_card-round-psd.zip
2012-03-06 07:39 - 2012-03-06 07:39 - 11289881 ____A C:\Users\Dyck\Desktop\GB3.jpg
2012-03-06 06:23 - 2012-03-06 06:23 - 11908800 ____A C:\Users\Dyck\Desktop\GB15.jpg
2012-03-06 06:12 - 2012-03-06 06:12 - 9543564 ____A C:\Users\Dyck\Desktop\GB17a.jpg
2012-03-06 06:11 - 2012-03-06 06:11 - 13711361 ____A C:\Users\Dyck\Desktop\GB17.jpg
2012-03-06 06:09 - 2012-03-06 06:09 - 14003171 ____A C:\Users\Dyck\Desktop\GB14.jpg
2012-03-06 06:07 - 2012-03-06 06:07 - 13156270 ____A C:\Users\Dyck\Desktop\GB13.jpg
2012-03-06 06:05 - 2012-03-06 06:05 - 10217565 ____A C:\Users\Dyck\Desktop\GB11.jpg
2012-03-06 05:37 - 2012-03-06 05:37 - 11714089 ____A C:\Users\Dyck\Desktop\GB2.jpg
2012-03-06 05:36 - 2012-03-06 05:36 - 11078943 ____A C:\Users\Dyck\Desktop\GB6.jpg
2012-03-06 05:23 - 2011-11-25 19:41 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\ArcSoft
2012-03-06 04:23 - 2012-03-06 04:22 - 3367152 ____A C:\Users\Dyck\Desktop\CB 2.jpg
2012-03-06 04:19 - 2012-03-06 04:19 - 3316670 ____A C:\Users\Dyck\Desktop\CB 2_1.jpg
2012-03-06 04:10 - 2012-03-06 04:10 - 3700155 ____A C:\Users\Dyck\Desktop\CB1.jpg
2012-03-06 03:48 - 2011-11-17 22:21 - 0008224 ____A C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2012-03-05 08:36 - 2012-03-05 08:16 - 0000000 ____D C:\Users\Dyck\Desktop\Statements_Receipts
2012-03-05 08:29 - 2012-03-05 08:27 - 0000000 ____D C:\Users\Dyck\Desktop\PDFs
2012-03-05 08:25 - 2012-03-05 08:18 - 0000000 ____D C:\Users\Dyck\Desktop\Images
2012-03-05 05:37 - 2011-02-03 17:38 - 0002308 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-03-05 00:09 - 2012-03-05 00:09 - 7024709 ____A C:\Users\Dyck\Desktop\1_17886_Brontoe-Book.pdf
2012-03-04 21:16 - 2011-11-20 21:17 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-03-04 21:16 - 2011-11-20 21:17 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-03-03 09:08 - 2012-03-03 09:01 - 0315583 ____A C:\Users\Dyck\Desktop\connections-dancers.psd
2012-03-02 07:12 - 2012-03-12 20:37 - 0001005 ____A C:\Users\Dyck\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-02 07:12 - 2012-03-12 20:37 - 0001005 ____A C:\Users\Dyck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-02 07:12 - 2011-02-05 21:28 - 0001025 ____A C:\Users\Dyck\Desktop\Dropbox.lnk
2012-03-01 00:01 - 2011-08-03 17:28 - 0020799 ____A C:\Windows\IE9_main.log
2012-02-29 22:40 - 2012-02-29 22:40 - 0002017 ____A C:\Users\Public\Desktop\PlayOn.lnk
2012-02-29 22:39 - 2012-02-29 22:38 - 30008024 ____A (MediaMall Technologies, Inc. ) C:\Users\Dyck\Desktop\PlayOnSetup.3.4.37.exe
2012-02-29 22:39 - 2009-08-21 21:24 - 0000000 ____D C:\Windows\Downloaded Installations
2012-02-29 18:46 - 2011-11-17 21:14 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-02-29 18:46 - 2011-11-17 21:14 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-02-28 19:43 - 2012-02-28 19:43 - 0000000 ____D C:\Users\Dyck\Desktop\12-00-375
2012-02-28 19:42 - 2012-02-28 19:42 - 0166826 ____A C:\Users\Dyck\Desktop\12-00-375.zip
2012-02-28 13:10 - 2012-02-28 13:01 - 0000472 ____A C:\Users\Dyck\Desktop\index.html
2012-02-28 12:59 - 2012-02-28 12:59 - 0000459 ____A C:\Users\Dyck\Desktop\AGTredirect.html
2012-02-27 08:13 - 2012-02-27 08:13 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-27 08:13 - 2011-05-19 21:14 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-25 07:31 - 2012-02-07 20:21 - 0170105 ____A C:\Users\Dyck\Desktop\error.xml
2012-02-21 11:38 - 2009-12-12 12:24 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-02-21 11:35 - 2012-02-21 11:35 - 1254264 ____A C:\Windows\Minidump\022112-20030-01.dmp
2012-02-21 11:35 - 2011-09-01 17:27 - 0000000 ____D C:\Windows\Minidump
2012-02-21 05:34 - 2012-02-21 05:33 - 0153600 ____A C:\Users\Dyck\Desktop\vangogh.ppt
2012-02-15 06:44 - 2009-08-21 21:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-15 03:47 - 2012-02-15 03:47 - 0000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-02-15 03:43 - 2011-04-14 08:12 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-11 23:12 - 2009-08-22 14:18 - 0773698 ____A C:\Windows\PFRO.log
2012-02-11 16:22 - 2011-08-05 09:35 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\FileZilla
2012-02-11 16:18 - 2012-02-11 16:18 - 7365076 ____A C:\Users\Dyck\Desktop\Artisteer.3.0.0.45570.exe.part
2012-02-11 09:15 - 2012-02-11 09:14 - 4518720 ____A (FileZilla Project) C:\Users\Dyck\Downloads\FileZilla_3.5.3_win32-setup.exe
2012-02-11 09:15 - 2011-08-05 09:35 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-02-10 14:10 - 2012-02-10 14:10 - 1965543 ____A C:\Users\Dyck\Desktop\intro to wp - Copy.pptx
2012-02-08 12:51 - 2012-02-08 12:51 - 0062357 ____A C:\Users\Dyck\Desktop\sobipro_system_senior_play_list.xml
2012-02-01 20:32 - 2012-02-01 20:32 - 8539165 ____A C:\Users\Dyck\Desktop\Leatherstocking Feb2012 web.pdf
2012-01-30 00:24 - 2012-01-30 00:24 - 0001235 ____A C:\Users\Dyck\Desktop\index_SPL.html
2012-01-29 02:10 - 2009-12-12 21:49 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-25 19:48 - 2011-11-15 12:40 - 0000000 ____D C:\Program Files (x86)\Akeeba
2012-01-25 19:47 - 2011-11-15 12:39 - 0741164 ____A (Akeeba Developers ) C:\Users\Dyck\Desktop\SetupAkeebaExtractWizard.exe
2012-01-25 06:43 - 2012-01-25 06:43 - 0212516 ____A C:\Users\Dyck\Desktop\data2.jpg
2012-01-25 06:42 - 2012-01-25 06:42 - 0286229 ____A C:\Users\Dyck\Desktop\data1.jpg
2012-01-24 21:26 - 2012-01-24 21:26 - 0017896 ____A C:\Users\Dyck\Desktop\SPL_regdata_0124.ods
2012-01-24 21:11 - 2012-01-24 21:11 - 0024615 ____A C:\Users\Dyck\Desktop\atai5_chronoforms_data_entertainer_form.csv
2012-01-24 19:10 - 2012-01-24 19:10 - 0218278 ____A C:\Users\Dyck\Desktop\joomla-2.5-banner-jpgs.zip
2012-01-24 19:07 - 2012-01-24 19:07 - 0284729 ____A C:\Users\Dyck\Desktop\joomla-development-strategy-en.jpg
2012-01-24 18:48 - 2012-01-24 18:48 - 0118784 ____A C:\Users\Dyck\Desktop\REGFORM2012_13.pdf
2012-01-24 13:45 - 2012-01-24 13:45 - 0228584 ____A C:\Users\Dyck\Desktop\mootools.jpg
2012-01-19 12:10 - 2012-01-19 12:10 - 0259217 ____A C:\Users\Dyck\Desktop\noeditor.jpg
2012-01-17 17:12 - 2011-04-29 07:12 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\Skype
2012-01-17 13:01 - 2012-01-17 13:01 - 0000134 ____A C:\Users\Dyck\Desktop\Internet Explorer Troubleshooting.url
2012-01-14 21:01 - 2012-01-14 21:01 - 13594441 ____A C:\Users\Dyck\Desktop\site-www.activitiescommunityandentertainerslinktoseniors.com-20120115-045924.jpa
2012-01-14 05:59 - 2012-01-14 05:59 - 0219718 ____A C:\Users\Dyck\Desktop\buttons.jpg
2012-01-13 20:06 - 2012-02-14 12:07 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-11 13:04 - 2009-07-13 18:34 - 0440137 ____R C:\Windows\System32\Drivers\etc\hosts
2012-01-11 12:22 - 2012-01-11 11:45 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-01-11 12:22 - 2012-01-11 11:45 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-01-11 11:45 - 2012-01-11 11:45 - 0001226 ____A C:\Users\Dyck\Desktop\Spybot - Search & Destroy.lnk
2012-01-11 11:44 - 2012-01-11 11:41 - 16409960 ____A (Safer Networking Limited ) C:\Users\Dyck\Desktop\spybotsd162.exe
2012-01-10 13:46 - 2012-01-10 13:46 - 0277240 ____A C:\Windows\Minidump\011012-20514-01.dmp
2012-01-10 05:13 - 2012-01-09 23:07 - 431182997 ____A C:\Users\Dyck\Desktop\lightroom4_p1_win64_011012.zip
2012-01-04 22:24 - 2012-01-04 22:24 - 0009393 ____A C:\Users\Dyck\Desktop\profile.jpg
2012-01-04 17:59 - 2012-01-04 17:59 - 1012707 ____A C:\Users\Dyck\Desktop\DL.jpg
2012-01-03 22:03 - 2011-11-01 20:55 - 0000000 ____D C:\Users\Dyck\AppData\Local\ElevatedDiagnostics
2012-01-02 08:34 - 2012-01-02 08:34 - 0012269 ____A C:\Users\Dyck\Desktop\leatherstocking_receipt.pdf
2012-01-02 07:22 - 2011-05-20 13:06 - 0773482 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2011-12-31 21:36 - 2011-09-20 23:25 - 0000000 ____D C:\Users\Dyck\Documents\My Smilebox Creations
2011-12-31 00:57 - 2011-12-31 00:57 - 0000000 ____D C:\Windows\Sun
2011-12-31 00:01 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2011-12-30 22:36 - 2012-03-12 20:37 - 0001203 ____A C:\Users\Dyck\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2011-12-30 22:36 - 2012-03-12 20:37 - 0001203 ____A C:\Users\Dyck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2011-12-30 22:35 - 2011-12-30 22:35 - 0000000 ____D C:\Users\Dyck\AppData\Roaming\OpenOffice.org
2011-12-29 21:16 - 2011-12-29 21:16 - 0000000 ____D C:\Users\Dyck\Tracing
2011-12-29 21:15 - 2011-12-29 21:00 - 0000000 ____D C:\Users\Dyck\AppData\Local\Windows Live
2011-12-29 21:14 - 2011-12-29 21:14 - 0000000 ____D C:\Windows\en
2011-12-29 21:09 - 2009-09-25 20:50 - 0000000 ____D C:\Program Files (x86)\Windows Live
2011-12-29 21:03 - 2011-12-29 21:03 - 0000000 ____D C:\Program Files\Windows Live
2011-12-29 21:01 - 2009-09-25 20:52 - 0031798 ____A C:\Windows\DirectX.log
2011-12-29 20:59 - 2011-12-29 20:59 - 21077864 ____A (Microsoft Corporation) C:\Users\Dyck\Desktop\wlsetup-idcrl.exe
2011-12-29 20:52 - 2011-12-29 20:52 - 0001120 ____A C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
2011-12-29 20:52 - 2011-12-29 20:52 - 0000000 ____D C:\Program Files (x86)\OpenOffice.org 3
2011-12-29 20:51 - 2011-12-29 20:51 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2011-12-29 20:51 - 2011-12-29 20:51 - 0153376 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2011-12-29 20:51 - 2011-12-29 20:51 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2011-12-29 20:51 - 2011-12-29 20:51 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2011-12-29 20:51 - 2011-12-29 20:51 - 0000000 ____D C:\Users\All Users\Sun
2011-12-29 20:51 - 2011-12-29 20:51 - 0000000 ____D C:\ProgramData\Sun
2011-12-29 20:51 - 2011-12-29 20:51 - 0000000 ____D C:\Program Files (x86)\Java
2011-12-29 20:50 - 2009-12-12 21:18 - 0000000 ____D C:\Users\Dyck\AppData\LocalLow
2011-12-29 20:47 - 2011-12-29 20:47 - 0000000 ____D C:\Users\Dyck\Desktop\OpenOffice.org 3.3 (en-US) Installation Files
2011-12-29 20:45 - 2011-12-29 20:42 - 158067944 ____A C:\Users\Dyck\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe
2011-12-29 08:04 - 2009-12-12 21:19 - 0000000 ____D C:\Users\Dyck\AppData\Local\VirtualStore
2011-12-28 21:32 - 2011-12-28 21:31 - 0000000 ____D C:\Windows\SysWOW64\screensaver_panther dir
2011-12-28 21:31 - 2011-12-28 21:31 - 0201728 ____A (ScreenTime Media) C:\Windows\SysWOW64\screensaver_panther.scr
2011-12-28 01:49 - 2011-12-28 01:49 - 0000000 ____D C:\Users\Dyck\Desktop\downloadpsdfile.com-pink-panther-icon-pack
2011-12-28 01:46 - 2011-12-28 01:46 - 0000000 ____D C:\Users\Dyck\Desktop\activity_kit
2011-12-28 00:31 - 2011-12-28 00:31 - 10270334 ____A C:\Users\Dyck\Desktop\activity_kit.zip
2011-12-28 00:28 - 2011-12-28 00:27 - 1852527 ____A C:\Users\Dyck\Desktop\screensaver_pc.zip
2011-12-27 19:59 - 2012-02-14 12:07 - 0498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2011-12-27 14:25 - 2011-12-27 14:25 - 0587107 ____A C:\Users\Dyck\Desktop\BBBcomplaintAFMU.jpg
2011-12-25 23:25 - 2011-09-26 22:54 - 0000000 ____D C:\Program Files (x86)\StartNow Toolbar
2011-12-24 01:32 - 2011-12-24 01:32 - 0123392 ____A C:\Users\Dyck\Desktop\ChristmasCoupons.dot
2011-12-21 21:41 - 2011-12-22 07:01 - 13602976 ____A C:\Users\Dyck\Desktop\site-aaaorganizing.com-20111222-044035.jpa
2011-12-21 21:11 - 2011-12-21 21:02 - 0000000 ____D C:\Users\Dyck\Documents\Goldens Realty

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 4024.91 MB
Available physical RAM: 3328.54 MB
Total Pagefile: 4023.06 MB
Available Pagefile: 3319.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:452.97 GB) (Free:385.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (PQSERVICE) (Fixed) (Total:12.7 GB) (Free:2.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:3.73 GB) (Free:3.68 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3819 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 12 GB 1024 KB
Partition 2 Primary 100 MB 12 GB
Partition 3 Primary 452 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 12 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 452 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 3818 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2011-11-01 04:34

======================= End Of Log ==========================

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 19 March 2012 - 10:46 PM

Please do the following...

•Open Notepad (Start > All Programs > Accessories > Notepad)

•Copy the entire contents of the code box below to Notepad.
•To do this, highlight the contents inside the box, right-click on it, and select: Copy
•Right-click the open Notepad and select: Paste

start
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start  http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBHAFUAVABHAC0AMABWAEwAUQBVAC0ANAA5AEQAMABBAC0AMwA0AEgATABDAC0AOQBUAFkAWABKAA"&"inst=NwA2AC0ANgAxADAANAA0ADEAOQA1ADMALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEAEQAVAArADIANwAwADgAOAAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEA"&"prod=94"&"ver=9.0.894 [x]
cmd: bootrec /FixMbr
TDL4: custom:26000022
end


In Notepad, go to File > Save as...
Save to: the USB flash drive
In File name use: fixlist.txt
Click: Save

FRST64.exe and fixlist.txt should now be on the flash drive.

•Next, plug the flash drive into the infected computer.

•Now, please enter System Recovery Options like you did in previously:
>>>Restart the computer > select: Command Prompt
•Type g:\frst64.exe, and press: Enter
(Note: Replace the drive letter g with the drive letter of your flash drive!)


•In FRST64, this time press the Fix button.
•The program saves a Fixlog.txt, on the flash drive.
•Click the Command prompt window, type exit, and press: Enter
•Back at the System Recovery Options, press: Restart
•Let the computer boot normally.


Please copy/paste the Fixlog.txt in your reply.

Also, were you able to boot normally to Windows?

Old duck...


#5 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 20 March 2012 - 12:25 AM

Thank You! Yes, Windows booted normally :thumbsup:

Here is the Fixlog.txt -

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-03-20 05:12:03 R:1
Running from G:\

==============================================

HKLM-x32\\\.\.\.\\RunOnce\\AvgUninstallURL Value deleted successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

==== End of Fixlog ====


Is my laptop safe to use now? Or do I need to perform further steps? Thank you sooo much for your help!

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 07:44 AM

:thumbup2: Good job!!

We need to press on with further steps to make sure Alureon is gone.

Please download the latest version of: TDSSKiller.exe

Execute the downloaded file:
Windows Seven - Right click and select 'Run as Administrator'

In the TDSSKiller Scan console, click on: Change parameters
Check the box for: Detect TDLFS file system
Click: OK

Press the button: Start Scan

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection. Please reboot.


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_23.10.2011_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also post whether TDSSKiller needed a reboot.

Old duck...


#7 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 20 March 2012 - 08:06 AM

The tool scans and detects two object types:
Malicious (where the malware has been identified)
Suspicious (where the malware cannot be identified)

When the scan is over, the tool outputs a list of detected objects (Malicious or Suspicious) with their description.

It automatically selects an action (Cure or Delete) for Malicious objects. Leave the setting as it is.

It also prompts the User to select an action to apply to Suspicious objects (Skip, by default). Leave the setting as it is.

After clicking 'Next/Continue', the tool applies the selected actions.


A Reboot Required prompt may appear after a disinfection. Please reboot.


By default, the tool outputs its log to the system disk root folder (the disk with the Windows operating system, normally C:\).

Logs have a name like:
C:\TDSSKiller.2.4.7_23.10.2011_15.31.43_log.txt

Please post the TDSSKiller log in your reply.

Also post whether TDSSKiller needed a reboot.


It didn't detect any threats - here is the report:

08:55:49.0457 5668 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:55:51.0166 5668 ============================================================
08:55:51.0166 5668 Current date / time: 2012/03/20 08:55:51.0166
08:55:51.0166 5668 SystemInfo:
08:55:51.0166 5668
08:55:51.0166 5668 OS Version: 6.1.7601 ServicePack: 1.0
08:55:51.0166 5668 Product type: Workstation
08:55:51.0166 5668 ComputerName: SPOTLIGHTLAPTOP
08:55:51.0166 5668 UserName: Dyck
08:55:51.0166 5668 Windows directory: C:\Windows
08:55:51.0166 5668 System windows directory: C:\Windows
08:55:51.0166 5668 Running under WOW64
08:55:51.0166 5668 Processor architecture: Intel x64
08:55:51.0167 5668 Number of processors: 2
08:55:51.0167 5668 Page size: 0x1000
08:55:51.0167 5668 Boot type: Normal boot
08:55:51.0167 5668 ============================================================
08:55:53.0338 5668 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:55:53.0346 5668 \Device\Harddisk0\DR0:
08:55:53.0346 5668 MBR used
08:55:53.0346 5668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
08:55:53.0346 5668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x389EF030
08:55:53.0379 5668 Initialize success
08:55:53.0379 5668 ============================================================
08:56:02.0822 4836 ============================================================
08:56:02.0822 4836 Scan started
08:56:02.0822 4836 Mode: Manual;
08:56:02.0822 4836 ============================================================
08:56:07.0988 4836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:56:07.0992 4836 1394ohci - ok
08:56:08.0536 4836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:56:08.0541 4836 ACPI - ok
08:56:08.0787 4836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:56:08.0788 4836 AcpiPmi - ok
08:56:09.0057 4836 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
08:56:09.0058 4836 adfs - ok
08:56:09.0317 4836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:56:09.0335 4836 adp94xx - ok
08:56:09.0723 4836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:56:09.0728 4836 adpahci - ok
08:56:10.0405 4836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:56:10.0408 4836 adpu320 - ok
08:56:10.0522 4836 Afc - ok
08:56:10.0725 4836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:56:10.0754 4836 AFD - ok
08:56:11.0023 4836 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
08:56:11.0062 4836 AgereSoftModem - ok
08:56:11.0292 4836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:56:11.0294 4836 agp440 - ok
08:56:11.0698 4836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:56:11.0698 4836 aliide - ok
08:56:12.0038 4836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:56:12.0039 4836 amdide - ok
08:56:12.0233 4836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:56:12.0234 4836 AmdK8 - ok
08:56:12.0412 4836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:56:12.0413 4836 AmdPPM - ok
08:56:12.0629 4836 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:56:12.0631 4836 amdsata - ok
08:56:12.0965 4836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:56:12.0967 4836 amdsbs - ok
08:56:13.0233 4836 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:56:13.0234 4836 amdxata - ok
08:56:13.0442 4836 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:56:13.0444 4836 AppID - ok
08:56:13.0736 4836 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:56:14.0590 4836 arc - ok
08:56:14.0759 4836 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:56:14.0761 4836 arcsas - ok
08:56:15.0092 4836 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:56:15.0093 4836 AsyncMac - ok
08:56:15.0411 4836 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:56:15.0412 4836 atapi - ok
08:56:15.0779 4836 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:56:15.0811 4836 b06bdrv - ok
08:56:16.0072 4836 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:56:16.0077 4836 b57nd60a - ok
08:56:16.0409 4836 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:56:16.0644 4836 BCM43XX - ok
08:56:16.0931 4836 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:56:16.0932 4836 Beep - ok
08:56:17.0319 4836 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:56:17.0320 4836 blbdrive - ok
08:56:17.0540 4836 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:56:17.0543 4836 bowser - ok
08:56:17.0752 4836 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:56:17.0752 4836 BrFiltLo - ok
08:56:17.0795 4836 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:56:17.0796 4836 BrFiltUp - ok
08:56:17.0874 4836 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:56:17.0880 4836 Brserid - ok
08:56:17.0939 4836 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:56:17.0940 4836 BrSerWdm - ok
08:56:18.0230 4836 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:56:18.0230 4836 BrUsbMdm - ok
08:56:18.0285 4836 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:56:18.0286 4836 BrUsbSer - ok
08:56:18.0554 4836 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:56:18.0555 4836 BTHMODEM - ok
08:56:19.0022 4836 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:56:19.0024 4836 cdfs - ok
08:56:19.0211 4836 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:56:19.0214 4836 cdrom - ok
08:56:19.0473 4836 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:56:19.0476 4836 circlass - ok
08:56:19.0727 4836 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:56:19.0747 4836 CLFS - ok
08:56:20.0057 4836 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:56:20.0058 4836 CmBatt - ok
08:56:20.0346 4836 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:56:20.0346 4836 cmdide - ok
08:56:20.0531 4836 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:56:20.0594 4836 CNG - ok
08:56:20.0913 4836 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:56:20.0914 4836 Compbatt - ok
08:56:21.0231 4836 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:56:21.0232 4836 CompositeBus - ok
08:56:21.0445 4836 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:56:21.0446 4836 crcdisk - ok
08:56:21.0807 4836 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
08:56:21.0808 4836 dfmirage - ok
08:56:22.0073 4836 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:56:22.0076 4836 DfsC - ok
08:56:22.0322 4836 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:56:22.0323 4836 discache - ok
08:56:22.0475 4836 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:56:22.0476 4836 Disk - ok
08:56:22.0492 4836 DKbFltr - ok
08:56:22.0732 4836 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:56:22.0732 4836 drmkaud - ok
08:56:22.0959 4836 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:56:22.0966 4836 DXGKrnl - ok
08:56:23.0291 4836 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:56:23.0377 4836 ebdrv - ok
08:56:23.0574 4836 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:56:23.0581 4836 elxstor - ok
08:56:23.0727 4836 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:56:23.0727 4836 ErrDev - ok
08:56:23.0852 4836 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:56:23.0854 4836 exfat - ok
08:56:24.0145 4836 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:56:24.0147 4836 fastfat - ok
08:56:24.0312 4836 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:56:24.0312 4836 fdc - ok
08:56:24.0462 4836 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:56:24.0463 4836 FileInfo - ok
08:56:24.0596 4836 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:56:24.0597 4836 Filetrace - ok
08:56:24.0903 4836 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:56:24.0904 4836 flpydisk - ok
08:56:25.0046 4836 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:56:25.0049 4836 FltMgr - ok
08:56:25.0363 4836 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:56:25.0364 4836 FsDepends - ok
08:56:25.0540 4836 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:56:25.0540 4836 Fs_Rec - ok
08:56:25.0785 4836 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:56:25.0787 4836 fvevol - ok
08:56:25.0913 4836 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:56:25.0914 4836 gagp30kx - ok
08:56:26.0087 4836 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:56:26.0088 4836 hcw85cir - ok
08:56:26.0246 4836 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:56:26.0250 4836 HdAudAddService - ok
08:56:26.0498 4836 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:56:26.0499 4836 HDAudBus - ok
08:56:26.0610 4836 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:56:26.0611 4836 HidBatt - ok
08:56:26.0713 4836 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:56:26.0714 4836 HidBth - ok
08:56:26.0849 4836 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:56:26.0850 4836 HidIr - ok
08:56:27.0151 4836 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:56:27.0153 4836 HidUsb - ok
08:56:27.0338 4836 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:56:27.0341 4836 HpSAMD - ok
08:56:27.0634 4836 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:56:27.0657 4836 HTTP - ok
08:56:27.0912 4836 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:56:27.0912 4836 hwpolicy - ok
08:56:28.0105 4836 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:56:28.0107 4836 i8042prt - ok
08:56:28.0407 4836 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
08:56:28.0410 4836 iaStor - ok
08:56:28.0784 4836 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:56:28.0791 4836 iaStorV - ok
08:56:29.0142 4836 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:56:29.0505 4836 igfx - ok
08:56:29.0805 4836 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:56:29.0807 4836 iirsp - ok
08:56:30.0076 4836 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
08:56:30.0095 4836 IntcAzAudAddService - ok
08:56:30.0306 4836 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
08:56:30.0309 4836 IntcHdmiAddService - ok
08:56:30.0494 4836 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:56:30.0494 4836 intelide - ok
08:56:30.0723 4836 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:56:30.0725 4836 intelppm - ok
08:56:30.0913 4836 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:56:30.0915 4836 IpFilterDriver - ok
08:56:31.0024 4836 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:56:31.0025 4836 IPMIDRV - ok
08:56:31.0351 4836 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:56:31.0353 4836 IPNAT - ok
08:56:31.0599 4836 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:56:31.0600 4836 IRENUM - ok
08:56:31.0712 4836 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:56:31.0712 4836 isapnp - ok
08:56:31.0860 4836 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:56:31.0864 4836 iScsiPrt - ok
08:56:32.0064 4836 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:56:32.0067 4836 k57nd60a - ok
08:56:32.0332 4836 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:56:32.0333 4836 kbdclass - ok
08:56:32.0946 4836 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:56:32.0947 4836 kbdhid - ok
08:56:33.0107 4836 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:56:33.0108 4836 KSecDD - ok
08:56:33.0223 4836 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:56:33.0225 4836 KSecPkg - ok
08:56:33.0424 4836 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:56:33.0424 4836 ksthunk - ok
08:56:33.0618 4836 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
08:56:33.0620 4836 L1E - ok
08:56:34.0100 4836 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
08:56:34.0100 4836 Lavasoft Kernexplorer - ok
08:56:34.0344 4836 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
08:56:34.0345 4836 Lbd - ok
08:56:34.0564 4836 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:56:34.0566 4836 lltdio - ok
08:56:34.0730 4836 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:56:34.0733 4836 LSI_FC - ok
08:56:35.0220 4836 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:56:35.0222 4836 LSI_SAS - ok
08:56:35.0377 4836 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:56:35.0379 4836 LSI_SAS2 - ok
08:56:35.0651 4836 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:56:36.0784 4836 LSI_SCSI - ok
08:56:36.0963 4836 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:56:36.0965 4836 luafv - ok
08:56:37.0160 4836 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:56:37.0161 4836 megasas - ok
08:56:37.0219 4836 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:56:37.0223 4836 MegaSR - ok
08:56:37.0565 4836 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:56:37.0566 4836 Modem - ok
08:56:37.0753 4836 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:56:37.0754 4836 monitor - ok
08:56:38.0007 4836 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:56:38.0008 4836 mouclass - ok
08:56:38.0145 4836 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:56:38.0146 4836 mouhid - ok
08:56:38.0339 4836 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:56:38.0341 4836 mountmgr - ok
08:56:38.0477 4836 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:56:38.0480 4836 mpio - ok
08:56:38.0624 4836 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:56:38.0626 4836 mpsdrv - ok
08:56:38.0912 4836 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:56:38.0915 4836 MRxDAV - ok
08:56:39.0195 4836 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:56:39.0198 4836 mrxsmb - ok
08:56:39.0356 4836 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:56:39.0361 4836 mrxsmb10 - ok
08:56:39.0501 4836 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:56:39.0504 4836 mrxsmb20 - ok
08:56:39.0592 4836 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:56:39.0593 4836 msahci - ok
08:56:39.0709 4836 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:56:39.0711 4836 msdsm - ok
08:56:39.0853 4836 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:56:39.0854 4836 Msfs - ok
08:56:40.0010 4836 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:56:40.0011 4836 mshidkmdf - ok
08:56:40.0065 4836 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:56:40.0066 4836 msisadrv - ok
08:56:40.0299 4836 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:56:40.0300 4836 MSKSSRV - ok
08:56:40.0623 4836 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:56:40.0624 4836 MSPCLOCK - ok
08:56:40.0847 4836 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:56:40.0848 4836 MSPQM - ok
08:56:40.0965 4836 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:56:40.0969 4836 MsRPC - ok
08:56:41.0943 4836 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:56:41.0944 4836 mssmbios - ok
08:56:43.0035 4836 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:56:43.0036 4836 MSTEE - ok
08:56:43.0329 4836 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
08:56:43.0329 4836 msvad_simple - ok
08:56:43.0531 4836 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:56:43.0532 4836 MTConfig - ok
08:56:43.0858 4836 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:56:43.0859 4836 Mup - ok
08:56:43.0954 4836 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:56:43.0954 4836 mwlPSDFilter - ok
08:56:44.0027 4836 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:56:44.0028 4836 mwlPSDNServ - ok
08:56:44.0174 4836 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:56:44.0175 4836 mwlPSDVDisk - ok
08:56:44.0431 4836 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:56:44.0434 4836 NativeWifiP - ok
08:56:44.0663 4836 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:56:44.0741 4836 NDIS - ok
08:56:45.0233 4836 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:56:45.0234 4836 NdisCap - ok
08:56:45.0532 4836 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:56:45.0532 4836 NdisTapi - ok
08:56:45.0825 4836 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:56:45.0827 4836 Ndisuio - ok
08:56:45.0890 4836 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:56:45.0892 4836 NdisWan - ok
08:56:45.0970 4836 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:56:45.0971 4836 NDProxy - ok
08:56:46.0227 4836 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:56:46.0228 4836 NetBIOS - ok
08:56:46.0389 4836 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:56:46.0392 4836 NetBT - ok
08:56:46.0747 4836 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:56:46.0892 4836 NETw5s64 - ok
08:56:47.0188 4836 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
08:56:47.0292 4836 netw5v64 - ok
08:56:47.0674 4836 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:56:47.0675 4836 nfrd960 - ok
08:56:47.0864 4836 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:56:47.0865 4836 Npfs - ok
08:56:47.0910 4836 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:56:47.0910 4836 nsiproxy - ok
08:56:48.0031 4836 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:56:48.0076 4836 Ntfs - ok
08:56:50.0349 4836 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:56:50.0350 4836 NTIDrvr - ok
08:56:50.0692 4836 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:56:50.0693 4836 Null - ok
08:56:51.0143 4836 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:56:51.0146 4836 nvraid - ok
08:56:51.0275 4836 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:56:51.0278 4836 nvstor - ok
08:56:51.0499 4836 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:56:51.0501 4836 nv_agp - ok
08:56:51.0986 4836 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:56:51.0988 4836 ohci1394 - ok
08:56:52.0277 4836 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:56:52.0402 4836 Parport - ok
08:56:52.0845 4836 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:56:52.0846 4836 partmgr - ok
08:56:52.0975 4836 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:56:52.0977 4836 pci - ok
08:56:53.0333 4836 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:56:53.0333 4836 pciide - ok
08:56:53.0537 4836 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:56:53.0825 4836 pcmcia - ok
08:56:53.0970 4836 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:56:53.0971 4836 pcw - ok
08:56:54.0014 4836 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:56:54.0031 4836 PEAUTH - ok
08:56:54.0299 4836 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:56:54.0301 4836 PptpMiniport - ok
08:56:54.0470 4836 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:56:54.0471 4836 Processor - ok
08:56:55.0034 4836 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:56:55.0036 4836 Psched - ok
08:56:55.0299 4836 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:56:55.0332 4836 ql2300 - ok
08:56:55.0913 4836 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:56:55.0915 4836 ql40xx - ok
08:56:56.0315 4836 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:56:56.0316 4836 QWAVEdrv - ok
08:56:56.0472 4836 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:56:56.0473 4836 RasAcd - ok
08:56:56.0780 4836 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:56:56.0782 4836 RasAgileVpn - ok
08:56:57.0032 4836 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:56:57.0035 4836 Rasl2tp - ok
08:56:57.0410 4836 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:56:57.0412 4836 RasPppoe - ok
08:56:58.0354 4836 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:56:58.0355 4836 RasSstp - ok
08:56:58.0486 4836 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:56:58.0491 4836 rdbss - ok
08:56:59.0095 4836 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:56:59.0097 4836 rdpbus - ok
08:56:59.0199 4836 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:56:59.0199 4836 RDPCDD - ok
08:56:59.0469 4836 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:56:59.0470 4836 RDPENCDD - ok
08:56:59.0821 4836 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:56:59.0822 4836 RDPREFMP - ok
08:57:00.0125 4836 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:57:00.0129 4836 RDPWD - ok
08:57:00.0286 4836 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:57:00.0290 4836 rdyboost - ok
08:57:00.0499 4836 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:57:00.0501 4836 rspndr - ok
08:57:00.0836 4836 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
08:57:00.0839 4836 RSUSBSTOR - ok
08:57:01.0024 4836 RtsUIR - ok
08:57:01.0132 4836 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:57:01.0134 4836 sbp2port - ok
08:57:01.0364 4836 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:57:01.0365 4836 scfilter - ok
08:57:01.0540 4836 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:57:01.0540 4836 secdrv - ok
08:57:03.0056 4836 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:57:03.0057 4836 Serenum - ok
08:57:04.0902 4836 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:57:04.0904 4836 Serial - ok
08:57:05.0247 4836 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:57:05.0248 4836 sermouse - ok
08:57:05.0583 4836 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:57:05.0584 4836 sffdisk - ok
08:57:05.0863 4836 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:57:05.0863 4836 sffp_mmc - ok
08:57:06.0333 4836 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:57:06.0334 4836 sffp_sd - ok
08:57:06.0436 4836 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:57:06.0437 4836 sfloppy - ok
08:57:07.0161 4836 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:57:07.0163 4836 SiSRaid2 - ok
08:57:07.0269 4836 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:57:07.0271 4836 SiSRaid4 - ok
08:57:07.0833 4836 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:57:07.0835 4836 Smb - ok
08:57:08.0043 4836 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:57:08.0044 4836 spldr - ok
08:57:08.0221 4836 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:57:08.0238 4836 srv - ok
08:57:08.0437 4836 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:57:08.0443 4836 srv2 - ok
08:57:08.0584 4836 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:57:08.0587 4836 srvnet - ok
08:57:08.0829 4836 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:57:08.0830 4836 stexstor - ok
08:57:09.0067 4836 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:57:09.0068 4836 swenum - ok
08:57:09.0919 4836 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
08:57:09.0921 4836 SynTP - ok
08:57:10.0502 4836 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:57:10.0580 4836 Tcpip - ok
08:57:11.0320 4836 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:57:11.0339 4836 TCPIP6 - ok
08:57:11.0466 4836 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:57:11.0468 4836 tcpipreg - ok
08:57:12.0073 4836 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:57:12.0074 4836 TDPIPE - ok
08:57:13.0617 4836 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:57:13.0695 4836 TDTCP - ok
08:57:14.0138 4836 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:57:14.0141 4836 tdx - ok
08:57:14.0411 4836 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:57:14.0412 4836 TermDD - ok
08:57:15.0343 4836 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:57:15.0344 4836 tssecsrv - ok
08:57:16.0865 4836 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:57:16.0866 4836 TsUsbFlt - ok
08:57:17.0769 4836 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:57:17.0771 4836 tunnel - ok
08:57:17.0925 4836 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:57:17.0926 4836 uagp35 - ok
08:57:18.0121 4836 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
08:57:18.0122 4836 UBHelper - ok
08:57:18.0242 4836 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:57:18.0247 4836 udfs - ok
08:57:18.0452 4836 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:57:18.0453 4836 uliagpkx - ok
08:57:18.0726 4836 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:57:18.0727 4836 umbus - ok
08:57:19.0102 4836 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:57:19.0103 4836 UmPass - ok
08:57:19.0283 4836 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
08:57:19.0285 4836 usbccgp - ok
08:57:19.0358 4836 USBCCID - ok
08:57:19.0444 4836 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:57:19.0446 4836 usbcir - ok
08:57:19.0519 4836 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
08:57:19.0520 4836 usbehci - ok
08:57:20.0401 4836 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
08:57:20.0406 4836 usbhub - ok
08:57:20.0580 4836 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
08:57:20.0581 4836 usbohci - ok
08:57:20.0792 4836 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:57:20.0794 4836 usbprint - ok
08:57:21.0003 4836 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:57:21.0005 4836 usbscan - ok
08:57:21.0147 4836 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:57:21.0150 4836 USBSTOR - ok
08:57:21.0277 4836 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
08:57:21.0278 4836 usbuhci - ok
08:57:22.0553 4836 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:57:22.0617 4836 usbvideo - ok
08:57:23.0027 4836 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:57:23.0028 4836 vdrvroot - ok
08:57:23.0528 4836 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:57:23.0561 4836 vga - ok
08:57:24.0353 4836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:57:24.0355 4836 VgaSave - ok
08:57:24.0759 4836 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:57:24.0763 4836 vhdmp - ok
08:57:24.0968 4836 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:57:24.0969 4836 viaide - ok
08:57:25.0045 4836 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:57:25.0047 4836 volmgr - ok
08:57:25.0187 4836 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:57:25.0192 4836 volmgrx - ok
08:57:25.0499 4836 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:57:25.0556 4836 volsnap - ok
08:57:26.0158 4836 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:57:26.0161 4836 vsmraid - ok
08:57:26.0576 4836 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:57:26.0578 4836 vwifibus - ok
08:57:26.0730 4836 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:57:26.0732 4836 vwififlt - ok
08:57:26.0919 4836 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:57:26.0920 4836 vwifimp - ok
08:57:27.0148 4836 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:57:27.0149 4836 WacomPen - ok
08:57:27.0776 4836 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:27.0778 4836 WANARP - ok
08:57:27.0821 4836 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:57:27.0822 4836 Wanarpv6 - ok
08:57:28.0374 4836 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:57:28.0375 4836 Wd - ok
08:57:28.0538 4836 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:57:28.0950 4836 Wdf01000 - ok
08:57:29.0470 4836 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:57:29.0471 4836 WfpLwf - ok
08:57:30.0057 4836 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:57:30.0058 4836 WIMMount - ok
08:57:30.0757 4836 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:57:30.0759 4836 WinUsb - ok
08:57:31.0320 4836 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:57:31.0321 4836 WmiAcpi - ok
08:57:31.0933 4836 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:57:31.0934 4836 ws2ifsl - ok
08:57:32.0054 4836 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:57:32.0056 4836 WudfPf - ok
08:57:32.0262 4836 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:57:32.0266 4836 WUDFRd - ok
08:57:32.0356 4836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:57:32.0478 4836 \Device\Harddisk0\DR0 - ok
08:57:32.0483 4836 Boot (0x1200) (8b0d31aa39380af8334bdbb7e1ece41a) \Device\Harddisk0\DR0\Partition0
08:57:32.0485 4836 \Device\Harddisk0\DR0\Partition0 - ok
08:57:32.0504 4836 Boot (0x1200) (4477145a302af49e28b781ec3738e7dd) \Device\Harddisk0\DR0\Partition1
08:57:32.0505 4836 \Device\Harddisk0\DR0\Partition1 - ok
08:57:32.0507 4836 ============================================================
08:57:32.0507 4836 Scan finished
08:57:32.0507 4836 ============================================================
08:57:32.0533 5744 Detected object count: 0
08:57:32.0533 5744 Actual detected object count: 0
08:59:50.0018 5620 ============================================================
08:59:50.0018 5620 Scan started
08:59:50.0018 5620 Mode: Manual;
08:59:50.0018 5620 ============================================================
08:59:50.0531 5620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:59:50.0533 5620 1394ohci - ok
08:59:50.0646 5620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:59:50.0649 5620 ACPI - ok
08:59:50.0698 5620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:59:50.0698 5620 AcpiPmi - ok
08:59:50.0734 5620 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
08:59:50.0735 5620 adfs - ok
08:59:50.0816 5620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:59:50.0821 5620 adp94xx - ok
08:59:50.0836 5620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:59:50.0839 5620 adpahci - ok
08:59:50.0882 5620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:59:50.0884 5620 adpu320 - ok
08:59:50.0896 5620 Afc - ok
08:59:50.0957 5620 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:59:50.0962 5620 AFD - ok
08:59:51.0022 5620 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
08:59:51.0034 5620 AgereSoftModem - ok
08:59:51.0070 5620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:59:51.0071 5620 agp440 - ok
08:59:51.0097 5620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:59:51.0098 5620 aliide - ok
08:59:51.0127 5620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:59:51.0128 5620 amdide - ok
08:59:51.0155 5620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:59:51.0156 5620 AmdK8 - ok
08:59:51.0166 5620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:59:51.0167 5620 AmdPPM - ok
08:59:51.0207 5620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:59:51.0208 5620 amdsata - ok
08:59:51.0243 5620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:59:51.0245 5620 amdsbs - ok
08:59:51.0267 5620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:59:51.0268 5620 amdxata - ok
08:59:51.0309 5620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:59:51.0310 5620 AppID - ok
08:59:51.0338 5620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:59:51.0340 5620 arc - ok
08:59:51.0353 5620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:59:51.0354 5620 arcsas - ok
08:59:51.0393 5620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:59:51.0393 5620 AsyncMac - ok
08:59:51.0423 5620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:59:51.0423 5620 atapi - ok
08:59:51.0481 5620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:59:51.0485 5620 b06bdrv - ok
08:59:51.0517 5620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:59:51.0520 5620 b57nd60a - ok
08:59:51.0576 5620 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:59:51.0588 5620 BCM43XX - ok
08:59:51.0619 5620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:59:51.0619 5620 Beep - ok
08:59:51.0651 5620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:59:51.0652 5620 blbdrive - ok
08:59:51.0684 5620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:59:51.0685 5620 bowser - ok
08:59:51.0706 5620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:59:51.0707 5620 BrFiltLo - ok
08:59:51.0718 5620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:59:51.0719 5620 BrFiltUp - ok
08:59:51.0785 5620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:59:51.0789 5620 Brserid - ok
08:59:51.0801 5620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:59:51.0802 5620 BrSerWdm - ok
08:59:51.0813 5620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:59:51.0814 5620 BrUsbMdm - ok
08:59:51.0829 5620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:59:51.0832 5620 BrUsbSer - ok
08:59:51.0843 5620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:59:51.0844 5620 BTHMODEM - ok
08:59:51.0899 5620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:59:51.0901 5620 cdfs - ok
08:59:51.0964 5620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:59:51.0965 5620 cdrom - ok
08:59:52.0051 5620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:59:52.0051 5620 circlass - ok
08:59:52.0127 5620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:59:52.0130 5620 CLFS - ok
08:59:52.0278 5620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:59:52.0279 5620 CmBatt - ok
08:59:52.0334 5620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:59:52.0335 5620 cmdide - ok
08:59:52.0385 5620 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:59:52.0390 5620 CNG - ok
08:59:52.0424 5620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:59:52.0425 5620 Compbatt - ok
08:59:52.0464 5620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:59:52.0465 5620 CompositeBus - ok
08:59:52.0489 5620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:59:52.0490 5620 crcdisk - ok
08:59:52.0573 5620 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
08:59:52.0574 5620 dfmirage - ok
08:59:52.0618 5620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:59:52.0619 5620 DfsC - ok
08:59:52.0649 5620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:59:52.0650 5620 discache - ok
08:59:52.0686 5620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:59:52.0687 5620 Disk - ok
08:59:52.0692 5620 DKbFltr - ok
08:59:52.0732 5620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:59:52.0733 5620 drmkaud - ok
08:59:52.0792 5620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:59:52.0801 5620 DXGKrnl - ok
08:59:52.0919 5620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:59:52.0949 5620 ebdrv - ok
08:59:53.0047 5620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:59:53.0053 5620 elxstor - ok
08:59:53.0116 5620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:59:53.0116 5620 ErrDev - ok
08:59:53.0142 5620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:59:53.0144 5620 exfat - ok
08:59:53.0190 5620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:59:53.0192 5620 fastfat - ok
08:59:53.0212 5620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:59:53.0213 5620 fdc - ok
08:59:53.0262 5620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:59:53.0263 5620 FileInfo - ok
08:59:53.0296 5620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:59:53.0297 5620 Filetrace - ok
08:59:53.0359 5620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:59:53.0360 5620 flpydisk - ok
08:59:53.0392 5620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:59:53.0394 5620 FltMgr - ok
08:59:53.0430 5620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:59:53.0431 5620 FsDepends - ok
08:59:53.0451 5620 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:59:53.0452 5620 Fs_Rec - ok
08:59:53.0508 5620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:59:53.0510 5620 fvevol - ok
08:59:53.0558 5620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:59:53.0559 5620 gagp30kx - ok
08:59:53.0609 5620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:59:53.0610 5620 hcw85cir - ok
08:59:53.0669 5620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:59:53.0673 5620 HdAudAddService - ok
08:59:53.0721 5620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:59:53.0722 5620 HDAudBus - ok
08:59:53.0744 5620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:59:53.0745 5620 HidBatt - ok
08:59:53.0757 5620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:59:53.0759 5620 HidBth - ok
08:59:53.0772 5620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:59:53.0773 5620 HidIr - ok
08:59:53.0819 5620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
08:59:53.0820 5620 HidUsb - ok
08:59:53.0882 5620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:59:53.0884 5620 HpSAMD - ok
08:59:53.0934 5620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:59:53.0944 5620 HTTP - ok
08:59:54.0001 5620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:59:54.0002 5620 hwpolicy - ok
08:59:54.0038 5620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:59:54.0040 5620 i8042prt - ok
08:59:54.0130 5620 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
08:59:54.0134 5620 iaStor - ok
08:59:54.0196 5620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:59:54.0200 5620 iaStorV - ok
08:59:54.0434 5620 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:59:54.0503 5620 igfx - ok
08:59:54.0547 5620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:59:54.0548 5620 iirsp - ok
08:59:54.0633 5620 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
08:59:54.0651 5620 IntcAzAudAddService - ok
08:59:54.0684 5620 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
08:59:54.0686 5620 IntcHdmiAddService - ok
08:59:54.0728 5620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:59:54.0728 5620 intelide - ok
08:59:54.0757 5620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:59:54.0758 5620 intelppm - ok
08:59:54.0802 5620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:59:54.0803 5620 IpFilterDriver - ok
08:59:54.0846 5620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:59:54.0848 5620 IPMIDRV - ok
08:59:54.0874 5620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:59:54.0875 5620 IPNAT - ok
08:59:54.0900 5620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:59:54.0901 5620 IRENUM - ok
08:59:54.0934 5620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:59:54.0935 5620 isapnp - ok
08:59:54.0983 5620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:59:54.0986 5620 iScsiPrt - ok
08:59:55.0020 5620 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:59:55.0023 5620 k57nd60a - ok
08:59:55.0044 5620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:59:55.0045 5620 kbdclass - ok
08:59:55.0080 5620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:59:55.0081 5620 kbdhid - ok
08:59:55.0129 5620 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:59:55.0131 5620 KSecDD - ok
08:59:55.0157 5620 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:59:55.0159 5620 KSecPkg - ok
08:59:55.0202 5620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:59:55.0203 5620 ksthunk - ok
08:59:55.0242 5620 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
08:59:55.0243 5620 L1E - ok
08:59:55.0411 5620 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
08:59:55.0412 5620 Lavasoft Kernexplorer - ok
08:59:55.0533 5620 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
08:59:55.0534 5620 Lbd - ok
08:59:55.0609 5620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:59:55.0610 5620 lltdio - ok
08:59:55.0664 5620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:59:55.0665 5620 LSI_FC - ok
08:59:55.0698 5620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:59:55.0699 5620 LSI_SAS - ok
08:59:55.0733 5620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:59:55.0734 5620 LSI_SAS2 - ok
08:59:55.0773 5620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:59:55.0777 5620 LSI_SCSI - ok
08:59:55.0830 5620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:59:55.0832 5620 luafv - ok
08:59:55.0894 5620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:59:55.0895 5620 megasas - ok
08:59:55.0930 5620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:59:55.0933 5620 MegaSR - ok
08:59:55.0977 5620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:59:55.0977 5620 Modem - ok
08:59:56.0031 5620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:59:56.0032 5620 monitor - ok
08:59:56.0076 5620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
08:59:56.0077 5620 mouclass - ok
08:59:56.0123 5620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:59:56.0124 5620 mouhid - ok
08:59:56.0162 5620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:59:56.0164 5620 mountmgr - ok
08:59:56.0211 5620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:59:56.0213 5620 mpio - ok
08:59:56.0269 5620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:59:56.0270 5620 mpsdrv - ok
08:59:56.0324 5620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:59:56.0326 5620 MRxDAV - ok
08:59:56.0362 5620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:59:56.0364 5620 mrxsmb - ok
08:59:56.0401 5620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:59:56.0404 5620 mrxsmb10 - ok
08:59:56.0424 5620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:59:56.0426 5620 mrxsmb20 - ok
08:59:56.0459 5620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:59:56.0460 5620 msahci - ok
08:59:56.0498 5620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:59:56.0500 5620 msdsm - ok
08:59:56.0554 5620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:59:56.0554 5620 Msfs - ok
08:59:56.0588 5620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:59:56.0589 5620 mshidkmdf - ok
08:59:56.0621 5620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:59:56.0622 5620 msisadrv - ok
08:59:56.0655 5620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:59:56.0656 5620 MSKSSRV - ok
08:59:56.0690 5620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:59:56.0691 5620 MSPCLOCK - ok
08:59:56.0705 5620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:59:56.0706 5620 MSPQM - ok
08:59:56.0755 5620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:59:56.0759 5620 MsRPC - ok
08:59:56.0789 5620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:59:56.0790 5620 mssmbios - ok
08:59:56.0824 5620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:59:56.0825 5620 MSTEE - ok
08:59:56.0863 5620 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
08:59:56.0864 5620 msvad_simple - ok
08:59:56.0888 5620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:59:56.0888 5620 MTConfig - ok
08:59:56.0926 5620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:59:56.0929 5620 Mup - ok
08:59:56.0977 5620 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:59:56.0978 5620 mwlPSDFilter - ok
08:59:57.0017 5620 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:59:57.0018 5620 mwlPSDNServ - ok
08:59:57.0064 5620 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:59:57.0065 5620 mwlPSDVDisk - ok
08:59:57.0133 5620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:59:57.0136 5620 NativeWifiP - ok
08:59:57.0201 5620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:59:57.0210 5620 NDIS - ok
08:59:57.0257 5620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:59:57.0258 5620 NdisCap - ok
08:59:57.0288 5620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:59:57.0289 5620 NdisTapi - ok
08:59:57.0338 5620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:59:57.0339 5620 Ndisuio - ok
08:59:57.0392 5620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:59:57.0394 5620 NdisWan - ok
08:59:57.0449 5620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:59:57.0450 5620 NDProxy - ok
08:59:57.0483 5620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:59:57.0485 5620 NetBIOS - ok
08:59:57.0524 5620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:59:57.0527 5620 NetBT - ok
08:59:57.0766 5620 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:59:57.0830 5620 NETw5s64 - ok
08:59:57.0994 5620 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
08:59:58.0044 5620 netw5v64 - ok
08:59:58.0099 5620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:59:58.0100 5620 nfrd960 - ok
08:59:58.0121 5620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:59:58.0122 5620 Npfs - ok
08:59:58.0144 5620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:59:58.0145 5620 nsiproxy - ok
08:59:58.0226 5620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:59:58.0242 5620 Ntfs - ok
08:59:58.0295 5620 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
08:59:58.0296 5620 NTIDrvr - ok
08:59:58.0360 5620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:59:58.0361 5620 Null - ok
08:59:58.0411 5620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:59:58.0413 5620 nvraid - ok
08:59:58.0454 5620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:59:58.0456 5620 nvstor - ok
08:59:58.0470 5620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:59:58.0472 5620 nv_agp - ok
08:59:58.0509 5620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:59:58.0510 5620 ohci1394 - ok
08:59:58.0645 5620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:59:58.0646 5620 Parport - ok
08:59:58.0690 5620 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:59:58.0691 5620 partmgr - ok
08:59:58.0787 5620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:59:58.0789 5620 pci - ok
08:59:58.0845 5620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:59:58.0846 5620 pciide - ok
08:59:58.0905 5620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:59:58.0908 5620 pcmcia - ok
08:59:58.0938 5620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:59:58.0939 5620 pcw - ok
08:59:58.0972 5620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:59:58.0978 5620 PEAUTH - ok
08:59:59.0067 5620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:59:59.0069 5620 PptpMiniport - ok
08:59:59.0093 5620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:59:59.0094 5620 Processor - ok
08:59:59.0157 5620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:59:59.0159 5620 Psched - ok
08:59:59.0236 5620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:59:59.0251 5620 ql2300 - ok
08:59:59.0281 5620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:59:59.0285 5620 ql40xx - ok
08:59:59.0316 5620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:59:59.0319 5620 QWAVEdrv - ok
08:59:59.0352 5620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:59:59.0353 5620 RasAcd - ok
08:59:59.0381 5620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:59:59.0382 5620 RasAgileVpn - ok
08:59:59.0422 5620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:59:59.0423 5620 Rasl2tp - ok
08:59:59.0466 5620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:59:59.0467 5620 RasPppoe - ok
08:59:59.0510 5620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:59:59.0512 5620 RasSstp - ok
08:59:59.0564 5620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:59:59.0568 5620 rdbss - ok
08:59:59.0585 5620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:59:59.0586 5620 rdpbus - ok
08:59:59.0622 5620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:59:59.0623 5620 RDPCDD - ok
08:59:59.0670 5620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:59:59.0671 5620 RDPENCDD - ok
08:59:59.0687 5620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:59:59.0688 5620 RDPREFMP - ok
08:59:59.0749 5620 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:59:59.0751 5620 RDPWD - ok
08:59:59.0821 5620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:59:59.0823 5620 rdyboost - ok
08:59:59.0890 5620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:59:59.0891 5620 rspndr - ok
08:59:59.0971 5620 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
08:59:59.0974 5620 RSUSBSTOR - ok
08:59:59.0984 5620 RtsUIR - ok
09:00:00.0033 5620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:00:00.0035 5620 sbp2port - ok
09:00:00.0106 5620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:00:00.0107 5620 scfilter - ok
09:00:00.0175 5620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:00:00.0175 5620 secdrv - ok
09:00:00.0235 5620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:00:00.0236 5620 Serenum - ok
09:00:00.0272 5620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:00:00.0273 5620 Serial - ok
09:00:00.0326 5620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:00:00.0327 5620 sermouse - ok
09:00:00.0430 5620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:00:00.0430 5620 sffdisk - ok
09:00:00.0455 5620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:00:00.0456 5620 sffp_mmc - ok
09:00:00.0480 5620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:00:00.0481 5620 sffp_sd - ok
09:00:00.0516 5620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:00:00.0517 5620 sfloppy - ok
09:00:00.0596 5620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:00:00.0598 5620 SiSRaid2 - ok
09:00:00.0640 5620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:00:00.0641 5620 SiSRaid4 - ok
09:00:00.0668 5620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:00:00.0670 5620 Smb - ok
09:00:00.0712 5620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:00:00.0713 5620 spldr - ok
09:00:00.0779 5620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:00:00.0784 5620 srv - ok
09:00:00.0862 5620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:00:00.0866 5620 srv2 - ok
09:00:00.0896 5620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:00:00.0899 5620 srvnet - ok
09:00:00.0964 5620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:00:00.0965 5620 stexstor - ok
09:00:01.0014 5620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:00:01.0015 5620 swenum - ok
09:00:01.0053 5620 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
09:00:01.0056 5620 SynTP - ok
09:00:01.0159 5620 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:00:01.0180 5620 Tcpip - ok
09:00:01.0266 5620 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:00:01.0284 5620 TCPIP6 - ok
09:00:01.0345 5620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:00:01.0347 5620 tcpipreg - ok
09:00:01.0407 5620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:00:01.0408 5620 TDPIPE - ok
09:00:01.0429 5620 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
09:00:01.0430 5620 TDTCP - ok
09:00:01.0484 5620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:00:01.0486 5620 tdx - ok
09:00:01.0524 5620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:00:01.0525 5620 TermDD - ok
09:00:01.0644 5620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:00:01.0645 5620 tssecsrv - ok
09:00:01.0678 5620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:00:01.0678 5620 TsUsbFlt - ok
09:00:01.0738 5620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:00:01.0739 5620 tunnel - ok
09:00:01.0793 5620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:00:01.0794 5620 uagp35 - ok
09:00:01.0868 5620 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
09:00:01.0868 5620 UBHelper - ok
09:00:01.0923 5620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:00:01.0926 5620 udfs - ok
09:00:01.0987 5620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:00:01.0989 5620 uliagpkx - ok
09:00:02.0039 5620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:00:02.0042 5620 umbus - ok
09:00:02.0071 5620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:00:02.0072 5620 UmPass - ok
09:00:02.0130 5620 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
09:00:02.0131 5620 usbccgp - ok
09:00:02.0146 5620 USBCCID - ok
09:00:02.0191 5620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:00:02.0193 5620 usbcir - ok
09:00:02.0233 5620 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
09:00:02.0234 5620 usbehci - ok
09:00:02.0270 5620 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
09:00:02.0273 5620 usbhub - ok
09:00:02.0293 5620 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
09:00:02.0294 5620 usbohci - ok
09:00:02.0328 5620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:00:02.0329 5620 usbprint - ok
09:00:02.0361 5620 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:00:02.0362 5620 usbscan - ok
09:00:02.0394 5620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:00:02.0396 5620 USBSTOR - ok
09:00:02.0423 5620 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
09:00:02.0424 5620 usbuhci - ok
09:00:02.0486 5620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:00:02.0489 5620 usbvideo - ok
09:00:02.0540 5620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:00:02.0541 5620 vdrvroot - ok
09:00:02.0608 5620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:00:02.0609 5620 vga - ok
09:00:02.0656 5620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:00:02.0657 5620 VgaSave - ok
09:00:02.0729 5620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:00:02.0731 5620 vhdmp - ok
09:00:02.0770 5620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:00:02.0771 5620 viaide - ok
09:00:02.0815 5620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:00:02.0816 5620 volmgr - ok
09:00:02.0872 5620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:00:02.0876 5620 volmgrx - ok
09:00:02.0958 5620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:00:02.0962 5620 volsnap - ok
09:00:03.0016 5620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:00:03.0019 5620 vsmraid - ok
09:00:03.0057 5620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:00:03.0058 5620 vwifibus - ok
09:00:03.0088 5620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:00:03.0089 5620 vwififlt - ok
09:00:03.0143 5620 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:00:03.0144 5620 vwifimp - ok
09:00:03.0183 5620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:00:03.0185 5620 WacomPen - ok
09:00:03.0222 5620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:03.0224 5620 WANARP - ok
09:00:03.0230 5620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:00:03.0232 5620 Wanarpv6 - ok
09:00:03.0265 5620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:00:03.0267 5620 Wd - ok
09:00:03.0318 5620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:00:03.0324 5620 Wdf01000 - ok
09:00:03.0383 5620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:00:03.0384 5620 WfpLwf - ok
09:00:03.0403 5620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:00:03.0404 5620 WIMMount - ok
09:00:03.0482 5620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:00:03.0483 5620 WinUsb - ok
09:00:03.0556 5620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:00:03.0557 5620 WmiAcpi - ok
09:00:03.0613 5620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:00:03.0614 5620 ws2ifsl - ok
09:00:03.0668 5620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:00:03.0669 5620 WudfPf - ok
09:00:03.0697 5620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:00:03.0700 5620 WUDFRd - ok
09:00:03.0781 5620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:00:03.0847 5620 \Device\Harddisk0\DR0 - ok
09:00:03.0852 5620 Boot (0x1200) (8b0d31aa39380af8334bdbb7e1ece41a) \Device\Harddisk0\DR0\Partition0
09:00:03.0854 5620 \Device\Harddisk0\DR0\Partition0 - ok
09:00:03.0884 5620 Boot (0x1200) (4477145a302af49e28b781ec3738e7dd) \Device\Harddisk0\DR0\Partition1
09:00:03.0886 5620 \Device\Harddisk0\DR0\Partition1 - ok
09:00:03.0886 5620 ============================================================
09:00:03.0886 5620 Scan finished
09:00:03.0887 5620 ============================================================
09:00:03.0902 5508 Detected object count: 0
09:00:03.0902 5508 Actual detected object count: 0

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 10:47 AM

:thumbup2:

It is best to tackle Alureon with more than one program. What one may miss, another one may show.

Since you attempted to run MBAM earlier, let's see if this time it will go...

Please do the following...

If you haven't already, download Malwarebytes' Anti-Malware

Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Temporarily disable such programs as shown here, or permit them to allow the changes.

Windows Seven: Right-click and select 'Run as Administrator'

When the installation begins, follow the prompts and do not make any changes to default settings.

Make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware


Click: Finish

MBAM automatically starts and you are asked to update the program.

If an update is found, the program automatically updates itself.
Press the OK button to close the box and continue.


On the Scanner tab:
Make sure the Perform Full Scan option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected.
Click on the Start Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows The scan completed successfully. Click 'Show Results' to display all objects found

Click OK to close the message box and continue with the removal process.


Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware found.
Make sure that everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.

The log is automatically saved and seen by clicking the Logs tab.

Please copy/paste the entire contents of the MBAM report in your reply.

Exit MBAM when done.


Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot your computer so MBAM can proceed with the
disinfection process. If asked to restart the computer, please do so immediately.

Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.

Edited by Aaflac, 20 March 2012 - 11:03 AM.

Old duck...


#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 11:06 AM

Also, let's see what the following short scan shows.

Please download RogueKiller

•When you get to the website, go to where it says:
(Download link) Lien de téléchargement: Posted Image
•Click the dark-blue button to download.
•Save to the Desktop

•Close all windows and browsers
•Windows Seven: Right-click and select 'Run as Administrator'
•Press: SCAN
•A report opens on the Desktop: RKreport.txt

Please copy/paste the RKreport.txt , and provide it in your reply.

Old duck...


#10 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 20 March 2012 - 01:14 PM

It did find one item & did a restart. Here is the MBAM log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dyck :: SPOTLIGHTLAPTOP [administrator]

3/20/2012 1:08:50 PM
mbam-log-2012-03-20 (13-08-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 436298
Time elapsed: 55 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#11 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 20 March 2012 - 01:25 PM

Here is the RKreport:

RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Dyck [Admin rights]
Mode: Scan -- Date: 03/20/2012 14:20:07

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] SmileboxTray.exe -- C:\Users\Dyck\AppData\Roaming\Smilebox\SmileboxTray.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Users\Dyck\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND
[SUSP PATH] HKCU\[...]\Run : Pixetell ("C:\Users\Dyck\AppData\Local\Pixetell\Pixetell.exe" /MsiLaunchFeature) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2801294708-3279089713-2791965329-1001[...]\Run : SmileboxTray ("C:\Users\Dyck\AppData\Roaming\Smilebox\SmileboxTray.exe") -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2801294708-3279089713-2791965329-1001[...]\Run : Pixetell ("C:\Users\Dyck\AppData\Local\Pixetell\Pixetell.exe" /MsiLaunchFeature) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 +++++
--- User ---
[MBR] d851339e61c860ba36b5337a803aecbf
[BSP] e738695a9f52c99b94054707d908f07d : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 463838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 09:15 PM

Did you install SmileboxTray, or Pixetell?

Old duck...


#13 UghhhHelpMe

UghhhHelpMe
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 20 March 2012 - 09:34 PM

Yes, they are both software that I installed.

#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 11:01 PM

Looks as if RogueKiller is picking up some false positives there. We'll let them be, for now.

To get rid of any remnants that other programs may have not picked up, let's run the ESET Online Scanner:

One more time, please disable your AntiVirus program and any AntiSpyware programs while performing the scan. It will preclude conflicts, and
will speed up scan time.

For information on how to disable protective programs, refer to this link:
http://www.bleepingcomputer.com/forums/topic114351.html


Since you are using Windows Seven to perform this scan, go to the Start button, look for the Internet Explorer browser icon, right-click it and select 'Run as administrator'

In the IE browser address bar, copy paste the following 'http' address (do not copy the word code):
http://www.eset.com/us/online-scanner

Press the ESET Online Scanner button
  • In the prompt that appears, check 'Yes' to Accept Terms of Use, and click the 'Start' button
  • Allow the ActiveX to download, and click: 'Install'
  • Click Start
  • Make sure that the option Remove found threats is unticked/unchecked
  • Click: Scan
  • Wait for the scan to finish...it may take a while.
  • If any threats are found, click the 'List of found threats', then click Export to text file....
  • Save the file to your Desktop as: ESET Scan.

Please provide the contents of the ESET Scan in your reply.

Old duck...


#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:01:25 AM

Posted 20 March 2012 - 11:02 PM

Post duplicated. Please disregard.

Edited by Aaflac, 20 March 2012 - 11:07 PM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users