Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart Hdd Google Redirect Virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 flsunshinegirl44

flsunshinegirl44

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 06 April 2012 - 02:55 PM

Running Windows Vista Home Premium Service Pack 2 32 bit. I was infected with the Smart HDD Virus last Sunday. I was finally able to download the Malwarebytes & run that. However I had to exit the "safe mode" in order to do so, download it in regular mode then had to go back into "safe mode" to run again. Have also run the Avast full scan, Iobit Malware Fighter, Advanced System Care scans as well as my CC Cleaner. All seemed to get rid of the virus however one if them detected the virus again. I'm sorry at this point with all I have tried to do I cannot recall which antivirus program detected it. However one detect the virus at the moment. I have run all in both safe mode & regular mode. I was finally able to run RKill yesterday but again only by downloading to my desktop in regular mode then going into safe mode to run it. It detected no malware. I was able to restore my desktop & shortcuts ONLY by doing a system restore & going into "my computer", "organize", "folder & search options", going to the "view" tab & checking the "show hidden files & folders" as well as unchecking the "hide protected operating system files (recommended)" in order to be able to access my hidden files. My desktop was restored as were my files/folders however again I did show the Smart HDD in one of my anit-virus scans a few days ago, removed it from that scan to get rid of. However I'm still getting redirected on google searches as well as getting pop ups saying "ATI-catalyst control centre: host application has stopped working" as well as "DNS host has stopped working" or something to that effect, sorry but have not yet gotten the DNS pop up yet today to copy exactly what it is saying. All is working fine accept for the google redirects but my computer is a bit slower than usual however not real bad.
I went in again last evening to "safe mode", further did the RKill (again had to install in regular mode then go back to safe mode to run as would not let me download in safe mode. I ran that, shows nothing. I then tried to run the TDSSKiller, nothing. Again I went into regular mode this morning to install it & getting the same as everyone else, lets me download it just not run it...I keep getting the circle but nothing more & have also renamed it. Then tried to download the Unhide.exe in both safe mode as well as regular, nothing won't let me download it. I just don't know what else to do & am totally lost at this point. I also want to know what happens if I do a back-up to my external hard drive..will it pass on the virus to that as well? I have also uninstalled all of my Malware scan programs as well as Avast, one at a time after I THOUGHT the smart hdd was gone & then reinstalled in case the virus got them to bypass it. Another question I had is the Malwarebytes keeps giving me pop ups showing it blocking my Avast. Have gone in to allow that to be bypassed but it is still popping up through Malwarebytes so I'm not sure whats happening with that. Do I have TOO many anit-virus programs installed & are they fighting wach other? I'm also upset because have Windows Security plus the Avast as well as the Advanced System Care & CC Cleaner on my system. I run my CC Cleaner as well as the Advanced System Care every evening prior to shutting off my laptop along with my Avast that scans daily. How did all these programs allow me to get this in the first place? I did open the smart hdd because for one have so many of these types of programs on here I thought it was one of those. Now once I get this fixed wanting to know if there is just ONE FREE antivirus I can run that will protect me. I only had Avast for the longest time & not a single problem in many years..now this? I hope you can help me get this fixed quickly. Thanks so much for any help in advance. Please be specific to Windows Vista instructions because quite frankly the way it does downloads really confuses me & seems to be much more complicated than it needs to be...these binery file download things are very confusing & have no idea where to even find them if I miss the while "downloads have finished" pop up box down by the lower task bar.

This is my Malwarebytes log I just ran from a scan:
Database version: v2012.04.05.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lisa :: LISA-PC [administrator]
Protection: Enabled
4/6/2012 12:29:55 PM
mbam-log-2012-04-06 (12-29-55).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341318
Time elapsed: 2 hour(s), 4 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

2012/04/06 00:27:51 -0500 LISA-PC Lisa MESSAGE Starting protection
2012/04/06 00:27:54 -0500 LISA-PC Lisa MESSAGE Protection started successfully
2012/04/06 00:27:57 -0500 LISA-PC Lisa MESSAGE Starting IP protection
2012/04/06 00:28:01 -0500 LISA-PC Lisa MESSAGE IP Protection started successfully
2012/04/06 00:30:22 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 49724, Process: avastsvc.exe)
2012/04/06 00:30:22 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 49725, Process: avastsvc.exe)
2012/04/06 00:56:06 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 49993, Process: avastsvc.exe)
2012/04/06 01:06:40 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50024, Process: avastsvc.exe)
2012/04/06 01:06:40 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50025, Process: avastsvc.exe)
2012/04/06 01:10:48 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50042, Process: avastsvc.exe)
2012/04/06 01:10:48 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50043, Process: avastsvc.exe)
2012/04/06 01:36:41 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50257, Process: avastsvc.exe)
2012/04/06 01:36:41 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50258, Process: avastsvc.exe)
2012/04/06 01:58:22 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50302, Process: avastsvc.exe)
2012/04/06 01:58:22 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50303, Process: avastsvc.exe)
2012/04/06 10:53:08 -0500 LISA-PC Lisa MESSAGE Starting protection
2012/04/06 10:53:10 -0500 LISA-PC Lisa MESSAGE Executing scheduled update: Daily
2012/04/06 10:53:11 -0500 LISA-PC Lisa ERROR Scheduled update failed: Net Exception failed with error code 10093
2012/04/06 10:53:11 -0500 LISA-PC Lisa MESSAGE Protection started successfully
2012/04/06 10:53:14 -0500 LISA-PC Lisa MESSAGE Starting IP protection
2012/04/06 10:53:16 -0500 LISA-PC Lisa MESSAGE IP Protection started successfully
2012/04/06 10:54:19 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49322, Process: avastsvc.exe)
2012/04/06 10:54:19 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49323, Process: avastsvc.exe)
2012/04/06 10:56:04 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49329, Process: avastsvc.exe)
2012/04/06 11:18:01 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50064, Process: avastsvc.exe)
2012/04/06 11:18:01 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50065, Process: avastsvc.exe)
2012/04/06 11:31:36 -0500 LISA-PC Lisa MESSAGE Starting protection
2012/04/06 11:31:39 -0500 LISA-PC Lisa MESSAGE Protection started successfully
2012/04/06 11:31:42 -0500 LISA-PC Lisa MESSAGE Starting IP protection
2012/04/06 11:31:44 -0500 LISA-PC Lisa MESSAGE IP Protection started successfully
2012/04/06 11:34:23 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 49622, Process: avastsvc.exe)
2012/04/06 11:34:23 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 49623, Process: avastsvc.exe)
2012/04/06 11:56:10 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50249, Process: avastsvc.exe)
2012/04/06 11:58:10 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50271, Process: avastsvc.exe)
2012/04/06 11:58:10 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50272, Process: avastsvc.exe)
2012/04/06 12:00:11 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50316, Process: avastsvc.exe)
2012/04/06 12:21:57 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50495, Process: avastsvc.exe)
2012/04/06 12:21:57 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50496, Process: avastsvc.exe)
2012/04/06 12:43:48 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50657, Process: avastsvc.exe)
2012/04/06 12:43:48 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50658, Process: avastsvc.exe)
2012/04/06 12:45:49 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50664, Process: avastsvc.exe)
2012/04/06 12:45:49 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50665, Process: avastsvc.exe)
2012/04/06 12:47:42 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50678, Process: avastsvc.exe)
2012/04/06 12:47:42 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50679, Process: avastsvc.exe)
2012/04/06 13:07:35 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50724, Process: avastsvc.exe)
2012/04/06 13:07:35 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50725, Process: avastsvc.exe)
2012/04/06 13:09:20 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50731, Process: avastsvc.exe)
2012/04/06 13:09:20 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50732, Process: avastsvc.exe)
2012/04/06 13:33:06 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51621, Process: avastsvc.exe)
2012/04/06 13:33:06 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51622, Process: avastsvc.exe)
2012/04/06 13:35:07 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51628, Process: avastsvc.exe)
2012/04/06 13:35:07 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51629, Process: avastsvc.exe)
2012/04/06 13:56:52 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 51674, Process: avastsvc.exe)
2012/04/06 13:56:52 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 51675, Process: avastsvc.exe)
2012/04/06 14:00:53 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51685, Process: avastsvc.exe)
2012/04/06 14:00:53 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 51686, Process: avastsvc.exe)
2012/04/06 14:25:21 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51793, Process: avastsvc.exe)
2012/04/06 14:25:21 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51794, Process: avastsvc.exe)
2012/04/06 14:27:14 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51806, Process: avastsvc.exe)
2012/04/06 14:27:14 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51807, Process: avastsvc.exe)
2012/04/06 14:49:11 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 52103, Process: avastsvc.exe)
2012/04/06 14:49:11 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 52104, Process: avastsvc.exe)
2012/04/06 14:53:11 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52118, Process: avastsvc.exe)
2012/04/06 15:11:06 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52153, Process: avastsvc.exe)
2012/04/06 15:11:06 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52154, Process: avastsvc.exe)
2012/04/06 15:12:50 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 52160, Process: avastsvc.exe)
2012/04/06 15:12:50 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 52161, Process: avastsvc.exe)
2012/04/06 15:14:42 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52172, Process: avastsvc.exe)
2012/04/06 15:14:42 -0500 LISA-PC Lisa IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52173, Process: avastsvc.exe)

I ran Rkill but kept getting popups from my Avast saying "analyzing suspicious program" these pop ups kept popping up one after another from Avast. These are my results from RKill:
This log file is located at C:\rkill.log:

Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 04/06/2012 at 15:23:22.
Operating System: Windows Vista ™ Home Premium
Processes terminated by Rkill or while it was running:
Rkill completed on 04/06/2012 at 15:25:30.

As I mentioned before I ran the Avast, Iobit Malware Fighter & Advanced System Care 5 all last night with none of them showing any issues found. These were all ran in both safe mode as well as regular mode & nothings been fixed with my google search or the other ATI/DNS pop ups showing. I can attach those lofs if necessary.

The logs I attached for the Malwarebytes & the Rkill I just ran in regular mode NOT safe mode.

Any help will be greatly appreciated thanks so much!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 06 April 2012 - 03:09 PM

Hello,I moved this to Am I INfected from Vista..

Go back int safe mode with Networking..

Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.
>>>

Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 11 April 2012 - 12:13 PM

Have since been reinfected with smart hdd, this time it even showed up on my desktop.

I went into computer & unchecked "show hidden files/folders" as well as the other hidden files/folders that was not recommended hoping would get all my hidden files but but onyl some are showing not all as before becoming reinfected. But last time I did a system restore which I'm holding out on doing at the moment.

I Went ahead & just uninstalled every malware & antivirus program. I've run Rkill in safe mode however could not run as admin as you instructed. Here is the log for Rkill:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/11/2012 at 12:30:33.
Operating System: Windows Vista ™ Home Premium
Processes terminated by Rkill or while it was running:
Rkill completed on 04/11/2012 at 12:31:46.

Next I downloaded & ran the TDSSKiller..here is that report, it did NOT ask me for a reboot:

12:38:00.0951 0500 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
12:38:01.0388 0500 ============================================================
12:38:01.0388 0500 Current date / time: 2012/04/11 12:38:01.0388
12:38:01.0388 0500 SystemInfo:
12:38:01.0388 0500
12:38:01.0388 0500 OS Version: 6.0.6002 ServicePack: 2.0
12:38:01.0388 0500 Product type: Workstation
12:38:01.0388 0500 ComputerName: LISA-PC
12:38:01.0388 0500 UserName: Lisa
12:38:01.0388 0500 Windows directory: C:\Windows
12:38:01.0388 0500 System windows directory: C:\Windows
12:38:01.0388 0500 Processor architecture: Intel x86
12:38:01.0388 0500 Number of processors: 2
12:38:01.0388 0500 Page size: 0x1000
12:38:01.0388 0500 Boot type: Safe boot with network
12:38:01.0388 0500 ============================================================
12:38:02.0589 0500 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:38:02.0591 0500 \Device\Harddisk0\DR0:
12:38:02.0591 0500 MBR used
12:38:02.0591 0500 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x43000, BlocksNum 0x1E00000
12:38:02.0591 0500 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E43000, BlocksNum 0x235EB000
12:38:02.0651 0500 Initialize success
12:38:02.0651 0500 ============================================================
12:38:12.0303 1504 ============================================================
12:38:12.0303 1504 Scan started
12:38:12.0303 1504 Mode: Manual;
12:38:12.0303 1504 ============================================================
12:38:12.0836 1504 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:38:12.0840 1504 ACPI - ok
12:38:12.0925 1504 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:38:12.0927 1504 AdobeARMservice - ok
12:38:13.0036 1504 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:38:13.0044 1504 adp94xx - ok
12:38:13.0081 1504 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:38:13.0088 1504 adpahci - ok
12:38:13.0138 1504 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:38:13.0140 1504 adpu160m - ok
12:38:13.0157 1504 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:38:13.0161 1504 adpu320 - ok
12:38:13.0247 1504 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
12:38:13.0261 1504 AeLookupSvc - ok
12:38:13.0367 1504 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
12:38:13.0372 1504 AESTFilters - ok
12:38:13.0514 1504 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:38:13.0519 1504 AFD - ok
12:38:13.0590 1504 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
12:38:13.0592 1504 AFS - ok
12:38:13.0644 1504 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:38:13.0646 1504 agp440 - ok
12:38:13.0764 1504 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:38:13.0766 1504 aic78xx - ok
12:38:13.0797 1504 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
12:38:13.0800 1504 ALG - ok
12:38:13.0846 1504 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:38:13.0847 1504 aliide - ok
12:38:14.0234 1504 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:38:14.0236 1504 amdagp - ok
12:38:14.0295 1504 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:38:14.0296 1504 amdide - ok
12:38:14.0366 1504 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:38:14.0368 1504 AmdK7 - ok
12:38:14.0389 1504 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:38:14.0390 1504 AmdK8 - ok
12:38:14.0475 1504 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
12:38:14.0476 1504 Appinfo - ok
12:38:14.0560 1504 Application Updater (efacaab066d923a10435cf87e8c4d280) C:\Program Files\Application Updater\ApplicationUpdater.exe
12:38:14.0572 1504 Application Updater - ok
12:38:14.0644 1504 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:38:14.0646 1504 arc - ok
12:38:14.0713 1504 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:38:14.0715 1504 arcsas - ok
12:38:14.0853 1504 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\Windows\system32\drivers\aswKbd.sys
12:38:14.0854 1504 aswKbd - ok
12:38:14.0885 1504 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:38:14.0886 1504 AsyncMac - ok
12:38:14.0926 1504 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:38:14.0927 1504 atapi - ok
12:38:14.0985 1504 Ati External Event Utility (09474a86689571309e577a3c141e66c0) C:\Windows\system32\Ati2evxx.exe
12:38:14.0996 1504 Ati External Event Utility - ok
12:38:15.0181 1504 atikmdag (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:15.0262 1504 atikmdag - ok
12:38:15.0419 1504 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:38:15.0425 1504 AudioEndpointBuilder - ok
12:38:15.0429 1504 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
12:38:15.0432 1504 Audiosrv - ok
12:38:15.0516 1504 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
12:38:15.0517 1504 BCM42RLY - ok
12:38:15.0601 1504 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:38:15.0609 1504 BCM43XX - ok
12:38:15.0754 1504 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:38:15.0755 1504 Beep - ok
12:38:15.0847 1504 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
12:38:15.0852 1504 BFE - ok
12:38:15.0971 1504 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
12:38:16.0015 1504 BITS - ok
12:38:16.0170 1504 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:38:16.0171 1504 blbdrive - ok
12:38:16.0219 1504 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:38:16.0221 1504 bowser - ok
12:38:16.0306 1504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:38:16.0307 1504 BrFiltLo - ok
12:38:16.0329 1504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:38:16.0331 1504 BrFiltUp - ok
12:38:16.0399 1504 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
12:38:16.0401 1504 Browser - ok
12:38:16.0468 1504 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:38:16.0470 1504 Brserid - ok
12:38:16.0505 1504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:38:16.0507 1504 BrSerWdm - ok
12:38:16.0530 1504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:38:16.0531 1504 BrUsbMdm - ok
12:38:16.0612 1504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:38:16.0613 1504 BrUsbSer - ok
12:38:16.0756 1504 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:38:16.0757 1504 BTHMODEM - ok
12:38:16.0858 1504 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:38:16.0860 1504 cdfs - ok
12:38:16.0945 1504 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:38:16.0947 1504 cdrom - ok
12:38:17.0004 1504 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:38:17.0006 1504 CertPropSvc - ok
12:38:17.0030 1504 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:38:17.0032 1504 circlass - ok
12:38:17.0077 1504 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:38:17.0081 1504 CLFS - ok
12:38:17.0134 1504 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:17.0138 1504 clr_optimization_v2.0.50727_32 - ok
12:38:17.0220 1504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:17.0227 1504 clr_optimization_v4.0.30319_32 - ok
12:38:17.0346 1504 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:38:17.0347 1504 CmBatt - ok
12:38:17.0434 1504 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:38:17.0435 1504 cmdide - ok
12:38:17.0548 1504 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:38:17.0549 1504 Compbatt - ok
12:38:17.0593 1504 COMSysApp - ok
12:38:17.0614 1504 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:38:17.0615 1504 crcdisk - ok
12:38:17.0640 1504 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:38:17.0641 1504 Crusoe - ok
12:38:17.0736 1504 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
12:38:17.0738 1504 CryptSvc - ok
12:38:17.0892 1504 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
12:38:17.0894 1504 CtAudDrv - ok
12:38:17.0954 1504 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:38:17.0957 1504 CtClsFlt - ok
12:38:18.0086 1504 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:38:18.0096 1504 DcomLaunch - ok
12:38:18.0237 1504 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:38:18.0239 1504 DfsC - ok
12:38:18.0386 1504 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
12:38:18.0430 1504 DFSR - ok
12:38:18.0545 1504 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
12:38:18.0549 1504 Dhcp - ok
12:38:18.0667 1504 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:38:18.0668 1504 disk - ok
12:38:18.0766 1504 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
12:38:18.0769 1504 Dnscache - ok
12:38:18.0863 1504 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
12:38:18.0867 1504 dot3svc - ok
12:38:19.0004 1504 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:38:19.0007 1504 Dot4 - ok
12:38:19.0152 1504 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:38:19.0153 1504 Dot4Print - ok
12:38:19.0287 1504 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:38:19.0288 1504 dot4usb - ok
12:38:19.0378 1504 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
12:38:19.0381 1504 DPS - ok
12:38:19.0524 1504 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
12:38:19.0525 1504 drmkaud - ok
12:38:19.0602 1504 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:38:19.0613 1504 DXGKrnl - ok
12:38:19.0746 1504 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
12:38:19.0750 1504 e1express - ok
12:38:19.0793 1504 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:38:19.0796 1504 E1G60 - ok
12:38:19.0863 1504 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
12:38:19.0864 1504 EapHost - ok
12:38:20.0043 1504 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:38:20.0046 1504 Ecache - ok
12:38:20.0110 1504 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
12:38:20.0116 1504 ehRecvr - ok
12:38:20.0127 1504 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
12:38:20.0129 1504 ehSched - ok
12:38:20.0147 1504 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
12:38:20.0148 1504 ehstart - ok
12:38:20.0284 1504 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:38:20.0290 1504 elxstor - ok
12:38:20.0386 1504 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
12:38:20.0396 1504 EMDMgmt - ok
12:38:20.0513 1504 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
12:38:20.0514 1504 ErrDev - ok
12:38:20.0574 1504 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
12:38:20.0579 1504 EventSystem - ok
12:38:20.0729 1504 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:38:20.0731 1504 exfat - ok
12:38:20.0856 1504 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:38:20.0859 1504 fastfat - ok
12:38:20.0979 1504 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:38:20.0980 1504 fdc - ok
12:38:21.0056 1504 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
12:38:21.0058 1504 fdPHost - ok
12:38:21.0066 1504 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
12:38:21.0068 1504 FDResPub - ok
12:38:21.0180 1504 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:38:21.0181 1504 FileInfo - ok
12:38:21.0265 1504 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:38:21.0266 1504 Filetrace - ok
12:38:21.0396 1504 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:38:21.0397 1504 flpydisk - ok
12:38:21.0493 1504 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:38:21.0496 1504 FltMgr - ok
12:38:21.0621 1504 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
12:38:21.0634 1504 FontCache - ok
12:38:21.0734 1504 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:38:21.0737 1504 FontCache3.0.0.0 - ok
12:38:21.0849 1504 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:38:21.0850 1504 Fs_Rec - ok
12:38:21.0992 1504 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
12:38:21.0994 1504 FTDIBUS - ok
12:38:22.0106 1504 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
12:38:22.0108 1504 FTSER2K - ok
12:38:22.0240 1504 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:38:22.0241 1504 gagp30kx - ok
12:38:22.0361 1504 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
12:38:22.0371 1504 gpsvc - ok
12:38:22.0507 1504 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
12:38:22.0511 1504 HdAudAddService - ok
12:38:22.0609 1504 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:38:22.0617 1504 HDAudBus - ok
12:38:22.0746 1504 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:38:22.0748 1504 HidBth - ok
12:38:22.0839 1504 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:38:22.0841 1504 HidIr - ok
12:38:22.0946 1504 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
12:38:22.0948 1504 hidserv - ok
12:38:23.0043 1504 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
12:38:23.0044 1504 HidUsb - ok
12:38:23.0141 1504 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
12:38:23.0144 1504 hkmsvc - ok
12:38:23.0251 1504 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:38:23.0252 1504 HpCISSs - ok
12:38:23.0447 1504 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:38:23.0452 1504 hpqcxs08 - ok
12:38:23.0473 1504 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
12:38:23.0476 1504 hpqddsvc - ok
12:38:23.0599 1504 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
12:38:23.0606 1504 HTTP - ok
12:38:23.0739 1504 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:38:23.0741 1504 i2omp - ok
12:38:23.0885 1504 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:38:23.0887 1504 i8042prt - ok
12:38:23.0984 1504 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:38:23.0989 1504 iaStorV - ok
12:38:24.0096 1504 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:38:24.0116 1504 idsvc - ok
12:38:24.0242 1504 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:38:24.0243 1504 iirsp - ok
12:38:24.0349 1504 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
12:38:24.0356 1504 IKEEXT - ok
12:38:24.0489 1504 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:38:24.0491 1504 intelide - ok
12:38:24.0590 1504 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:38:24.0591 1504 intelppm - ok
12:38:24.0646 1504 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
12:38:24.0648 1504 IPBusEnum - ok
12:38:24.0767 1504 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:38:24.0768 1504 IpFilterDriver - ok
12:38:24.0877 1504 iphlpsvc (a989bdb1a8cd914c7e49af297d95bdb4) C:\Windows\System32\iphlpsvc.dll
12:38:24.0881 1504 iphlpsvc - ok
12:38:24.0955 1504 IpInIp - ok
12:38:25.0092 1504 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:38:25.0094 1504 IPMIDRV - ok
12:38:25.0241 1504 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:38:25.0243 1504 IPNAT - ok
12:38:25.0374 1504 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:38:25.0376 1504 IRENUM - ok
12:38:25.0475 1504 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:38:25.0477 1504 isapnp - ok
12:38:25.0628 1504 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:38:25.0629 1504 iScsiPrt - ok
12:38:25.0762 1504 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:38:25.0763 1504 iteatapi - ok
12:38:25.0861 1504 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:38:25.0862 1504 iteraid - ok
12:38:25.0986 1504 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
12:38:25.0989 1504 k57nd60x - ok
12:38:26.0096 1504 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:38:26.0097 1504 kbdclass - ok
12:38:26.0190 1504 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
12:38:26.0192 1504 kbdhid - ok
12:38:26.0287 1504 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:38:26.0289 1504 KeyIso - ok
12:38:26.0419 1504 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:38:26.0426 1504 KSecDD - ok
12:38:26.0533 1504 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
12:38:26.0540 1504 KtmRm - ok
12:38:26.0650 1504 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
12:38:26.0665 1504 LanmanServer - ok
12:38:26.0816 1504 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
12:38:26.0821 1504 LanmanWorkstation - ok
12:38:26.0960 1504 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:38:26.0961 1504 lltdio - ok
12:38:27.0036 1504 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
12:38:27.0040 1504 lltdsvc - ok
12:38:27.0091 1504 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
12:38:27.0093 1504 lmhosts - ok
12:38:27.0215 1504 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:38:27.0218 1504 LSI_FC - ok
12:38:27.0315 1504 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:38:27.0318 1504 LSI_SAS - ok
12:38:27.0452 1504 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:38:27.0454 1504 LSI_SCSI - ok
12:38:27.0592 1504 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:38:27.0594 1504 luafv - ok
12:38:27.0696 1504 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
12:38:27.0699 1504 Mcx2Svc - ok
12:38:27.0841 1504 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:38:27.0842 1504 megasas - ok
12:38:27.0957 1504 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:38:27.0963 1504 MegaSR - ok
12:38:28.0066 1504 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:38:28.0068 1504 MMCSS - ok
12:38:28.0208 1504 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:38:28.0209 1504 Modem - ok
12:38:28.0356 1504 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:38:28.0358 1504 monitor - ok
12:38:28.0459 1504 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:38:28.0460 1504 mouclass - ok
12:38:28.0594 1504 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:38:28.0595 1504 mouhid - ok
12:38:28.0738 1504 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:38:28.0739 1504 MountMgr - ok
12:38:28.0907 1504 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:38:28.0909 1504 mpio - ok
12:38:29.0055 1504 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:38:29.0057 1504 mpsdrv - ok
12:38:29.0152 1504 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
12:38:29.0160 1504 MpsSvc - ok
12:38:29.0292 1504 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:38:29.0294 1504 Mraid35x - ok
12:38:29.0394 1504 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:38:29.0396 1504 MRxDAV - ok
12:38:29.0528 1504 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:38:29.0531 1504 mrxsmb - ok
12:38:29.0641 1504 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:38:29.0645 1504 mrxsmb10 - ok
12:38:29.0774 1504 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:38:29.0776 1504 mrxsmb20 - ok
12:38:29.0938 1504 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
12:38:29.0938 1504 msahci - ok
12:38:30.0034 1504 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:38:30.0036 1504 msdsm - ok
12:38:30.0127 1504 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
12:38:30.0130 1504 MSDTC - ok
12:38:30.0273 1504 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:38:30.0274 1504 Msfs - ok
12:38:30.0430 1504 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:38:30.0431 1504 msisadrv - ok
12:38:30.0532 1504 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
12:38:30.0536 1504 MSiSCSI - ok
12:38:30.0592 1504 msiserver - ok
12:38:30.0694 1504 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:38:30.0695 1504 MSKSSRV - ok
12:38:30.0835 1504 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:38:30.0836 1504 MSPCLOCK - ok
12:38:30.0989 1504 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:38:30.0990 1504 MSPQM - ok
12:38:31.0089 1504 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:38:31.0092 1504 MsRPC - ok
12:38:31.0244 1504 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:38:31.0245 1504 mssmbios - ok
12:38:31.0355 1504 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:38:31.0356 1504 MSTEE - ok
12:38:31.0489 1504 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:38:31.0490 1504 Mup - ok
12:38:31.0596 1504 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
12:38:31.0603 1504 napagent - ok
12:38:31.0739 1504 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:38:31.0742 1504 NativeWifiP - ok
12:38:31.0854 1504 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:38:31.0862 1504 NDIS - ok
12:38:32.0015 1504 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:38:32.0016 1504 NdisTapi - ok
12:38:32.0167 1504 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:38:32.0168 1504 Ndisuio - ok
12:38:32.0271 1504 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:38:32.0274 1504 NdisWan - ok
12:38:32.0422 1504 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:38:32.0423 1504 NDProxy - ok
12:38:32.0537 1504 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
12:38:32.0539 1504 Net Driver HPZ12 - ok
12:38:32.0668 1504 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:38:32.0670 1504 NetBIOS - ok
12:38:32.0804 1504 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:38:32.0807 1504 netbt - ok
12:38:32.0909 1504 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:38:32.0910 1504 Netlogon - ok
12:38:33.0015 1504 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
12:38:33.0020 1504 Netman - ok
12:38:33.0126 1504 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
12:38:33.0131 1504 netprofm - ok
12:38:33.0261 1504 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:38:33.0263 1504 NetTcpPortSharing - ok
12:38:33.0394 1504 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:38:33.0395 1504 nfrd960 - ok
12:38:33.0496 1504 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
12:38:33.0499 1504 NlaSvc - ok
12:38:33.0606 1504 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:38:33.0607 1504 Npfs - ok
12:38:33.0714 1504 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
12:38:33.0716 1504 nsi - ok
12:38:33.0836 1504 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:38:33.0837 1504 nsiproxy - ok
12:38:33.0936 1504 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:38:33.0961 1504 Ntfs - ok
12:38:34.0076 1504 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:38:34.0077 1504 ntrigdigi - ok
12:38:34.0131 1504 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:38:34.0132 1504 Null - ok
12:38:34.0191 1504 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:38:34.0194 1504 nvraid - ok
12:38:34.0265 1504 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:38:34.0267 1504 nvstor - ok
12:38:34.0283 1504 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:38:34.0286 1504 nv_agp - ok
12:38:34.0343 1504 NwlnkFlt - ok
12:38:34.0366 1504 NwlnkFwd - ok
12:38:34.0426 1504 OA008Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA008Ufd.sys
12:38:34.0429 1504 OA008Ufd - ok
12:38:34.0513 1504 OA008Vid (417649baa9084e879b110e78aad929f9) C:\Windows\system32\DRIVERS\OA008Vid.sys
12:38:34.0517 1504 OA008Vid - ok
12:38:34.0665 1504 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:38:34.0666 1504 ohci1394 - ok
12:38:34.0757 1504 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:34.0760 1504 ose - ok
12:38:34.0837 1504 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:38:34.0848 1504 p2pimsvc - ok
12:38:34.0871 1504 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:38:34.0876 1504 p2psvc - ok
12:38:35.0001 1504 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:38:35.0003 1504 Parport - ok
12:38:35.0067 1504 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:38:35.0068 1504 partmgr - ok
12:38:35.0190 1504 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:38:35.0191 1504 Parvdm - ok
12:38:35.0271 1504 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
12:38:35.0273 1504 PcaSvc - ok
12:38:35.0337 1504 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:38:35.0340 1504 pci - ok
12:38:35.0490 1504 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:38:35.0492 1504 pciide - ok
12:38:35.0559 1504 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:38:35.0563 1504 pcmcia - ok
12:38:35.0715 1504 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:38:35.0735 1504 PEAUTH - ok
12:38:35.0860 1504 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
12:38:35.0892 1504 pla - ok
12:38:36.0009 1504 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
12:38:36.0014 1504 PlugPlay - ok
12:38:36.0108 1504 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
12:38:36.0110 1504 Pml Driver HPZ12 - ok
12:38:36.0171 1504 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:38:36.0176 1504 PNRPAutoReg - ok
12:38:36.0192 1504 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
12:38:36.0197 1504 PNRPsvc - ok
12:38:36.0315 1504 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
12:38:36.0322 1504 PolicyAgent - ok
12:38:36.0407 1504 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:38:36.0409 1504 PptpMiniport - ok
12:38:36.0492 1504 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
12:38:36.0493 1504 Processor - ok
12:38:36.0591 1504 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
12:38:36.0594 1504 ProfSvc - ok
12:38:36.0653 1504 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:38:36.0654 1504 ProtectedStorage - ok
12:38:36.0741 1504 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:38:36.0743 1504 PSched - ok
12:38:36.0805 1504 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:38:36.0827 1504 ql2300 - ok
12:38:36.0925 1504 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:38:36.0928 1504 ql40xx - ok
12:38:36.0986 1504 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
12:38:36.0992 1504 QWAVE - ok
12:38:37.0066 1504 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:38:37.0067 1504 QWAVEdrv - ok
12:38:37.0190 1504 R300 (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
12:38:37.0213 1504 R300 - ok
12:38:37.0269 1504 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:38:37.0270 1504 RasAcd - ok
12:38:37.0300 1504 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
12:38:37.0303 1504 RasAuto - ok
12:38:37.0340 1504 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:38:37.0342 1504 Rasl2tp - ok
12:38:37.0378 1504 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
12:38:37.0384 1504 RasMan - ok
12:38:37.0423 1504 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:38:37.0424 1504 RasPppoe - ok
12:38:37.0474 1504 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:38:37.0476 1504 RasSstp - ok
12:38:37.0540 1504 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:38:37.0544 1504 rdbss - ok
12:38:37.0572 1504 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:38:37.0573 1504 RDPCDD - ok
12:38:37.0593 1504 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:38:37.0597 1504 rdpdr - ok
12:38:37.0620 1504 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:38:37.0621 1504 RDPENCDD - ok
12:38:37.0729 1504 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
12:38:37.0733 1504 RDPWD - ok
12:38:37.0818 1504 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
12:38:37.0821 1504 RemoteAccess - ok
12:38:37.0907 1504 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
12:38:37.0910 1504 RemoteRegistry - ok
12:38:38.0033 1504 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
12:38:38.0034 1504 rimmptsk - ok
12:38:38.0147 1504 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
12:38:38.0148 1504 rimsptsk - ok
12:38:38.0220 1504 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:38:38.0222 1504 rismxdp - ok
12:38:38.0331 1504 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
12:38:38.0333 1504 RpcLocator - ok
12:38:38.0429 1504 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
12:38:38.0434 1504 RpcSs - ok
12:38:38.0569 1504 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:38:38.0571 1504 rspndr - ok
12:38:38.0642 1504 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
12:38:38.0643 1504 SamSs - ok
12:38:38.0789 1504 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:38:38.0791 1504 sbp2port - ok
12:38:38.0885 1504 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
12:38:38.0888 1504 SCardSvr - ok
12:38:39.0008 1504 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
12:38:39.0019 1504 Schedule - ok
12:38:39.0114 1504 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
12:38:39.0114 1504 SCPolicySvc - ok
12:38:39.0197 1504 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
12:38:39.0199 1504 sdbus - ok
12:38:39.0305 1504 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
12:38:39.0308 1504 SDRSVC - ok
12:38:39.0412 1504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:38:39.0414 1504 secdrv - ok
12:38:39.0486 1504 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
12:38:39.0488 1504 seclogon - ok
12:38:39.0532 1504 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
12:38:39.0535 1504 SENS - ok
12:38:39.0653 1504 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
12:38:39.0654 1504 Serenum - ok
12:38:39.0772 1504 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:38:39.0774 1504 Serial - ok
12:38:39.0832 1504 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
12:38:39.0833 1504 sermouse - ok
12:38:39.0874 1504 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
12:38:39.0877 1504 SessionEnv - ok
12:38:39.0992 1504 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:38:39.0993 1504 sffdisk - ok
12:38:40.0080 1504 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:38:40.0082 1504 sffp_mmc - ok
12:38:40.0189 1504 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:38:40.0191 1504 sffp_sd - ok
12:38:40.0258 1504 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:38:40.0259 1504 sfloppy - ok
12:38:40.0357 1504 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
12:38:40.0362 1504 SharedAccess - ok
12:38:40.0420 1504 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
12:38:40.0425 1504 ShellHWDetection - ok
12:38:40.0543 1504 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:38:40.0545 1504 sisagp - ok
12:38:40.0627 1504 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:38:40.0628 1504 SiSRaid2 - ok
12:38:40.0734 1504 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:38:40.0736 1504 SiSRaid4 - ok
12:38:40.0857 1504 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
12:38:40.0934 1504 slsvc - ok
12:38:41.0024 1504 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
12:38:41.0026 1504 SLUINotify - ok
12:38:41.0083 1504 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
12:38:41.0085 1504 Smb - ok
12:38:41.0125 1504 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
12:38:41.0127 1504 SNMPTRAP - ok
12:38:41.0175 1504 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:38:41.0177 1504 spldr - ok
12:38:41.0205 1504 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
12:38:41.0209 1504 Spooler - ok
12:38:41.0247 1504 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:38:41.0253 1504 srv - ok
12:38:41.0322 1504 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:38:41.0326 1504 srv2 - ok
12:38:41.0418 1504 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:38:41.0420 1504 srvnet - ok
12:38:41.0501 1504 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
12:38:41.0505 1504 SSDPSRV - ok
12:38:41.0584 1504 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
12:38:41.0588 1504 SstpSvc - ok
12:38:41.0726 1504 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
12:38:41.0731 1504 STacSV - ok
12:38:41.0853 1504 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
12:38:41.0860 1504 STHDA - ok
12:38:41.0961 1504 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
12:38:41.0969 1504 stisvc - ok
12:38:42.0089 1504 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:38:42.0089 1504 swenum - ok
12:38:42.0165 1504 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
12:38:42.0171 1504 swprv - ok
12:38:42.0239 1504 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:38:42.0240 1504 Symc8xx - ok
12:38:42.0384 1504 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:38:42.0385 1504 Sym_hi - ok
12:38:42.0503 1504 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:38:42.0504 1504 Sym_u3 - ok
12:38:42.0631 1504 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys
12:38:42.0633 1504 SynTP - ok
12:38:42.0714 1504 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
12:38:42.0724 1504 SysMain - ok
12:38:42.0823 1504 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
12:38:42.0827 1504 TabletInputService - ok
12:38:42.0930 1504 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
12:38:42.0936 1504 TapiSrv - ok
12:38:43.0028 1504 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
12:38:43.0030 1504 TBS - ok
12:38:43.0175 1504 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:38:43.0190 1504 Tcpip - ok
12:38:43.0240 1504 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:38:43.0246 1504 Tcpip6 - ok
12:38:43.0282 1504 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:38:43.0284 1504 tcpipreg - ok
12:38:43.0322 1504 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:38:43.0323 1504 TDPIPE - ok
12:38:43.0342 1504 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:38:43.0343 1504 TDTCP - ok
12:38:43.0379 1504 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:38:43.0381 1504 tdx - ok
12:38:43.0480 1504 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:38:43.0481 1504 TermDD - ok
12:38:43.0570 1504 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
12:38:43.0579 1504 TermService - ok
12:38:43.0675 1504 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
12:38:43.0678 1504 Themes - ok
12:38:43.0764 1504 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
12:38:43.0766 1504 THREADORDER - ok
12:38:43.0828 1504 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
12:38:43.0831 1504 TrkWks - ok
12:38:43.0874 1504 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
12:38:43.0875 1504 TrustedInstaller - ok
12:38:43.0998 1504 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:38:43.0999 1504 tssecsrv - ok
12:38:44.0119 1504 tunmp (387e5f1a2e0a96faf43f11ea7a7a760e) C:\Windows\system32\DRIVERS\tunmp.sys
12:38:44.0120 1504 tunmp - ok
12:38:44.0278 1504 tunnel (4e2e4203534ebbe07bb8147a8d419143) C:\Windows\system32\DRIVERS\tunnel.sys
12:38:44.0280 1504 tunnel - ok
12:38:44.0379 1504 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:38:44.0381 1504 uagp35 - ok
12:38:44.0539 1504 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:38:44.0544 1504 udfs - ok
12:38:44.0619 1504 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
12:38:44.0622 1504 UI0Detect - ok
12:38:44.0699 1504 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:38:44.0700 1504 uliagpkx - ok
12:38:44.0835 1504 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:38:44.0840 1504 uliahci - ok
12:38:44.0927 1504 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:38:44.0929 1504 UlSata - ok
12:38:44.0999 1504 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:38:45.0002 1504 ulsata2 - ok
12:38:45.0056 1504 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:38:45.0057 1504 umbus - ok
12:38:45.0119 1504 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
12:38:45.0125 1504 upnphost - ok
12:38:45.0245 1504 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
12:38:45.0247 1504 usbaudio - ok
12:38:45.0339 1504 usbccgp (922b2ebd5118b9ab120410807131a921) C:\Windows\system32\DRIVERS\usbccgp.sys
12:38:45.0341 1504 usbccgp - ok
12:38:45.0468 1504 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:38:45.0470 1504 usbcir - ok
12:38:45.0576 1504 usbehci (3d045eaa73414be8f877f292a84abba2) C:\Windows\system32\DRIVERS\usbehci.sys
12:38:45.0578 1504 usbehci - ok
12:38:45.0680 1504 usbhub (1ae77a4c4e4f526ef9759c31a123f2b0) C:\Windows\system32\DRIVERS\usbhub.sys
12:38:45.0684 1504 usbhub - ok
12:38:45.0743 1504 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:38:45.0744 1504 usbohci - ok
12:38:45.0812 1504 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:38:45.0814 1504 usbprint - ok
12:38:45.0856 1504 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:38:45.0857 1504 usbscan - ok
12:38:45.0960 1504 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:38:45.0962 1504 USBSTOR - ok
12:38:46.0053 1504 usbuhci (f69c1aad04f28415f3fbe99fbe56030b) C:\Windows\system32\DRIVERS\usbuhci.sys
12:38:46.0054 1504 usbuhci - ok
12:38:46.0140 1504 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
12:38:46.0143 1504 UxSms - ok
12:38:46.0199 1504 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
12:38:46.0207 1504 vds - ok
12:38:46.0345 1504 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:38:46.0347 1504 vga - ok
12:38:46.0424 1504 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:38:46.0425 1504 VgaSave - ok
12:38:46.0451 1504 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:38:46.0453 1504 viaagp - ok
12:38:46.0560 1504 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:38:46.0562 1504 ViaC7 - ok
12:38:46.0635 1504 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:38:46.0637 1504 viaide - ok
12:38:46.0713 1504 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:38:46.0714 1504 volmgr - ok
12:38:46.0787 1504 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:38:46.0792 1504 volmgrx - ok
12:38:46.0905 1504 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:38:46.0909 1504 volsnap - ok
12:38:46.0955 1504 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:38:46.0957 1504 vsmraid - ok
12:38:47.0041 1504 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
12:38:47.0063 1504 VSS - ok
12:38:47.0094 1504 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
12:38:47.0101 1504 W32Time - ok
12:38:47.0153 1504 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:38:47.0154 1504 WacomPen - ok
12:38:47.0194 1504 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:38:47.0195 1504 Wanarp - ok
12:38:47.0198 1504 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:38:47.0198 1504 Wanarpv6 - ok
12:38:47.0241 1504 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
12:38:47.0249 1504 wcncsvc - ok
12:38:47.0304 1504 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
12:38:47.0307 1504 WcsPlugInService - ok
12:38:47.0365 1504 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:38:47.0366 1504 Wd - ok
12:38:47.0419 1504 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:38:47.0427 1504 Wdf01000 - ok
12:38:47.0465 1504 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:38:47.0468 1504 WdiServiceHost - ok
12:38:47.0471 1504 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
12:38:47.0473 1504 WdiSystemHost - ok
12:38:47.0502 1504 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
12:38:47.0507 1504 WebClient - ok
12:38:47.0576 1504 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
12:38:47.0581 1504 Wecsvc - ok
12:38:47.0617 1504 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
12:38:47.0620 1504 wercplsupport - ok
12:38:47.0700 1504 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
12:38:47.0704 1504 WerSvc - ok
12:38:47.0803 1504 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
12:38:47.0808 1504 WinDefend - ok
12:38:47.0810 1504 WinHttpAutoProxySvc - ok
12:38:47.0912 1504 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
12:38:47.0915 1504 Winmgmt - ok
12:38:47.0982 1504 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
12:38:48.0016 1504 WinRM - ok
12:38:48.0113 1504 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
12:38:48.0123 1504 Wlansvc - ok
12:38:48.0301 1504 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:38:48.0332 1504 wlidsvc - ok
12:38:48.0380 1504 wltrysvc - ok
12:38:48.0419 1504 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:38:48.0420 1504 WmiAcpi - ok
12:38:48.0546 1504 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
12:38:48.0548 1504 wmiApSrv - ok
12:38:48.0651 1504 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:38:48.0671 1504 WMPNetworkSvc - ok
12:38:48.0758 1504 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
12:38:48.0763 1504 WPCSvc - ok
12:38:48.0861 1504 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
12:38:48.0865 1504 WPDBusEnum - ok
12:38:49.0019 1504 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:38:49.0021 1504 WpdUsb - ok
12:38:49.0159 1504 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:38:49.0171 1504 WPFFontCache_v0400 - ok
12:38:49.0282 1504 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:38:49.0283 1504 ws2ifsl - ok
12:38:49.0388 1504 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
12:38:49.0391 1504 wscsvc - ok
12:38:49.0435 1504 WSearch - ok
12:38:49.0545 1504 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
12:38:49.0590 1504 wuauserv - ok
12:38:49.0724 1504 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:38:49.0726 1504 WUDFRd - ok
12:38:49.0832 1504 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
12:38:49.0835 1504 wudfsvc - ok
12:38:49.0932 1504 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:38:49.0942 1504 YahooAUService - ok
12:38:49.0952 1504 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:38:49.0989 1504 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
12:38:49.0989 1504 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
12:38:50.0020 1504 Boot (0x1200) (0cc1fd3e9cc80f9e466ac625e4a0b8cb) \Device\Harddisk0\DR0\Partition0
12:38:50.0022 1504 \Device\Harddisk0\DR0\Partition0 - ok
12:38:50.0033 1504 Boot (0x1200) (1646650b2caf1eefbde276793176c041) \Device\Harddisk0\DR0\Partition1
12:38:50.0034 1504 \Device\Harddisk0\DR0\Partition1 - ok
12:38:50.0035 1504 ============================================================
12:38:50.0035 1504 Scan finished
12:38:50.0035 1504 ============================================================
12:38:50.0036 1176 Detected object count: 1
12:38:50.0036 1176 Actual detected object count: 1
12:42:59.0503 1176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
12:42:59.0503 1176 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip

I could NOT get the SUPERAntiSpyware.exe to download & even tried the portable version & that would not work either. Each time I clicked on the download links it prompts me with a pop up that says "you have choosen to open SUPERAntiSpyware.exe which is a: Binary File from http://cdn.superantispyware.com Would you like to save this file? Then I click on "Save File" but nothing happens on either download?

#4 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 11 April 2012 - 12:15 PM

Everything above was being done in "safe mode". Thanks awaiting your further instructions :(

#5 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 11 April 2012 - 05:10 PM

Ok I have some updates for you. I was able to go out of "safe mode" to download the SUPERAntiSpyware.

I saved SUPERAntiSpyware to my desktop then restarted in "safe mode".

I reran the Rkill in "safe mode" that was installed in "Safe Mode" previously, attached is the new log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/11/2012 at 15:13:01.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 04/11/2012 at 15:14:15.


I then reran the TDSSKiller in "Safe Mode" that was downloaded in "Safe Mode" previously, attached is the new log:

15:14:53.0755 1928 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:14:54.0161 1928 ============================================================
15:14:54.0161 1928 Current date / time: 2012/04/11 15:14:54.0161
15:14:54.0161 1928 SystemInfo:
15:14:54.0161 1928
15:14:54.0161 1928 OS Version: 6.0.6002 ServicePack: 2.0
15:14:54.0161 1928 Product type: Workstation
15:14:54.0161 1928 ComputerName: LISA-PC
15:14:54.0161 1928 UserName: Lisa
15:14:54.0161 1928 Windows directory: C:\Windows
15:14:54.0161 1928 System windows directory: C:\Windows
15:14:54.0161 1928 Processor architecture: Intel x86
15:14:54.0161 1928 Number of processors: 2
15:14:54.0161 1928 Page size: 0x1000
15:14:54.0161 1928 Boot type: Safe boot with network
15:14:54.0161 1928 ============================================================
15:14:55.0456 1928 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:14:55.0456 1928 \Device\Harddisk0\DR0:
15:14:55.0456 1928 MBR used
15:14:55.0456 1928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x43000, BlocksNum 0x1E00000
15:14:55.0456 1928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E43000, BlocksNum 0x235EB000
15:14:55.0518 1928 Initialize success
15:14:55.0518 1928 ============================================================
15:14:59.0434 0488 ============================================================
15:14:59.0434 0488 Scan started
15:14:59.0434 0488 Mode: Manual;
15:14:59.0434 0488 ============================================================
15:15:00.0635 0488 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:15:00.0635 0488 ACPI - ok
15:15:00.0744 0488 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:15:00.0760 0488 AdobeARMservice - ok
15:15:00.0869 0488 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:15:00.0885 0488 adp94xx - ok
15:15:00.0916 0488 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:15:00.0916 0488 adpahci - ok
15:15:00.0947 0488 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:15:00.0947 0488 adpu160m - ok
15:15:00.0978 0488 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:15:00.0978 0488 adpu320 - ok
15:15:01.0025 0488 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:15:01.0041 0488 AeLookupSvc - ok
15:15:01.0165 0488 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
15:15:01.0181 0488 AESTFilters - ok
15:15:01.0306 0488 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:15:01.0306 0488 AFD - ok
15:15:01.0368 0488 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
15:15:01.0368 0488 AFS - ok
15:15:01.0431 0488 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:15:01.0431 0488 agp440 - ok
15:15:01.0540 0488 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:15:01.0540 0488 aic78xx - ok
15:15:01.0571 0488 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:15:01.0571 0488 ALG - ok
15:15:01.0618 0488 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:15:01.0618 0488 aliide - ok
15:15:01.0727 0488 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:15:01.0727 0488 amdagp - ok
15:15:01.0758 0488 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:15:01.0758 0488 amdide - ok
15:15:01.0883 0488 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:15:01.0883 0488 AmdK7 - ok
15:15:01.0899 0488 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:15:01.0899 0488 AmdK8 - ok
15:15:01.0992 0488 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:15:02.0008 0488 Appinfo - ok
15:15:02.0117 0488 Application Updater (efacaab066d923a10435cf87e8c4d280) C:\Program Files\Application Updater\ApplicationUpdater.exe
15:15:02.0133 0488 Application Updater - ok
15:15:02.0211 0488 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:15:02.0211 0488 arc - ok
15:15:02.0304 0488 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:15:02.0304 0488 arcsas - ok
15:15:02.0460 0488 aswKbd (d58ac76eb4d2b478b654ebd6550965bb) C:\Windows\system32\drivers\aswKbd.sys
15:15:02.0460 0488 aswKbd - ok
15:15:02.0491 0488 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:15:02.0507 0488 AsyncMac - ok
15:15:02.0538 0488 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:15:02.0538 0488 atapi - ok
15:15:02.0601 0488 Ati External Event Utility (09474a86689571309e577a3c141e66c0) C:\Windows\system32\Ati2evxx.exe
15:15:02.0616 0488 Ati External Event Utility - ok
15:15:02.0757 0488 atikmdag (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:02.0850 0488 atikmdag - ok
15:15:02.0975 0488 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:15:02.0975 0488 AudioEndpointBuilder - ok
15:15:02.0991 0488 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:15:02.0991 0488 Audiosrv - ok
15:15:03.0069 0488 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
15:15:03.0069 0488 BCM42RLY - ok
15:15:03.0162 0488 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
15:15:03.0162 0488 BCM43XX - ok
15:15:03.0318 0488 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:15:03.0318 0488 Beep - ok
15:15:03.0412 0488 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:15:03.0412 0488 BFE - ok
15:15:03.0537 0488 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:15:03.0599 0488 BITS - ok
15:15:03.0708 0488 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:15:03.0708 0488 blbdrive - ok
15:15:03.0739 0488 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:15:03.0739 0488 bowser - ok
15:15:03.0864 0488 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:15:03.0864 0488 BrFiltLo - ok
15:15:03.0911 0488 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:15:03.0911 0488 BrFiltUp - ok
15:15:04.0005 0488 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:15:04.0005 0488 Browser - ok
15:15:04.0114 0488 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:15:04.0114 0488 Brserid - ok
15:15:04.0192 0488 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:15:04.0192 0488 BrSerWdm - ok
15:15:04.0207 0488 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:15:04.0207 0488 BrUsbMdm - ok
15:15:04.0254 0488 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:15:04.0254 0488 BrUsbSer - ok
15:15:04.0395 0488 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:15:04.0395 0488 BTHMODEM - ok
15:15:04.0488 0488 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:15:04.0488 0488 cdfs - ok
15:15:04.0551 0488 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:15:04.0551 0488 cdrom - ok
15:15:04.0675 0488 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:15:04.0675 0488 CertPropSvc - ok
15:15:04.0769 0488 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:15:04.0769 0488 circlass - ok
15:15:04.0863 0488 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:15:04.0863 0488 CLFS - ok
15:15:04.0956 0488 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:15:04.0956 0488 clr_optimization_v2.0.50727_32 - ok
15:15:05.0081 0488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:15:05.0081 0488 clr_optimization_v4.0.30319_32 - ok
15:15:05.0221 0488 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:15:05.0221 0488 CmBatt - ok
15:15:05.0299 0488 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:15:05.0299 0488 cmdide - ok
15:15:05.0424 0488 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:15:05.0424 0488 Compbatt - ok
15:15:05.0471 0488 COMSysApp - ok
15:15:05.0611 0488 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:15:05.0611 0488 crcdisk - ok
15:15:05.0736 0488 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:15:05.0736 0488 Crusoe - ok
15:15:05.0845 0488 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:15:05.0845 0488 CryptSvc - ok
15:15:06.0001 0488 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
15:15:06.0001 0488 CtAudDrv - ok
15:15:06.0079 0488 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:15:06.0079 0488 CtClsFlt - ok
15:15:06.0220 0488 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:15:06.0235 0488 DcomLaunch - ok
15:15:06.0391 0488 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:15:06.0391 0488 DfsC - ok
15:15:06.0532 0488 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:15:06.0579 0488 DFSR - ok
15:15:06.0703 0488 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:15:06.0703 0488 Dhcp - ok
15:15:06.0828 0488 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:15:06.0828 0488 disk - ok
15:15:06.0922 0488 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:15:06.0922 0488 Dnscache - ok
15:15:07.0015 0488 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:15:07.0031 0488 dot3svc - ok
15:15:07.0156 0488 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
15:15:07.0171 0488 Dot4 - ok
15:15:07.0312 0488 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:15:07.0312 0488 Dot4Print - ok
15:15:07.0452 0488 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
15:15:07.0452 0488 dot4usb - ok
15:15:07.0577 0488 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:15:07.0577 0488 DPS - ok
15:15:07.0702 0488 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
15:15:07.0702 0488 drmkaud - ok
15:15:07.0795 0488 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:15:07.0811 0488 DXGKrnl - ok
15:15:07.0967 0488 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
15:15:07.0983 0488 e1express - ok
15:15:08.0029 0488 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:15:08.0029 0488 E1G60 - ok
15:15:08.0107 0488 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:15:08.0107 0488 EapHost - ok
15:15:08.0295 0488 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:15:08.0295 0488 Ecache - ok
15:15:08.0357 0488 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:15:08.0357 0488 ehRecvr - ok
15:15:08.0388 0488 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:15:08.0388 0488 ehSched - ok
15:15:08.0404 0488 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:15:08.0404 0488 ehstart - ok
15:15:08.0544 0488 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:15:08.0544 0488 elxstor - ok
15:15:08.0638 0488 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:15:08.0653 0488 EMDMgmt - ok
15:15:08.0778 0488 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
15:15:08.0778 0488 ErrDev - ok
15:15:08.0887 0488 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:15:08.0887 0488 EventSystem - ok
15:15:09.0028 0488 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:15:09.0028 0488 exfat - ok
15:15:09.0153 0488 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:15:09.0168 0488 fastfat - ok
15:15:09.0277 0488 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:15:09.0277 0488 fdc - ok
15:15:09.0371 0488 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:15:09.0371 0488 fdPHost - ok
15:15:09.0387 0488 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:15:09.0387 0488 FDResPub - ok
15:15:09.0511 0488 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:15:09.0511 0488 FileInfo - ok
15:15:09.0605 0488 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:15:09.0605 0488 Filetrace - ok
15:15:09.0730 0488 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:15:09.0730 0488 flpydisk - ok
15:15:09.0855 0488 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:15:09.0855 0488 FltMgr - ok
15:15:09.0979 0488 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:15:09.0995 0488 FontCache - ok
15:15:10.0120 0488 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:15:10.0120 0488 FontCache3.0.0.0 - ok
15:15:10.0245 0488 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:15:10.0245 0488 Fs_Rec - ok
15:15:10.0401 0488 FTDIBUS (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
15:15:10.0401 0488 FTDIBUS - ok
15:15:10.0510 0488 FTSER2K (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
15:15:10.0510 0488 FTSER2K - ok
15:15:10.0650 0488 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:15:10.0650 0488 gagp30kx - ok
15:15:10.0775 0488 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:15:10.0791 0488 gpsvc - ok
15:15:10.0915 0488 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:15:10.0931 0488 HdAudAddService - ok
15:15:11.0025 0488 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:15:11.0025 0488 HDAudBus - ok
15:15:11.0165 0488 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:15:11.0165 0488 HidBth - ok
15:15:11.0259 0488 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:15:11.0259 0488 HidIr - ok
15:15:11.0368 0488 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:15:11.0368 0488 hidserv - ok
15:15:11.0461 0488 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
15:15:11.0477 0488 HidUsb - ok
15:15:11.0571 0488 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:15:11.0586 0488 hkmsvc - ok
15:15:11.0680 0488 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:15:11.0695 0488 HpCISSs - ok
15:15:11.0898 0488 hpqcxs08 (682358f730b84b63e09c6b4edc1de7ae) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:15:11.0914 0488 hpqcxs08 - ok
15:15:11.0945 0488 hpqddsvc (2e7bee4aa776cf1c37836b26d1d29403) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:15:11.0945 0488 hpqddsvc - ok
15:15:12.0070 0488 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:15:12.0070 0488 HTTP - ok
15:15:12.0210 0488 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:15:12.0210 0488 i2omp - ok
15:15:12.0366 0488 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:15:12.0366 0488 i8042prt - ok
15:15:12.0460 0488 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:15:12.0475 0488 iaStorV - ok
15:15:12.0569 0488 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:15:12.0600 0488 idsvc - ok
15:15:12.0709 0488 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:15:12.0709 0488 iirsp - ok
15:15:12.0803 0488 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:15:12.0803 0488 IKEEXT - ok
15:15:12.0943 0488 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:15:12.0943 0488 intelide - ok
15:15:13.0053 0488 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:15:13.0053 0488 intelppm - ok
15:15:13.0115 0488 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:15:13.0115 0488 IPBusEnum - ok
15:15:13.0240 0488 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:15:13.0240 0488 IpFilterDriver - ok
15:15:13.0365 0488 iphlpsvc (a989bdb1a8cd914c7e49af297d95bdb4) C:\Windows\System32\iphlpsvc.dll
15:15:13.0365 0488 iphlpsvc - ok
15:15:13.0443 0488 IpInIp - ok
15:15:13.0567 0488 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:15:13.0567 0488 IPMIDRV - ok
15:15:13.0692 0488 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:15:13.0708 0488 IPNAT - ok
15:15:13.0848 0488 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:15:13.0848 0488 IRENUM - ok
15:15:13.0989 0488 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:15:13.0989 0488 isapnp - ok
15:15:14.0145 0488 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:15:14.0145 0488 iScsiPrt - ok
15:15:14.0269 0488 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:15:14.0285 0488 iteatapi - ok
15:15:14.0425 0488 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:15:14.0425 0488 iteraid - ok
15:15:14.0519 0488 k57nd60x (e1d7dcbb8811f8be7784046d4dd3a837) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:15:14.0519 0488 k57nd60x - ok
15:15:14.0628 0488 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:15:14.0628 0488 kbdclass - ok
15:15:14.0722 0488 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
15:15:14.0722 0488 kbdhid - ok
15:15:14.0831 0488 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:15:14.0831 0488 KeyIso - ok
15:15:14.0971 0488 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:15:14.0971 0488 KSecDD - ok
15:15:15.0081 0488 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:15:15.0081 0488 KtmRm - ok
15:15:15.0221 0488 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:15:15.0252 0488 LanmanServer - ok
15:15:15.0393 0488 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:15:15.0408 0488 LanmanWorkstation - ok
15:15:15.0564 0488 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:15:15.0564 0488 lltdio - ok
15:15:15.0673 0488 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:15:15.0673 0488 lltdsvc - ok
15:15:15.0751 0488 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:15:15.0751 0488 lmhosts - ok
15:15:15.0907 0488 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:15:15.0907 0488 LSI_FC - ok
15:15:16.0048 0488 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:15:16.0048 0488 LSI_SAS - ok
15:15:16.0204 0488 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:15:16.0219 0488 LSI_SCSI - ok
15:15:16.0344 0488 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:15:16.0360 0488 luafv - ok
15:15:16.0469 0488 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:15:16.0469 0488 Mcx2Svc - ok
15:15:16.0609 0488 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:15:16.0609 0488 megasas - ok
15:15:16.0765 0488 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:15:16.0765 0488 MegaSR - ok
15:15:16.0875 0488 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:15:16.0875 0488 MMCSS - ok
15:15:17.0015 0488 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:15:17.0015 0488 Modem - ok
15:15:17.0155 0488 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:15:17.0155 0488 monitor - ok
15:15:17.0296 0488 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:15:17.0296 0488 mouclass - ok
15:15:17.0436 0488 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:15:17.0436 0488 mouhid - ok
15:15:17.0592 0488 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:15:17.0592 0488 MountMgr - ok
15:15:17.0748 0488 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:15:17.0764 0488 mpio - ok
15:15:17.0920 0488 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:15:17.0920 0488 mpsdrv - ok
15:15:18.0029 0488 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:15:18.0029 0488 MpsSvc - ok
15:15:18.0169 0488 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:15:18.0169 0488 Mraid35x - ok
15:15:18.0310 0488 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:15:18.0310 0488 MRxDAV - ok
15:15:18.0450 0488 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:15:18.0450 0488 mrxsmb - ok
15:15:18.0591 0488 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:15:18.0591 0488 mrxsmb10 - ok
15:15:18.0715 0488 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:15:18.0731 0488 mrxsmb20 - ok
15:15:18.0887 0488 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:15:18.0887 0488 msahci - ok
15:15:18.0981 0488 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:15:18.0981 0488 msdsm - ok
15:15:19.0090 0488 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:15:19.0090 0488 MSDTC - ok
15:15:19.0230 0488 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:15:19.0230 0488 Msfs - ok
15:15:19.0386 0488 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:15:19.0386 0488 msisadrv - ok
15:15:19.0495 0488 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:15:19.0495 0488 MSiSCSI - ok
15:15:19.0558 0488 msiserver - ok
15:15:19.0667 0488 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:15:19.0667 0488 MSKSSRV - ok
15:15:19.0823 0488 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:15:19.0823 0488 MSPCLOCK - ok
15:15:19.0963 0488 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:15:19.0963 0488 MSPQM - ok
15:15:20.0088 0488 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:15:20.0088 0488 MsRPC - ok
15:15:20.0244 0488 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:15:20.0244 0488 mssmbios - ok
15:15:20.0385 0488 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:15:20.0400 0488 MSTEE - ok
15:15:20.0525 0488 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:15:20.0525 0488 Mup - ok
15:15:20.0634 0488 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:15:20.0634 0488 napagent - ok
15:15:20.0775 0488 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:15:20.0775 0488 NativeWifiP - ok
15:15:20.0931 0488 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:15:20.0946 0488 NDIS - ok
15:15:21.0102 0488 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:15:21.0102 0488 NdisTapi - ok
15:15:21.0243 0488 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:15:21.0243 0488 Ndisuio - ok
15:15:21.0367 0488 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:15:21.0367 0488 NdisWan - ok
15:15:21.0477 0488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:15:21.0477 0488 NDProxy - ok
15:15:21.0601 0488 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
15:15:21.0601 0488 Net Driver HPZ12 - ok
15:15:21.0742 0488 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:15:21.0742 0488 NetBIOS - ok
15:15:21.0867 0488 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:15:21.0882 0488 netbt - ok
15:15:21.0991 0488 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:15:21.0991 0488 Netlogon - ok
15:15:22.0101 0488 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:15:22.0101 0488 Netman - ok
15:15:22.0225 0488 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:15:22.0225 0488 netprofm - ok
15:15:22.0350 0488 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:15:22.0350 0488 NetTcpPortSharing - ok
15:15:22.0491 0488 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:15:22.0491 0488 nfrd960 - ok
15:15:22.0584 0488 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:15:22.0600 0488 NlaSvc - ok
15:15:22.0709 0488 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:15:22.0709 0488 Npfs - ok
15:15:22.0834 0488 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:15:22.0849 0488 nsi - ok
15:15:22.0959 0488 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:15:22.0959 0488 nsiproxy - ok
15:15:23.0083 0488 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:15:23.0099 0488 Ntfs - ok
15:15:23.0239 0488 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:15:23.0239 0488 ntrigdigi - ok
15:15:23.0286 0488 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:15:23.0286 0488 Null - ok
15:15:23.0349 0488 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:15:23.0349 0488 nvraid - ok
15:15:23.0427 0488 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:15:23.0427 0488 nvstor - ok
15:15:23.0473 0488 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:15:23.0473 0488 nv_agp - ok
15:15:23.0536 0488 NwlnkFlt - ok
15:15:23.0551 0488 NwlnkFwd - ok
15:15:23.0645 0488 OA008Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA008Ufd.sys
15:15:23.0645 0488 OA008Ufd - ok
15:15:23.0739 0488 OA008Vid (417649baa9084e879b110e78aad929f9) C:\Windows\system32\DRIVERS\OA008Vid.sys
15:15:23.0739 0488 OA008Vid - ok
15:15:23.0895 0488 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:15:23.0910 0488 ohci1394 - ok
15:15:23.0988 0488 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:15:24.0004 0488 ose - ok
15:15:24.0113 0488 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:15:24.0113 0488 p2pimsvc - ok
15:15:24.0160 0488 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:15:24.0160 0488 p2psvc - ok
15:15:24.0269 0488 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:15:24.0269 0488 Parport - ok
15:15:24.0331 0488 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:15:24.0331 0488 partmgr - ok
15:15:24.0456 0488 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:15:24.0456 0488 Parvdm - ok
15:15:24.0534 0488 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:15:24.0550 0488 PcaSvc - ok
15:15:24.0612 0488 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:15:24.0612 0488 pci - ok
15:15:24.0768 0488 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:15:24.0768 0488 pciide - ok
15:15:24.0846 0488 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:15:24.0846 0488 pcmcia - ok
15:15:25.0002 0488 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:15:25.0018 0488 PEAUTH - ok
15:15:25.0158 0488 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:15:25.0189 0488 pla - ok
15:15:25.0267 0488 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:15:25.0267 0488 PlugPlay - ok
15:15:25.0361 0488 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
15:15:25.0377 0488 Pml Driver HPZ12 - ok
15:15:25.0423 0488 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:15:25.0439 0488 PNRPAutoReg - ok
15:15:25.0455 0488 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:15:25.0455 0488 PNRPsvc - ok
15:15:25.0548 0488 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:15:25.0564 0488 PolicyAgent - ok
15:15:25.0657 0488 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:15:25.0657 0488 PptpMiniport - ok
15:15:25.0751 0488 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:15:25.0751 0488 Processor - ok
15:15:25.0845 0488 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:15:25.0860 0488 ProfSvc - ok
15:15:25.0923 0488 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:15:25.0923 0488 ProtectedStorage - ok
15:15:26.0016 0488 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:15:26.0032 0488 PSched - ok
15:15:26.0157 0488 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:15:26.0172 0488 ql2300 - ok
15:15:26.0281 0488 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:15:26.0281 0488 ql40xx - ok
15:15:26.0344 0488 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:15:26.0344 0488 QWAVE - ok
15:15:26.0453 0488 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:15:26.0453 0488 QWAVEdrv - ok
15:15:26.0609 0488 R300 (9e2d80fa460c42e07b67a2a743ba177c) C:\Windows\system32\DRIVERS\atikmdag.sys
15:15:26.0625 0488 R300 - ok
15:15:26.0734 0488 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:15:26.0734 0488 RasAcd - ok
15:15:26.0812 0488 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:15:26.0812 0488 RasAuto - ok
15:15:26.0905 0488 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:15:26.0905 0488 Rasl2tp - ok
15:15:26.0983 0488 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:15:26.0983 0488 RasMan - ok
15:15:27.0077 0488 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:15:27.0077 0488 RasPppoe - ok
15:15:27.0202 0488 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:15:27.0202 0488 RasSstp - ok
15:15:27.0311 0488 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:15:27.0311 0488 rdbss - ok
15:15:27.0436 0488 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:15:27.0436 0488 RDPCDD - ok
15:15:27.0561 0488 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:15:27.0561 0488 rdpdr - ok
15:15:27.0654 0488 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:15:27.0654 0488 RDPENCDD - ok
15:15:27.0795 0488 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:15:27.0810 0488 RDPWD - ok
15:15:27.0904 0488 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:15:27.0919 0488 RemoteAccess - ok
15:15:27.0997 0488 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:15:27.0997 0488 RemoteRegistry - ok
15:15:28.0122 0488 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
15:15:28.0138 0488 rimmptsk - ok
15:15:28.0263 0488 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
15:15:28.0263 0488 rimsptsk - ok
15:15:28.0309 0488 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
15:15:28.0309 0488 rismxdp - ok
15:15:28.0419 0488 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:15:28.0419 0488 RpcLocator - ok
15:15:28.0559 0488 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:15:28.0575 0488 RpcSs - ok
15:15:28.0699 0488 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:15:28.0715 0488 rspndr - ok
15:15:28.0793 0488 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:15:28.0793 0488 SamSs - ok
15:15:28.0949 0488 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:15:28.0949 0488 sbp2port - ok
15:15:29.0058 0488 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:15:29.0058 0488 SCardSvr - ok
15:15:29.0183 0488 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:15:29.0199 0488 Schedule - ok
15:15:29.0292 0488 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:15:29.0292 0488 SCPolicySvc - ok
15:15:29.0386 0488 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:15:29.0386 0488 sdbus - ok
15:15:29.0479 0488 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:15:29.0495 0488 SDRSVC - ok
15:15:29.0620 0488 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:15:29.0620 0488 secdrv - ok
15:15:29.0698 0488 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:15:29.0698 0488 seclogon - ok
15:15:29.0745 0488 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:15:29.0745 0488 SENS - ok
15:15:29.0869 0488 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:15:29.0869 0488 Serenum - ok
15:15:29.0994 0488 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:15:29.0994 0488 Serial - ok
15:15:30.0057 0488 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
15:15:30.0057 0488 sermouse - ok
15:15:30.0103 0488 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:15:30.0119 0488 SessionEnv - ok
15:15:30.0213 0488 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:15:30.0213 0488 sffdisk - ok
15:15:30.0306 0488 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:15:30.0306 0488 sffp_mmc - ok
15:15:30.0415 0488 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:15:30.0415 0488 sffp_sd - ok
15:15:30.0478 0488 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:15:30.0478 0488 sfloppy - ok
15:15:30.0571 0488 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:15:30.0571 0488 SharedAccess - ok
15:15:30.0649 0488 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:15:30.0649 0488 ShellHWDetection - ok
15:15:30.0774 0488 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:15:30.0790 0488 sisagp - ok
15:15:30.0868 0488 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:15:30.0868 0488 SiSRaid2 - ok
15:15:30.0993 0488 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:15:30.0993 0488 SiSRaid4 - ok
15:15:31.0133 0488 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:15:31.0227 0488 slsvc - ok
15:15:31.0320 0488 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:15:31.0320 0488 SLUINotify - ok
15:15:31.0383 0488 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:15:31.0383 0488 Smb - ok
15:15:31.0445 0488 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:15:31.0445 0488 SNMPTRAP - ok
15:15:31.0507 0488 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:15:31.0507 0488 spldr - ok
15:15:31.0539 0488 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:15:31.0539 0488 Spooler - ok
15:15:31.0601 0488 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:15:31.0601 0488 srv - ok
15:15:31.0679 0488 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:15:31.0679 0488 srv2 - ok
15:15:31.0741 0488 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:31.0741 0488 srvnet - ok
15:15:31.0804 0488 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:15:31.0804 0488 SSDPSRV - ok
15:15:31.0866 0488 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:15:31.0866 0488 SstpSvc - ok
15:15:31.0929 0488 STacSV (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
15:15:31.0929 0488 STacSV - ok
15:15:32.0038 0488 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
15:15:32.0038 0488 STHDA - ok
15:15:32.0147 0488 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:15:32.0147 0488 stisvc - ok
15:15:32.0287 0488 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:15:32.0287 0488 swenum - ok
15:15:32.0381 0488 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:15:32.0381 0488 swprv - ok
15:15:32.0521 0488 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:15:32.0521 0488 Symc8xx - ok
15:15:32.0646 0488 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:15:32.0646 0488 Sym_hi - ok
15:15:32.0755 0488 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:15:32.0771 0488 Sym_u3 - ok
15:15:32.0896 0488 SynTP (fb86fdd993a6a0122a2f526221e5161f) C:\Windows\system32\DRIVERS\SynTP.sys
15:15:32.0896 0488 SynTP - ok
15:15:32.0989 0488 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:15:33.0005 0488 SysMain - ok
15:15:33.0099 0488 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:15:33.0099 0488 TabletInputService - ok
15:15:33.0208 0488 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:15:33.0223 0488 TapiSrv - ok
15:15:33.0348 0488 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:15:33.0348 0488 TBS - ok
15:15:33.0504 0488 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:15:33.0520 0488 Tcpip - ok
15:15:33.0567 0488 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:33.0567 0488 Tcpip6 - ok
15:15:33.0613 0488 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:15:33.0613 0488 tcpipreg - ok
15:15:33.0707 0488 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:15:33.0723 0488 TDPIPE - ok
15:15:33.0816 0488 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:15:33.0816 0488 TDTCP - ok
15:15:33.0925 0488 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:15:33.0925 0488 tdx - ok
15:15:34.0003 0488 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:15:34.0003 0488 TermDD - ok
15:15:34.0081 0488 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:15:34.0097 0488 TermService - ok
15:15:34.0222 0488 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:15:34.0222 0488 Themes - ok
15:15:34.0331 0488 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:15:34.0331 0488 THREADORDER - ok
15:15:34.0425 0488 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:15:34.0440 0488 TrkWks - ok
15:15:34.0503 0488 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:15:34.0503 0488 TrustedInstaller - ok
15:15:34.0596 0488 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:34.0596 0488 tssecsrv - ok
15:15:34.0705 0488 tunmp (387e5f1a2e0a96faf43f11ea7a7a760e) C:\Windows\system32\DRIVERS\tunmp.sys
15:15:34.0705 0488 tunmp - ok
15:15:34.0737 0488 tunnel (4e2e4203534ebbe07bb8147a8d419143) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:34.0737 0488 tunnel - ok
15:15:34.0783 0488 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:15:34.0783 0488 uagp35 - ok
15:15:34.0924 0488 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:15:34.0924 0488 udfs - ok
15:15:35.0017 0488 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:15:35.0017 0488 UI0Detect - ok
15:15:35.0095 0488 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:15:35.0095 0488 uliagpkx - ok
15:15:35.0267 0488 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:15:35.0267 0488 uliahci - ok
15:15:35.0376 0488 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:15:35.0376 0488 UlSata - ok
15:15:35.0501 0488 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:15:35.0501 0488 ulsata2 - ok
15:15:35.0610 0488 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:15:35.0610 0488 umbus - ok
15:15:35.0704 0488 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:15:35.0704 0488 upnphost - ok
15:15:35.0829 0488 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:15:35.0829 0488 usbaudio - ok
15:15:35.0938 0488 usbccgp (922b2ebd5118b9ab120410807131a921) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:35.0938 0488 usbccgp - ok
15:15:36.0031 0488 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:15:36.0047 0488 usbcir - ok
15:15:36.0125 0488 usbehci (3d045eaa73414be8f877f292a84abba2) C:\Windows\system32\DRIVERS\usbehci.sys
15:15:36.0125 0488 usbehci - ok
15:15:36.0219 0488 usbhub (1ae77a4c4e4f526ef9759c31a123f2b0) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:36.0219 0488 usbhub - ok
15:15:36.0359 0488 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:15:36.0359 0488 usbohci - ok
15:15:36.0468 0488 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:36.0468 0488 usbprint - ok
15:15:36.0577 0488 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:15:36.0577 0488 usbscan - ok
15:15:36.0671 0488 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:36.0671 0488 USBSTOR - ok
15:15:36.0796 0488 usbuhci (f69c1aad04f28415f3fbe99fbe56030b) C:\Windows\system32\DRIVERS\usbuhci.sys
15:15:36.0796 0488 usbuhci - ok
15:15:36.0874 0488 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:15:36.0874 0488 UxSms - ok
15:15:36.0983 0488 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:15:36.0983 0488 vds - ok
15:15:37.0155 0488 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:37.0155 0488 vga - ok
15:15:37.0233 0488 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:15:37.0233 0488 VgaSave - ok
15:15:37.0295 0488 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:15:37.0295 0488 viaagp - ok
15:15:37.0435 0488 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:15:37.0435 0488 ViaC7 - ok
15:15:37.0545 0488 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:15:37.0545 0488 viaide - ok
15:15:37.0701 0488 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:15:37.0701 0488 volmgr - ok
15:15:37.0810 0488 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:15:37.0825 0488 volmgrx - ok
15:15:37.0950 0488 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:15:37.0950 0488 volsnap - ok
15:15:38.0013 0488 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:15:38.0013 0488 vsmraid - ok
15:15:38.0075 0488 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:15:38.0106 0488 VSS - ok
15:15:38.0215 0488 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:15:38.0231 0488 W32Time - ok
15:15:38.0309 0488 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:15:38.0309 0488 WacomPen - ok
15:15:38.0356 0488 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:38.0356 0488 Wanarp - ok
15:15:38.0356 0488 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:38.0356 0488 Wanarpv6 - ok
15:15:38.0403 0488 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:15:38.0403 0488 wcncsvc - ok
15:15:38.0465 0488 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:15:38.0465 0488 WcsPlugInService - ok
15:15:38.0527 0488 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:15:38.0527 0488 Wd - ok
15:15:38.0574 0488 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:15:38.0590 0488 Wdf01000 - ok
15:15:38.0637 0488 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:15:38.0637 0488 WdiServiceHost - ok
15:15:38.0652 0488 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:15:38.0652 0488 WdiSystemHost - ok
15:15:38.0683 0488 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:15:38.0683 0488 WebClient - ok
15:15:38.0730 0488 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:15:38.0730 0488 Wecsvc - ok
15:15:38.0793 0488 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:15:38.0808 0488 wercplsupport - ok
15:15:38.0855 0488 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:15:38.0871 0488 WerSvc - ok
15:15:38.0949 0488 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:15:38.0964 0488 WinDefend - ok
15:15:38.0980 0488 WinHttpAutoProxySvc - ok
15:15:39.0089 0488 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:15:39.0089 0488 Winmgmt - ok
15:15:39.0167 0488 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:15:39.0198 0488 WinRM - ok
15:15:39.0323 0488 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:15:39.0323 0488 Wlansvc - ok
15:15:39.0510 0488 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:39.0541 0488 wlidsvc - ok
15:15:39.0588 0488 wltrysvc - ok
15:15:39.0651 0488 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:15:39.0651 0488 WmiAcpi - ok
15:15:39.0775 0488 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:39.0775 0488 wmiApSrv - ok
15:15:39.0885 0488 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:15:39.0900 0488 WMPNetworkSvc - ok
15:15:39.0978 0488 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:15:39.0978 0488 WPCSvc - ok
15:15:40.0087 0488 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:15:40.0087 0488 WPDBusEnum - ok
15:15:40.0243 0488 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:15:40.0243 0488 WpdUsb - ok
15:15:40.0399 0488 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:15:40.0415 0488 WPFFontCache_v0400 - ok
15:15:40.0524 0488 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:40.0524 0488 ws2ifsl - ok
15:15:40.0633 0488 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:15:40.0633 0488 wscsvc - ok
15:15:40.0696 0488 WSearch - ok
15:15:40.0774 0488 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:15:40.0821 0488 wuauserv - ok
15:15:40.0945 0488 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:40.0945 0488 WUDFRd - ok
15:15:41.0023 0488 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:15:41.0023 0488 wudfsvc - ok
15:15:41.0148 0488 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:15:41.0164 0488 YahooAUService - ok
15:15:41.0195 0488 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:15:41.0226 0488 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
15:15:41.0226 0488 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
15:15:41.0257 0488 Boot (0x1200) (0cc1fd3e9cc80f9e466ac625e4a0b8cb) \Device\Harddisk0\DR0\Partition0
15:15:41.0257 0488 \Device\Harddisk0\DR0\Partition0 - ok
15:15:41.0273 0488 Boot (0x1200) (1646650b2caf1eefbde276793176c041) \Device\Harddisk0\DR0\Partition1
15:15:41.0273 0488 \Device\Harddisk0\DR0\Partition1 - ok
15:15:41.0273 0488 ============================================================
15:15:41.0273 0488 Scan finished
15:15:41.0273 0488 ============================================================
15:15:41.0289 1832 Detected object count: 1
15:15:41.0289 1832 Actual detected object count: 1
15:15:53.0394 1832 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
15:15:53.0394 1832 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip

There was no reboot requested.

I then ran the SUPERAntiSpyware complete scan selecting the C Drive as directed finding 57 Threats. Here is that log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2012 at 04:44 PM

Application Version : 5.0.1146

Core Rules Database Version : 8442
Trace Rules Database Version: 6254

Scan type : Complete Scan
Total Scan Time : 01:12:51

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 33558
Registry threats detected : 0
File items scanned : 168418
File threats detected : 57

Adware.Tracking Cookie
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\J7O5QLI5.txt [ /media6degrees.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\KO1YU47E.txt [ /yieldmanager.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\A8WPSA5O.txt [ /www.burstnet.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Z03KRNOQ.txt [ /dc.tremormedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\LKNQHPIH.txt [ /network.realmedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\TXL22I1L.txt [ /click.expandsearchanswers.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\4PGXOISC.txt [ /collective-media.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\6ZKFG85I.txt [ /ad.yieldmanager.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\37OETS65.txt [ /burstnet.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\3F12QGRZ.txt [ /1sadx.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\OY5SSWEW.txt [ /ads.pubmatic.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\B0BM5SN5.txt [ /realmedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\JJEYUNXG.txt [ /lucidmedia.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\QBDA76KY.txt [ /invitemedia.com ]
C:\USERS\LISA\Cookies\KO1YU47E.txt [ Cookie:lisa@yieldmanager.net/ ]
C:\USERS\LISA\Cookies\LKNQHPIH.txt [ Cookie:lisa@network.realmedia.com/ ]
C:\USERS\LISA\Cookies\TXL22I1L.txt [ Cookie:lisa@click.expandsearchanswers.com/ads-clicktrack/click/ ]
C:\USERS\LISA\Cookies\4PGXOISC.txt [ Cookie:lisa@collective-media.net/ ]
C:\USERS\LISA\Cookies\37OETS65.txt [ Cookie:lisa@burstnet.com/ ]
C:\USERS\LISA\Cookies\3F12QGRZ.txt [ Cookie:lisa@1sadx.net/ ]
C:\USERS\LISA\Cookies\B0BM5SN5.txt [ Cookie:lisa@realmedia.com/ ]
C:\USERS\LISA\Cookies\JJEYUNXG.txt [ Cookie:lisa@lucidmedia.com/ ]
cdn.tremormedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXXU85VN ]
cdn2.baronsmedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXXU85VN ]
media.mtvnservices.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXXU85VN ]
objects.tremormedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXXU85VN ]
secure-us.imrworldwide.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RXXU85VN ]
.imrworldwide.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\LISA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\COOKIES.SQLITE ]

I then selected them to be removed, here is that log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/11/2012 at 03:27 PM

Application Version : 5.0.1146

Core Rules Database Version : 8442
Trace Rules Database Version: 6254

Scan type : Quick Scan
Total Scan Time : 00:00:07

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator

Memory items scanned : 6
Memory threats detected : 0
Registry items scanned : 23439
Registry threats detected : 0
File items scanned : 2917
File threats detected : 0

I exited "safe mode" & am currently running in regular mode.

I reinstalled Avast & am currently using that as my antivirus as well as turned Windows Defender & my Windows Firewall.

I can view my main screen with the icons present, however when I go to the start menu all is missing unless I select "All Programs", I can also see "Computer" as well.

I can view all of my documents, pictures, etc only if I click on the "computer icon" at the start menu & to the left of the screen that pulls up can go into my folder in order to do so since they are not being fonnd as they were before when clicking on the "start" menu.

When I do an internet search it is not longer redirecting me to others sites & am able to now click on the links that direct me to the websites I need for my search.

The previous AVI & DNS pop up issues I was having before are no longer popping up.

I'm hoping this works & seems all I need to do now is to get my start menu back.

Prior to getting this virus the FIRST time I had Avast, Iobit Malware Fighter, CC Cleaner & Advanced System Care installed on my laptop. I would run the CC Cleaner every evening after I was done on my laptop for the evening doing both the Cleaner as well as the Registry Cleaner. I would do the same with the Advanced System Care running a full scan & repair.

Prior to becoming REINFECTED with Smart HDD last evening I had also already installed the SUPERAntiSpyware as well.

I guess my next question would be HOW did I get this Smartt HDD Virus in the first place with all I have on my system to protect it?

I ask this because when I got reinfected with the Smart HDD again last evening I had a pop up asking if I would allow a program that I did NOT recongnise & I DID NOT allow it...the pop up kept coming up continiuosly asking me to allow & I never did, the next thing you know I got those dreaded pop up a bazillion times from Smart HDD. This time it showed up as an icon on my desktop.

I simply deleted the icons, I hope that was correct.

I also had gone to another site which told me to activate the Smart HDD & gave me a code to do so stating that was a way to remove it. Again I HOPE that was correct & read that info prior to be able to find the info you had responded back to me as I was not notified that you had written back to my response.

I had to go in on this site & hunt for your comments.

I also read somewhere browsing this site something about not being able to get any further help if I did not respond back within 2 days & it has been longer since I was never notified & when I registered it said to allow 5 days for a response.

I hope you can help me get the rest of these things cleared up so my laptop will run normal again & also explain how I continue to keep getting infected with this virus.

I'm also wondering if I have TOO many antivirus.malware programs installed, possibly they are blocking one another from working.

I also wanted to know if I can download the Unhide.exe in order to fix my "start" issues of not showing any programs/files.

Again thanks so much I look forward to your response.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 11 April 2012 - 06:02 PM

You're welcome.. These 2 need to be Cured or deleted in TDSSKiller
15:15:41.0289 1832 Detected object count: 1
15:15:41.0289 1832 Actual detected object count: 1
15:15:53.0394 1832 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
15:15:53.0394 1832 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip


Do NOT run any Temp file or Registry cleaner tools now..

ARe you saying you cannot see some of your files so you unchecked "show hidden files/folders???
If so ..please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run.




Lets see what is on here//

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Edited by boopme, 11 April 2012 - 06:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 12 April 2012 - 10:39 PM

I have been getting Avast pop-ups saying it has blocked suspicious Malware today when everything was functioning normal accept for my items being hidden on my start menu (I had not viewed this info at that time). I ran the SUPERAntiSpyware & removed any infected files. I also ran RKill again & tried to run the TDSS but it would not run. All seemed to be working fine & then I started to get the Avast pop-up warning again. I also noticed I was being redirected in google searches which was fine yesterday. This time I went into safe mode ran RKill then tried to run TDSS again & it would not work. Tried to download it again & it would let me get the the extraction menu however nothing happened after that. I also tried to download it again it regular mode..still no luck.
I went ahead & downloaded the unhide program & ran that here is the log:
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/12/2012 11:17:02 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 196935 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 12048 files processed.

The C:\Users\Lisa\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/12/2012 11:25:11 PM
Execution time: 0 hours(s), 8 minute(s), and 8 seconds(s)

I did get all of my icons back in the start menu but now there are no programs showing on my task bar?

I also ran the minitoolbox & here are the results:
MiniToolBox by Farbar Version: 18-01-2012
Ran by Lisa (administrator) on 12-04-2012 at 23:27:19
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Lisa-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-24-2C-7A-68-1D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c9a:64b1:b021:da76%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.36(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 12, 2012 11:03:58 PM
Lease Expires . . . . . . . . . . : Friday, April 13, 2012 11:03:58 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335852
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-F0-01-7E-00-22-19-F0-9B-0C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-22-19-F0-9B-0C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{38918C3C-8277-4FDC-A479-216C35EB3E1B}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1432:1062:3f57:fedb(Preferred)
Link-local IPv6 Address . . . . . : fe80::1432:1062:3f57:fedb%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {4F473AC9-4B61-4508-8B38-7661D910DE9D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.100
72.14.204.101
72.14.204.113
72.14.204.138
72.14.204.102



Pinging google.com [72.14.204.102] with 32 bytes of data:

Reply from 72.14.204.102: bytes=32 time=66ms TTL=55

Reply from 72.14.204.102: bytes=32 time=67ms TTL=55



Ping statistics for 72.14.204.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 66ms, Maximum = 67ms, Average = 66ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=91ms TTL=56

Reply from 209.191.122.70: bytes=32 time=91ms TTL=56



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 91ms, Maximum = 91ms, Average = 91ms

Server: dslrouter.westell.com
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 24 2c 7a 68 1d ...... Dell Wireless 1397 WLAN Mini-Card
11 ...00 22 19 f0 9b 0c ...... Broadcom NetLink ™ Gigabit Ethernet
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.36 30
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.36 286
192.168.1.36 255.255.255.255 On-link 192.168.1.36 286
192.168.1.255 255.255.255.255 On-link 192.168.1.36 286
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.36 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.36 286
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:1432:1062:3f57:fedb/128
On-link
12 286 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::1432:1062:3f57:fedb/128
On-link
12 286 fe80::7c9a:64b1:b021:da76/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
12 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/12/2012 11:04:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:59:38 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/12/2012 10:50:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:50:17 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/12/2012 10:36:49 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (04/12/2012 10:36:49 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (04/12/2012 11:24:47 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/12/2012 11:12:06 PM) (Source: atapi) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (04/12/2012 11:04:54 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/12/2012 11:04:09 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/12/2012 11:03:58 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/12/2012 11:03:47 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume .

Error: (04/12/2012 10:50:54 PM) (Source: Service Control Manager) (User: )
Description: aswKbd
aswSnx
aswSP
aswTdi
SASDIFSV
SASKUTIL
spldr
Wanarpv6

Error: (04/12/2012 10:50:54 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (04/12/2012 10:50:22 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: SYSTEM)
Description: C:\Windows\System32\bcmihvsrv.dll21

Error: (04/12/2012 10:50:21 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (04/12/2012 11:04:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:59:38 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/12/2012 10:50:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2012 10:50:17 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\9

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\9

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\8

Error: (04/12/2012 10:36:50 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\8

Error: (04/12/2012 10:36:49 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\7

Error: (04/12/2012 10:36:49 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\USERS\LISA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\QQ4DC4HJ.DEFAULT\CACHE\7


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Accidental Damage Services Agreement (Version: 2.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.5)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
AIO_CDA_ProductContext (Version: 82.0.233.000)
AIO_CDA_Software (Version: 82.0.233.000)
AIO_Scan (Version: 82.0.173.000)
ATI Catalyst Control Center (Version: 2.008.1114.2148)
avast! Free Antivirus (Version: 7.0.1426.0)
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
Banctec Service Agreement (Version: 2.0.0)
BufferChm (Version: 82.0.173.000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Full Existing (Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Full New (Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Light (Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Previews Common (Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1114.2149.39131)
Catalyst Control Center InstallProxy (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Chinese Standard (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Danish (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Dutch (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Finnish (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization French (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization German (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Italian (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Japanese (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Korean (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Norwegian (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Portuguese (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Russian (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Spanish (Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Swedish (Version: 2008.1114.2149.39131)
ccc-core-static (Version: 2008.1114.2149.39131)
ccc-utility (Version: 2008.1114.2149.39131)
CCC Help Chinese Standard (Version: 2008.1114.2148.39131)
CCC Help Chinese Traditional (Version: 2008.1114.2148.39131)
CCC Help Danish (Version: 2008.1114.2148.39131)
CCC Help Dutch (Version: 2008.1114.2148.39131)
CCC Help English (Version: 2008.1114.2148.39131)
CCC Help Finnish (Version: 2008.1114.2148.39131)
CCC Help French (Version: 2008.1114.2148.39131)
CCC Help German (Version: 2008.1114.2148.39131)
CCC Help Italian (Version: 2008.1114.2148.39131)
CCC Help Japanese (Version: 2008.1114.2148.39131)
CCC Help Korean (Version: 2008.1114.2148.39131)
CCC Help Norwegian (Version: 2008.1114.2148.39131)
CCC Help Portuguese (Version: 2008.1114.2148.39131)
CCC Help Russian (Version: 2008.1114.2148.39131)
CCC Help Spanish (Version: 2008.1114.2148.39131)
CCC Help Swedish (Version: 2008.1114.2148.39131)
CCleaner (Version: 3.17)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Copy (Version: 82.0.188.000)
CustomerResearchQFolder (Version: 1.00.0000)
D3DX10 (Version: 15.4.2368.0902)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 12.0.1.0)
Dell Webcam Central (Version: 1.40.05)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DivX Setup (Version: 2.6.0.34)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 82.0.188.000)
FoxTab FLV Player
Google Chrome (Version: 18.0.1025.152)
Google Update Helper (Version: 1.3.21.111)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP Memories Disc (Version: 1.0.4.805)
HP OCR Software 8.0 (Version: 8.0)
HP Photo and Imaging 2.0 - All-in-One (Version: 1.10.0000)
HP Photo and Imaging 2.0 - All-in-One Drivers (Version: 1.10.0000)
HP Photosmart Essential (Version: 1.12.0.46)
HP Photosmart.All-In-One Driver Software 8.0 .A (Version: 8.0)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
Integrated Webcam Driver (1.04.01.0601) (Version: 1.04.01.0601)
Internet Transporter - NCP Link (Version: 3.2.1)
IObit Toolbar v5.4 (Version: 5.4)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
magicJack (Version: 2.0.6073.4252)
MarketResearch (Version: 82.0.174.000)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.0.61118.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MotoHelper MergeModules (Version: 1.2.0)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NCP Internet Transporter (Version: 3.2.2)
OLYMPUS CAMEDIA Master 4.2
QuickSet (Version: 9.2.13)
QuickTime
Scan (Version: 8.1.0.0)
Segoe UI (Version: 15.4.2271.0615)
Skins (Version: 2008.1114.2149.39131)
Skype Click to Call (Version: 5.9.9216)
SolutionCenter (Version: 82.0.188.000)
Status (Version: 82.0.173.000)
SUPERAntiSpyware (Version: 5.0.1146)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WebReg (Version: 82.0.173.000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3035.94 MB
Available physical RAM: 1913.31 MB
Total Pagefile: 6278.14 MB
Available Pagefile: 4881.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.8 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:282.96 GB) (Free:200.3 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.47 GB) NTFS

========================= Users: ========================================

User accounts for \\LISA-PC

Administrator Guest Lisa

========================= Minidump Files ==================================


**** End of log ****

I just don't understand why I continue to get reinfected with this virus?

I have the Avast on as well as the SUPERAntiSpyware & my Windows Defender enabled?

Thanks so much for your assistance.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 13 April 2012 - 03:57 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 April 2012 - 04:38 PM

Ran the FixTDSS. The report shows "***Infected MBR detected". I also just got a pop-up from my Avast saying "A suspicious hidden object (rootkit) has ben detected on your system. I did not click on "remove". This may be a sign of malware infection. It is recommended to remove object immediately. Rootkit Information MBR:\...\Pa (File Name) MBR:Alureo (Rootkit Name). It gave me a "actions to take" Delete Now (recommended) so I did delete it. Then ran the "boot-time scan" then restarted.

Ran the FixTDSS. The report shows "***Infected MBR detected". I also just got a pop-up from my Avast saying "A suspicious hidden object (rootkit) has ben detected on your system. I did not click on "remove". This may be a sign of malware infection. It is recommended to remove object immediately. Rootkit Information MBR:\...\Pa (File Name) MBR:Alureo (Rootkit Name). It gave me a "actions to take" Delete Now (recommended) so I did delete it. Then ran the "boot-time scan" then restarted.

Ran the FixTDSS. The report shows "***Infected MBR detected". I also just got a pop-up from my Avast saying "A suspicious hidden object (rootkit) has ben detected on your system. I did not click on "remove". This may be a sign of malware infection. It is recommended to remove object immediately. Rootkit Information MBR:\...\Pa (File Name) MBR:Alureo (Rootkit Name). It gave me a "actions to take" Delete Now (recommended) so I did delete it. Then ran the "boot-time scan" then restarted.

Ran the FixTDSS. The report shows "***Infected MBR detected". I also just got a pop-up from my Avast saying "A suspicious hidden object (rootkit) has ben detected on your system. I did not click on "remove". This may be a sign of malware infection. It is recommended to remove object immediately. Rootkit Information MBR:\...\Pa (File Name) MBR:Alureo (Rootkit Name). It gave me a "actions to take" Delete Now (recommended) so I did delete it. Then ran the "boot-time scan" then restarted.

#10 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 April 2012 - 05:06 PM

Ok so just ran the FixTDSS.exe file again since I did not see it scanning & got these messages:
"Backdoor.Tidserv has not been found on your computer" it then prompted me to click on "ok" so I did. This was after I got the message stating the scan had been completed. I had click on the Avast recommendations to delete the above MDR rootkit information yet it did not do anything prior to restarting in my message above. Now the Avast pop-up has showed again telling me the same thing. So I will be deleting it as Avast recommends as well as trying to run the boot time scan & restarting to see what happens. I will let you know when I sign back on what it is doing afterwards. I did all these action in regular mode not "safe mode" since you did no mention doing so. I also did not turn off the "system restore" since I'm running on Windows Vista not Windows XP.

#11 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 April 2012 - 05:15 PM

Avast will not run a boot-time scan as I thought it would do upon clicking on the option to do so. Not sure how to do this since was not done automatic as I thought it was stated it was going to do upon getting that pop-up. Not sure if I need to do this or not nor do I know how to do this with no prompts. I did check in their forum & saw that someone had run it & it deleted everything off their computer C drive. So am going to wait until I hear back from you telling me what to do next..this thing is so aggravating! Thanks for your help just want this thing finally gone for good!

#12 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 13 April 2012 - 05:17 PM

I will say it appears that I'm not being redirected to other sites when using my google search any longer :)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:48 PM

Posted 13 April 2012 - 07:52 PM

Sorry ,we had internet maintenance and had limited access for a while.

This looks good now.. If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 14 April 2012 - 01:10 AM

Ok so I created a new restore point following your directions as well as did the disk cleanup. Then I read your links on keeping my computer safe from new viruses. I proceeded to download the Kaspersky Web Scanner. When doing so shortly after I noticed that my windows firewall was no longer on by getting an alert so I went in & turned back on. My computer froze up several times & will now only work in safe mode??? I tried to uninstall the Kaspersky but of course it will not allow me to do so in safe mode..so now I'm unable to use anything in regular mode..only in safe mode...whats next? I can only think that maybe somehow installing this antivirus did something as before all was working just fine before & have no clue as to why all of the sudden my firewall was no longer on since it was prior to me installing this...now I can't do anything but in safe mode? I have no idea how to uninstall this since in regular mode my computer does absolutely nothing & all I get the the endless circle? Guess I got excited over nothing after weeks of trying to get this mess cleared up..now it's worse than ever :(

#15 flsunshinegirl44

flsunshinegirl44
  • Topic Starter

  • Members
  • 110 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 14 April 2012 - 01:12 AM

I also just noticed that "SMART HDD" is showing up in my programs....not sure if was there before or not. I know was on my desktop & just deleted the icon before but don't know if was in my programs before since did not check for that prior to just noticing it now ughhh :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users