Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
34 replies to this topic

#1 diintzke

diintzke

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 03 May 2012 - 07:18 AM

hey guys, im new to the forum i seen a few people on here are having the same problem as me.
heres what happened:
I had the zero access virus and a whole load of other viruses, i ran my AV to get rid of them now my pc wont boot.
i had a look around on the internet and it had a few registry fix's to do, but the keys wernt in my registry to edit :\
i ran FRST and have attached the log

please help me lol this is urgent!

Thanks,
Mat :)

Attached Files


Edited by diintzke, 03 May 2012 - 07:29 AM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 03 May 2012 - 08:22 AM

Hello diintzke,

Welcome to the forum.

Please copy and paste the logs instead of attaching it unless otherwise requested.

You have a dual boot system and FRST has scanned the Windows XP. Are you technical enough to remove the HD with Windows XP and run the FRST again or we should use another method to scan the system and recover it?

#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 03 May 2012 - 08:24 AM

Also please download the latest version of FRST as your version is outdated:

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

#4 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 06 May 2012 - 08:13 AM

ok sorry about that lol,
heres the log :)



Scan result of Farbar Recovery Scan Tool Version: 30-04-2012 02
Ran by SYSTEM at 03-05-2012 15:51:37
Running from G:\
Microsoft Windows XP (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray [1159168 2005-02-22] (Andrea Electronics Corporation)
HKLM\...\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [149280 2009-11-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [26112 2005-12-02] (RealNetworks, Inc.)
HKLM\...\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [49152 2003-05-07] (ScanSoft, Inc.)
HKLM\...\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon [x]
HKLM\...\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe [94208 2005-07-19] (Intel Corporation)
HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-07-19] (Intel Corporation)
HKLM\...\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [53248 2005-02-23] (CyberLink Corp.)
HKLM\...\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [86016 2005-01-26] ()
HKLM\...\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r [57344 2005-09-14] (Creative Technology Ltd)
HKLM\...\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [127036 2006-06-12] (Sonic Solutions)
HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-07-19] (Intel Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [177440 2009-08-12] (Apple Inc.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-03-18] (Apple Inc.)
HKLM\...\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1218008 2010-06-09] (McAfee, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [141608 2010-07-20] (Apple Inc.)
HKLM\...\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h [28783 2010-08-12] (MyWebSearch.com)
HKLM\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32849 2010-08-12] (MyWebSearch.com)
HKLM\...\Run: [MFFSum_Pro_LL2] "C:\Program Files\Xerox Companion Suite\MFFSUM.exe" [24576 2009-04-21] ()
HKLM\...\Run: [MFPrintServer_Pro_LL2] "C:\Program Files\Xerox Companion Suite\MFPrintServer.exe" [73728 2009-04-21] ()
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-24] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-11-12] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-11-12] (Nuance Communications, Inc.)
HKLM\...\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe" [251744 2011-06-05] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-05] (Adobe Systems Incorporated)
HKU\Default User\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Default User\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
HKU\Default User\...\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB [135168 2004-11-29] (Creative Technology Ltd)
HKU\Laura\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Laura\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
HKU\Laura\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Laura\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)
HKU\Tony\...\Run: [SetDefaultMIDI] MIDIDef.exe [x]
HKU\Tony\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-13] (Microsoft Corporation)
HKU\Tony\...\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R [102400 2004-12-02] (Creative Technology Ltd)
HKU\Tony\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\Tony\...\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [32849 2010-08-12] (MyWebSearch.com)
HKLM-x32\...\Winlogon: [Userinit] [x]
HKLM-x32\...\Winlogon: [Shell] [x ] ()
Winlogon\Notify\crypt32chain: crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: %SystemRoot%\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\uservmem: uservmem.dll [X]
Winlogon\Notify\wlballoon: wlnotify.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
4 Alerter; C:\Windows\System32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [144176 2010-06-10] (Apple Inc.)
3 AppMgmt; C:\Windows\System32\svchost.exe -k netsvcs [14336 2008-04-13] (Microsoft Corporation)
3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-24] (Microsoft Corporation)
2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-29] (Canon Inc.)
3 CiSvc; C:\Windows\System32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
4 ClipSrv; C:\Windows\System32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
3 Creative Labs Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe" [69632 2005-12-02] (Creative Labs)
2 Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [44032 1999-12-12] (Creative Technology Ltd)
3 dmadmin; C:\Windows\System32\dmadmin.exe /com [224768 2008-04-13] (Microsoft Corp., Veritas Software)
3 dmserver; C:\Windows\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
2 ERSvc; C:\Windows\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
3 FastUserSwitchingCompatibility; C:\Windows\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
2 FUSServices; C:\WINDOWS\system32\FUSServices.exe [10752 2009-04-21] ()
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [16936 2007-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
2 gupdate1ca2d387a963204; C:\Program Files\Google\Update\GoogleUpdate.exe /svc [133104 2009-09-04] (Google Inc.)
3 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc [133104 2009-09-04] (Google Inc.)
2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
3 HTTPFilter; C:\Windows\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
3 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [69632 2005-04-03] (Macrovision Corporation)
3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
2 LeapFrog Connect Device Service; "C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe" [6132576 2011-06-05] (LeapFrog Enterprises, Inc.)
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [865832 2010-06-09] (McAfee, Inc.)
4 Messenger; C:\Windows\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
2 MyWebSearchService; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [28762 2010-08-12] (MyWebSearch.com)
4 NetDDE; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
4 NetDDEdsdm; C:\Windows\System32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-18] (Intel® Corporation)
3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
3 NtLmSsp; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 NtmsSvc; C:\Windows\System32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
3 RSVP; C:\Windows\System32\rsvp.exe [132608 2004-08-03] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
3 SwPrv; C:\WINDOWS\system32\dllhost.exe /Processid:{A445BD1E-49EE-4607-B370-5CCA447377C4} [5120 2008-04-13] (Microsoft Corporation)
3 SysmonLog; C:\Windows\System32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
3 UPS; C:\Windows\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
2 WZCSVC; C:\Windows\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
3 xmlprov; C:\Windows\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x]
3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x]
2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
2 McAfee SiteAdvisor Service; "C:\Program Files\McAfee\SiteAdvisor\McSACore.exe" [x]
2 McNASvc; "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" [x]
3 MSIServer; C:\WINDOWS\system32\msiexec.exe .exe /V [x]
4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x]

========================== Drivers (Whitelisted) =============

4 abp480n5; C:\Windows\System32\Drivers\abp480n5.sys [23552 2001-08-16] (Microsoft Corporation)
4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [11648 2004-08-03] (Microsoft Corporation)
4 adpu160m; C:\Windows\System32\Drivers\adpu160m.sys [101888 2001-08-16] (Microsoft Corporation)
3 aec; C:\Windows\System32\Drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
3 Afc; C:\Windows\System32\Drivers\Afc.sys [18688 2006-11-09] (Arcsoft, Inc.)
4 agpCPQ; C:\Windows\System32\Drivers\agpCPQ.sys [44928 2008-04-13] (Microsoft Corporation)
4 Aha154x; C:\Windows\System32\Drivers\Aha154x.sys [12800 2001-08-16] (Microsoft Corporation)
4 aic78u2; C:\Windows\System32\Drivers\aic78u2.sys [55168 2001-08-16] (Microsoft Corporation)
4 aic78xx; C:\Windows\System32\Drivers\aic78xx.sys [56960 2001-08-16] (Microsoft Corporation)
4 alim1541; C:\Windows\System32\Drivers\alim1541.sys [42752 2008-04-13] (Microsoft Corporation)
4 amdagp; C:\Windows\System32\Drivers\amdagp.sys [43008 2008-04-13] (Advanced Micro Devices, Inc.)
4 amsint; C:\Windows\System32\Drivers\amsint.sys [12032 2001-08-16] (Microsoft Corporation)
4 asc; C:\Windows\System32\Drivers\asc.sys [26496 2001-08-16] (Advanced System Products, Inc.)
4 asc3350p; C:\Windows\System32\Drivers\asc3350p.sys [22400 2001-08-16] (Microsoft Corporation)
4 asc3550; C:\Windows\System32\Drivers\asc3550.sys [14848 2001-08-16] (Advanced System Products, Inc.)
2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2005-12-02] (Windows ® 2000 DDK provider)
3 Atmarpc; C:\Windows\System32\Drivers\Atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
3 audstub; C:\Windows\System32\Drivers\audstub.sys [3072 2001-08-16] (Microsoft Corporation)
4 cbidf; C:\Windows\System32\DRIVERS\cbidf2k.sys [13952 2001-08-16] (Microsoft Corporation)
4 cbidf2k; C:\Windows\System32\Drivers\cbidf2k.sys [13952 2001-08-16] (Microsoft Corporation)
3 CCDECODE; C:\Windows\System32\Drivers\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
4 cd20xrnt; C:\Windows\System32\Drivers\cd20xrnt.sys [7680 2001-08-16] (Microsoft Corporation)
1 Cdaudio; C:\Windows\System32\Drivers\Cdaudio.sys [18688 2004-08-03] (Microsoft Corporation)
4 Cpqarray; C:\Windows\System32\Drivers\Cpqarray.sys [14976 2001-08-16] (Microsoft Corporation)
3 CTUSFSYN; C:\Windows\System32\Drivers\CTUSFSYN.sys [158464 2005-05-25] (Creative Technology Ltd.)
4 dac2w2k; C:\Windows\System32\Drivers\dac2w2k.sys [179584 2001-08-16] (Mylex Corporation)
4 dac960nt; C:\Windows\System32\Drivers\dac960nt.sys [14720 2001-08-16] (Microsoft Corporation)
2 DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [25724 2006-06-12] (Sonic Solutions)
1 DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.sys [5660 2006-03-16] (Sonic Solutions)
2 DLADResN; C:\Windows\System32\DLA\DLADResN.SYS [2496 2006-06-12] (Sonic Solutions)
2 DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [86844 2006-06-12] (Sonic Solutions)
2 DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [14716 2006-06-12] (Sonic Solutions)
2 DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [6364 2006-06-12] (Sonic Solutions)
1 DLARTL_N; C:\Windows\System32\Drivers\DLARTL_N.sys [22684 2006-03-16] (Sonic Solutions)
2 DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [94460 2006-06-12] (Sonic Solutions)
2 DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [88476 2006-06-12] (Sonic Solutions)
4 dmboot; C:\Windows\System32\Drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmio; C:\Windows\System32\Drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
4 dmload; C:\Windows\System32\Drivers\dmload.sys [5888 2004-08-03] (Microsoft Corp., Veritas Software.)
3 DMusic; C:\Windows\System32\Drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
4 dpti2o; C:\Windows\System32\Drivers\dpti2o.sys [20192 2001-08-16] (Microsoft Corporation)
0 drvmcdb; C:\Windows\System32\Drivers\drvmcdb.sys [89264 2006-06-11] (Sonic Solutions)
2 drvnddm; C:\Windows\System32\Drivers\drvnddm.sys [40544 2006-03-16] (Sonic Solutions)
3 E100B; C:\Windows\System32\DRIVERS\e100b325.sys [155648 2004-10-13] (Intel Corporation)
3 FaxLffv2; C:\Windows\System32\Drivers\FaxLffv2.sys [18944 2008-06-18] (OEM)
1 Fips; C:\Windows\System32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
0 Ftdisk; C:\Windows\System32\Drivers\Ftdisk.sys [125056 2001-08-16] (Microsoft Corporation)
3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\Drivers\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
4 hpn; C:\Windows\System32\Drivers\hpn.sys [25952 2001-08-16] (Microsoft Corporation)
1 i2omgmt; C:\Windows\System32\Drivers\i2omgmt.sys [8576 2008-04-13] (Microsoft Corporation)
3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1049180 2005-07-19] (Intel Corporation)
1 Imapi; C:\Windows\System32\Drivers\Imapi.sys [42112 2008-04-13] (Microsoft Corporation)
4 ini910u; C:\Windows\System32\Drivers\ini910u.sys [16000 2001-08-16] (Microsoft Corporation)
3 Ip6Fw; C:\Windows\System32\Drivers\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)
3 IpInIp; C:\Windows\System32\Drivers\IpInIp.sys [20864 2008-04-13] (Microsoft Corporation)
1 IPSec; C:\Windows\System32\Drivers\IPSec.sys [75264 2008-04-13] (Microsoft Corporation)
3 kmixer; C:\Windows\System32\Drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
3 LeapFrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [33792 2009-10-09] (Belcarra Technologies)
3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [385880 2010-05-31] (McAfee, Inc.)
3 mferkdk; C:\Windows\System32\Drivers\mferkdk.sys [34248 2010-02-16] (McAfee, Inc.)
1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [4224 2004-08-03] (Microsoft Corporation)
3 MODEMCSA; C:\Windows\System32\Drivers\MODEMCSA.sys [16128 2001-08-16] (Microsoft Corporation)
4 mraid35x; C:\Windows\System32\Drivers\mraid35x.sys [17280 2001-08-16] (American Megatrends Inc.)
3 NABTSFEC; C:\Windows\System32\Drivers\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
3 NdisIP; C:\Windows\System32\Drivers\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [1897408 2004-08-03] (NVIDIA Corporation)
3 NwlnkFlt; C:\Windows\System32\Drivers\NwlnkFlt.sys [12416 2004-08-03] (Microsoft Corporation)
3 NwlnkFwd; C:\Windows\System32\Drivers\NwlnkFwd.sys [32512 2004-08-03] (Microsoft Corporation)
2 NwlnkIpx; C:\Windows\System32\Drivers\NwlnkIpx.sys [88320 2008-04-13] (Microsoft Corporation)
2 NwlnkNb; C:\Windows\System32\Drivers\NwlnkNb.sys [63232 2004-08-03] (Microsoft Corporation)
2 NwlnkSpx; C:\Windows\System32\Drivers\NwlnkSpx.sys [55936 2004-08-03] (Microsoft Corporation)
4 perc2; C:\Windows\System32\Drivers\perc2.sys [27296 2001-08-16] (Microsoft Corporation)
4 perc2hib; C:\Windows\System32\Drivers\perc2hib.sys [5504 2001-08-16] (Microsoft Corporation)
2 PfModNT; C:\Windows\System32\Drivers\PfModNT.sys [8704 2004-12-22] (Creative Technology Ltd.)
3 PSched; C:\Windows\System32\Drivers\PSched.sys [69120 2008-04-13] (Microsoft Corporation)
3 Ptilink; C:\Windows\System32\Drivers\Ptilink.sys [17792 2004-08-03] (Parallel Technologies, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36624 2006-11-01] (Sonic Solutions)
4 ql1080; C:\Windows\System32\Drivers\ql1080.sys [40320 2001-08-16] (QLogic Corporation)
4 Ql10wnt; C:\Windows\System32\Drivers\Ql10wnt.sys [33152 2001-08-16] (Microsoft Corporation)
4 ql12160; C:\Windows\System32\Drivers\ql12160.sys [45312 2001-08-16] (QLogic Corporation)
4 ql1240; C:\Windows\System32\Drivers\ql1240.sys [40448 2001-08-16] (Microsoft Corporation)
4 ql1280; C:\Windows\System32\Drivers\ql1280.sys [49024 2001-08-16] (QLogic Corporation)
3 Raspti; C:\Windows\System32\Drivers\Raspti.sys [16512 2004-08-03] (Microsoft Corporation)
1 redbook; C:\Windows\System32\Drivers\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
3 sigfilt; C:\Windows\System32\Drivers\sigfilt.sys [1350784 2005-09-21] (Creative Technology Ltd.)
4 sisagp; C:\Windows\System32\Drivers\sisagp.sys [40960 2008-04-13] (Silicon Integrated Systems Corporation)
3 SLIP; C:\Windows\System32\Drivers\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
4 Sparrow; C:\Windows\System32\Drivers\Sparrow.sys [19072 2001-08-16] (Adaptec, Inc.)
3 splitter; C:\Windows\System32\Drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
0 sr; C:\Windows\System32\Drivers\sr.sys [73472 2008-04-13] (Microsoft Corporation)
3 STHDA; C:\Windows\System32\Drivers\STHDA.sys [1022040 2005-08-17] (SigmaTel, Inc.)
3 streamip; C:\Windows\System32\Drivers\streamip.sys [15232 2008-04-13] (Microsoft Corporation)
3 swmidi; C:\Windows\System32\Drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
4 symc810; C:\Windows\System32\Drivers\symc810.sys [16256 2001-08-16] (Symbios Logic Inc.)
3 sysaudio; C:\Windows\System32\Drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
4 TosIde; C:\Windows\System32\Drivers\TosIde.sys [4992 2001-08-16] (Microsoft Corporation)
4 ultra; C:\Windows\System32\Drivers\ultra.sys [36736 2001-08-16] (Promise Technology, Inc.)
3 Update; C:\Windows\System32\Drivers\Update.sys [384768 2008-04-13] (Microsoft Corporation)
3 USBAAPL; C:\Windows\System32\Drivers\USBAAPL.sys [41984 2010-04-19] (Apple, Inc.)
4 ViaIde; C:\Windows\System32\Drivers\ViaIde.sys [5376 2008-04-13] (Microsoft Corporation)
3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2008-05-05] (Western Digital Technologies)
3 wdmaud; C:\Windows\System32\Drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
3 WSTCODEC; C:\Windows\System32\Drivers\WSTCODEC.sys [19200 2008-04-13] (Microsoft Corporation)
3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2008-01-16] (OEM)
4 Abiosdsk; [x]
4 Atdisk; [x]
1 Changer; [x]
4 InCDFs; C:\Windows\System32\drivers\InCDFs.sys [x]
1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [x]
1 InCDRm; C:\Windows\System32\drivers\InCDRm.sys [x]
1 lbrtfdc; [x]
1 PCIDump; [x]
3 PDCOMP; [x]
3 PDFRAME; [x]
3 PDRELI; [x]
3 PDRFRAME; [x]
4 Simbad; [x]
3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [x]
3 WDICA; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-03 15:51 - 2010-09-18 21:31 - 0000000 ____D C:\FRST
2012-04-19 03:43 - 2011-02-27 00:58 - 1131520 ____A C:\Documents and Settings\Laura\My Documents\NEWSLETTERS 2012.doc


============ 3 Months Modified Files and Folders =============

2012-05-03 15:51 - 2012-05-03 15:51 - 0000000 ____D C:\FRST
2012-04-30 05:12 - 2006-03-26 23:00 - 0000000 ____D C:\Documents and Settings\Tony\Shared
2012-04-25 18:05 - 2005-12-08 02:22 - 0000000 ___RD C:\Documents and Settings\Laura\My Documents
2012-04-25 17:59 - 2012-04-19 03:43 - 1131520 ____A C:\Documents and Settings\Laura\My Documents\NEWSLETTERS 2012.doc
2012-04-19 03:34 - 2012-01-06 13:46 - 1161216 ____A C:\Documents and Settings\Laura\My Documents\NEWSLETTER 1 2012.doc
2012-04-14 02:42 - 2011-02-20 17:27 - 0180736 ____A C:\Documents and Settings\Laura\My Documents\masterclass.doc
2012-03-11 18:45 - 2012-03-11 18:45 - 0118549 ____A C:\Documents and Settings\Laura\watch.htm
2012-03-09 13:22 - 2012-03-09 13:22 - 0018448 ____A C:\Documents and Settings\Laura\101.htm
2012-03-02 04:08 - 2008-12-01 02:00 - 0001480 ____A C:\Documents and Settings\Laura\Desktop\2008-2009.lnk
2012-02-12 18:29 - 2006-11-20 00:46 - 0000000 ____D C:\Documents and Settings\Laura\My Documents\Dance Revolution
2012-02-11 13:50 - 2011-11-06 01:43 - 0739328 ____A C:\Documents and Settings\Laura\Desktop\SFD EXAM INFORMATION.doc

========================= Known DLLs (Whitelisted) ============

C:\Windows\SysWOW64\advapi32.dll is missing
C:\Windows\SysWOW64\comdlg32.dll is missing
C:\Windows\SysWOW64\gdi32.dll is missing
C:\Windows\SysWOW64\imagehlp.dll is missing
C:\Windows\SysWOW64\kernel32.dll is missing
C:\Windows\SysWOW64\lz32.dll is missing
C:\Windows\SysWOW64\ole32.dll is missing
C:\Windows\SysWOW64\oleaut32.dll is missing
[2004-08-09 20:51] - [2008-04-13 16:12] - 0074752 ____A (Microsoft Corporation) C:\Windows\System32\olecli32.dll
C:\Windows\SysWOW64\olecli32.dll is missing
[2004-08-09 20:51] - [2008-04-13 16:12] - 0037376 ____A (Microsoft Corporation) C:\Windows\System32\olecnv32.dll
C:\Windows\SysWOW64\olecnv32.dll is missing
[2004-08-09 20:51] - [2004-08-03 13:00] - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\olesvr32.dll
C:\Windows\SysWOW64\olesvr32.dll is missing
[2004-08-09 20:51] - [2004-08-03 13:00] - 0069120 ____A (Microsoft Corporation) C:\Windows\System32\olethk32.dll
C:\Windows\SysWOW64\olethk32.dll is missing
C:\Windows\SysWOW64\rpcrt4.dll is missing
C:\Windows\SysWOW64\shell32.dll is missing
C:\Windows\SysWOW64\url.dll is missing
C:\Windows\SysWOW64\urlmon.dll is missing
C:\Windows\SysWOW64\user32.dll is missing
C:\Windows\SysWOW64\version.dll is missing
C:\Windows\SysWOW64\wininet.dll is missing
C:\Windows\SysWOW64\wldap32.dll is missing

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe
[2004-08-09 20:51] - [2008-04-13 16:12] - 0507904 ____A (Microsoft Corporation) ED0EF0A136DEC83DF69F04118870003E

C:\Windows\System32\wininit.exe is missing.
C:\Windows\SysWOW64\wininit.exe is missing.
C:\Windows\explorer.exe
[2004-08-09 20:51] - [2008-04-13 16:12] - 1033728 ____A (Microsoft Corporation) 12896823FB95BFB3DC9B46BCAEDC9923

C:\Windows\SysWOW64\explorer.exe is missing.
C:\Windows\System32\svchost.exe
[2004-08-09 20:51] - [2008-04-13 16:12] - 0014336 ____A (Microsoft Corporation) 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\Windows\SysWOW64\svchost.exe is missing.
C:\Windows\System32\User32.dll
[2004-08-09 20:51] - [2008-04-13 16:12] - 0578560 ____A (Microsoft Corporation) B26B135FF1B9F60C9388B4A7D16F600B

C:\Windows\SysWOW64\User32.dll is missing.
C:\Windows\System32\Drivers\volsnap.sys
[2004-08-09 20:51] - [2008-04-13 10:41] - 0052352 ____A (Microsoft Corporation) 4C8FCB5CC53AAB716D810740FE59D025


========================= Memory info ======================

Percentage of memory in use: 6%
Total physical RAM: 16359.05 MB
Available physical RAM: 15254.11 MB
Total Pagefile: 16357.2 MB
Available Pagefile: 15245.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:145.97 GB) (Free:70.48 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: () (Fixed) (Total:931.41 GB) (Free:840.88 GB) NTFS
4 Drive f: (GRMCULXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
5 Drive g: (MAT'S IPOD) (Removable) (Total:0.97 GB) (Free:0.93 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 Online 931 GB 0 B
Disk 2 Online 992 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 31 MB 31 KB
Partition 2 Primary 145 GB 31 MB
Partition 3 Primary 3074 MB 146 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 31 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 145 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 992 MB 20 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G MAT'S IPOD FAT32 Removable 992 MB Healthy

======================================================================================================
======================= End Of Log ==========================

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 06 May 2012 - 08:27 AM

Seems it took 3 days to post the same log you have posted already and didn't read my post and didn't give me feedback about the question I asked.

So I'm not sure this type of (online help) assistance suit you. It requires you to read the post, interact with the helper and follow the instructions. So I advise you to think about it and see if you can do it. Otherwise good luck with the repair.

#6 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 06 May 2012 - 08:51 AM

Seems it took 3 days to post the same log you have posted already and didn't read my post and didn't give me feedback about the question I asked.

So I'm not sure this type of (online help) assistance suit you. It requires you to read the post, interact with the helper and follow the instructions. So I advise you to think about it and see if you can do it. Otherwise good luck with the repair.


sorry bro, its been a long day at work for me lol. ill run FRST and get the new log for you asap.
btw no need to be a smartass man, having no sleep for 3 days dosnt really help...

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 06 May 2012 - 09:14 AM

I still didn't get the feedback I asked. If you run the FRST in the same condition as before it will not be of any use. Perhaps getting a good sleep before doing anything will help.

#8 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 06 May 2012 - 11:52 PM

ok well i got a goodnight sleep, got rid of windows xp system and ran the new version of FRST on windows 7.
heres the results.


Scan result of Farbar Recovery Scan Tool Version: 05-05-2012 02
Ran by SYSTEM at 07-05-2012 15:03:00
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11613288 2010-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-01-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-26] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2670008 2012-03-19] (PC Tools)
HKU\Tony\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-11-19] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-12] (Atheros Commnucations)
2 Browser Defender Update Service; "C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [571320 2012-03-19] (Threat Expert Ltd.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65824 2006-10-26] (Microsoft Corporation)
2 NAL; C:\Windows\System32\kpfwsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
2 sdAuxService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [402336 2012-03-19] (PC Tools)
2 sdCoreService; C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [1118648 2012-03-19] (PC Tools)
3 ThreatFire; C:\Program Files (x86)\PC Tools\PC Tools Security\TFEngine\TFService.exe service [71008 2012-03-19] (PC Tools)
2 FUSServices; C:\Windows\SysWOW64\FUSServices.exe [x]
2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [x]

========================== Drivers (Whitelisted) =============

3 1394ohci; C:\Windows\System32\Drivers\1394ohci.sys [227840 2009-07-13] (Microsoft Corporation)
3 asmthub3; C:\Windows\System32\Drivers\asmthub3.sys [126952 2011-02-23] (ASMedia Technology Inc)
3 asmtxhci; C:\Windows\System32\Drivers\asmtxhci.sys [389608 2011-02-23] (ASMedia Technology Inc)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-12] (Atheros)
3 ATHDFU; C:\Windows\System32\Drivers\ATHDFU.sys [51872 2011-03-12] (Windows ® Win 7 DDK provider)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-12] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-12] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-12] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-12] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-12] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-12] (Atheros)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 FaxLffv2; C:\Windows\System32\Drivers\FaxLffv2.sys [31232 2008-06-18] (OEM)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [224832 2009-07-13] (Microsoft Corporation)
0 JRAID; C:\Windows\System32\Drivers\JRAID.sys [120920 2010-08-10] (JMicron Technology Corp.)
0 mv91xx; C:\Windows\System32\Drivers\mv91xx.sys [297000 2010-08-27] (Marvell Semiconductor, Inc.)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] (Microsoft Corporation)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD64.sys [85192 2012-03-19] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [426104 2012-03-15] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [453896 2012-02-27] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [1096176 2012-02-27] (PC Tools)
3 PCTFW-PacketFilter; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [122784 2011-11-08] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi64.sys [339608 2012-03-19] (PC Tools)
1 pctNdisLW64; C:\Windows\System32\Drivers\pctNdisLW64.sys [77976 2012-03-18] (PC Tools)
3 pctplfw; \??\C:\Windows\System32\drivers\pctplfw64.sys [181512 2012-03-19] (PC Tools)
3 pctplsg; \??\C:\Windows\System32\drivers\pctplsg64.sys [92896 2012-03-19] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD64.sys [251528 2012-03-19] (PC Tools)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65664 2012-03-19] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41968 2012-03-19] (PC Tools)
0 TFSysMon; C:\Windows\System32\Drivers\TFSysMon.sys [706776 2012-03-19] (PC Tools)
3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16640 2012-01-04] (Windows ® Win 7 DDK provider)
3 utm2odcz; C:\Windows\SysWow64\Drivers\utm2odcz.sys [7168 2012-04-29] ()
3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [55808 2010-01-29] (OEM)

========================== NetSvcs (Whitelisted) ===========
NETSVC: Hardlock
NETSVC: NAL

============ One Month Created Files and Folders ==============

2012-04-30 05:13 - 2009-07-13 17:40 - 0000000 ____D C:\Windows\System32\appmgmt
2012-04-29 07:39 - 2012-04-29 07:37 - 0130416 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_01.39.23_log.txt
2012-04-29 07:36 - 2012-04-29 05:07 - 0131996 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_01.36.01_log.txt
2012-04-29 06:48 - 2012-04-29 06:48 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Spam Monitor
2012-04-29 06:48 - 2012-04-29 04:57 - 0000000 ____D C:\Users\Tony\AppData\Roaming\PC Tools
2012-04-29 06:47 - 2012-04-28 20:22 - 0000882 ____A C:\Windows\RegSDImport.xml
2012-04-29 06:47 - 2012-03-19 18:21 - 1681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-04-29 06:47 - 2011-12-03 20:16 - 2271160 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-04-29 06:47 - 2011-11-19 07:33 - 0767928 ____A C:\Windows\BDTSupport.dll
2012-04-29 06:47 - 2009-07-13 20:51 - 0149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-04-29 06:47 - 2009-07-13 17:45 - 0085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-04-29 06:47 - 2009-07-13 17:39 - 0000879 ____A C:\Windows\RegISSImport.xml
2012-04-29 06:47 - 2009-07-13 17:39 - 0000131 ____A C:\Windows\IDB.zip
2012-04-29 06:47 - 2009-07-13 17:14 - 0003488 ____A C:\Windows\UDB.zip
2012-04-29 06:46 - 2012-04-29 06:46 - 0001143 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2012-04-29 06:46 - 2012-04-29 04:57 - 0002251 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-04-29 06:46 - 2012-03-19 19:50 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-04-29 06:46 - 2012-03-19 19:50 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-04-29 06:46 - 2012-03-19 19:43 - 0122784 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdis-PacketFilter64.sys
2012-04-29 06:46 - 2012-03-19 18:21 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-04-29 06:46 - 2012-03-19 17:11 - 0706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-04-29 06:46 - 2012-03-18 19:02 - 0181512 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
2012-04-29 06:46 - 2012-02-27 17:43 - 0339608 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-04-29 06:46 - 2011-11-19 07:32 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-04-29 06:46 - 2011-11-08 22:33 - 0077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
2012-04-29 06:46 - 2009-07-13 17:45 - 0065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-04-29 06:44 - 2011-12-14 02:09 - 26853544 ____A (GridinSoft LLC) C:\Users\Tony\Downloads\gtk2121-setup.exe
2012-04-29 06:40 - 2012-03-19 19:49 - 0426104 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-04-29 06:40 - 2012-03-15 18:15 - 0453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys
2012-04-29 06:40 - 2012-02-27 17:43 - 1096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-04-29 06:36 - 2012-04-10 23:33 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-29 06:36 - 2012-04-10 23:33 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-29 06:35 - 2012-04-29 04:49 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-29 06:35 - 2012-04-29 04:49 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-29 06:35 - 2011-11-20 01:26 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-04-29 06:35 - 2009-09-09 18:53 - 0038224 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-04-29 06:35 - 2009-07-13 15:26 - 0019160 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-29 06:34 - 2009-11-19 10:09 - 0009631 ____A C:\Users\Tony\Desktop\hijackthis.log
2012-04-29 06:33 - 2011-10-17 02:21 - 0000000 ____D C:\Users\Tony\Desktop\backups
2012-04-29 06:29 - 2012-04-29 04:57 - 0393528 ____A (Trend Micro Inc.) C:\Users\Tony\Desktop\HijackThis.exe
2012-04-29 06:27 - 2009-07-13 17:39 - 0366022 ____A C:\Windows\ntbtlog.txt
2012-04-29 05:35 - - 0000000 ____D C:\!KillBox
2012-04-29 05:27 - 2012-04-29 06:46 - 0089088 ____A C:\Users\Tony\Downloads\mbr.exe
2012-04-29 05:26 - - 0302592 ____A C:\Users\Tony\Downloads\73fny5ic.exe
2012-04-29 05:20 - 2012-04-29 05:26 - 0463080 ____A (CNET Download.com) C:\Users\Tony\Downloads\cnet2_ComboFix_exe.exe
2012-04-29 05:20 - 2012-04-29 05:20 - 3818105 ____A C:\Users\Tony\Downloads\ComboFix.exe
2012-04-29 05:20 - 2011-12-14 02:09 - 0000000 ____D C:\Users\All Users\WRData
2012-04-29 05:20 - 2011-12-14 02:09 - 0000000 ____D C:\ProgramData\WRData
2012-04-29 05:07 - 2012-04-29 05:01 - 0126642 ____A C:\TDSSKiller.2.7.33.0_29.04.2012_23.07.03_log.txt
2012-04-29 05:00 - 2012-04-30 05:12 - 0127436 ____A C:\TDSSKiller.2.7.33.0_29.04.2012_23.00.02_log.txt
2012-04-29 05:00 - 2012-04-29 07:41 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-29 04:59 - 2012-04-29 06:35 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-29 04:59 - 2012-04-29 06:35 - 0000000 ____D C:\ProgramData\McAfee
2012-04-29 04:59 - 2012-04-29 04:59 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Tony\Downloads\tdsskiller.exe
2012-04-29 04:59 - 2011-11-19 07:35 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-29 04:58 - 2012-04-29 05:27 - 7492440 ____A C:\Users\Tony\Downloads\saSetup.exe
2012-04-29 04:57 - 2012-04-29 05:33 - 16339280 ____A (Mozilla) C:\Users\Tony\Desktop\Firefox Setup 12.0.exe
2012-04-29 04:57 - 2012-04-29 05:27 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-29 04:57 - 2012-04-29 04:46 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2012-04-29 04:57 - 2012-01-05 22:14 - 0000000 ____D C:\Users\Tony\AppData\Local\Mozilla
2012-04-29 04:57 - 2011-12-03 20:17 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-29 04:57 - 2011-12-03 20:17 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-29 04:57 - 2011-12-03 20:16 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-29 04:57 - 2011-11-20 01:11 - 0001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-29 04:50 - 2009-07-13 21:37 - 0007168 ____A C:\Windows\SysWOW64\Drivers\utm2odcz.sys
2012-04-29 04:49 - 2011-11-19 07:31 - 0000000 ____D C:\Users\All Users\is-AJKCE
2012-04-29 04:49 - 2011-11-19 07:31 - 0000000 ____D C:\ProgramData\is-AJKCE
2012-04-29 04:38 - 2012-04-30 05:14 - 0000000 ____D C:\Windows\pss
2012-04-27 01:48 - - 0317368 ____A C:\Windows\Minidump\042712-23946-01.dmp
2012-04-27 01:38 - 2012-03-19 17:11 - 0041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-04-27 01:36 - 2011-12-03 20:16 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-27 01:25 - 2012-04-29 18:44 - 0000000 ____D C:\_OTL
2012-04-27 01:25 - 2011-11-15 17:21 - 0024932 ____A C:\Users\Tony\Desktop\Extras.Txt
2012-04-27 01:24 - 2011-10-17 01:49 - 0381772 ____A C:\Users\Tony\Desktop\OTL.Txt
2012-04-27 01:18 - 2009-06-10 12:34 - 1118607 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-27 01:17 - 2012-04-29 05:32 - 0001695 ____A C:\Users\Tony\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-27 01:17 - 2012-04-29 04:57 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-27 01:17 - 2012-04-29 04:57 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-27 01:17 - 2012-04-10 01:45 - 0000000 ____D C:\Users\Tony\AppData\Roaming\TestApp
2012-04-27 01:17 - 2012-03-19 19:50 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-27 01:17 - 2012-01-24 23:05 - 0584192 ____A (OldTimer Tools) C:\Users\Tony\Desktop\OTL.exe
2012-04-27 01:17 - 2011-12-06 01:13 - 0000000 ____D C:\Users\Tony\Desktop\Spyware Doctor 2012 + Serial
2012-04-27 01:17 - - 1916416 ____A (AVAST Software) C:\Users\Tony\Desktop\aswMBR.exe
2012-04-14 00:40 - 2012-04-28 23:59 - 0001339 ____A C:\Users\Tony\Desktop\Database Folders.lnk
2012-04-14 00:16 - 2012-04-29 06:34 - 0001879 ____A C:\Users\Tony\Desktop\Dance Revolution 2010-2011 - Shortcut.lnk
2012-04-10 01:45 - 2012-04-29 06:48 - 0000000 ____D C:\Users\Tony\AppData\Roaming\SpeedyPC Software
2012-04-10 01:45 - 2012-04-28 20:19 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-04-10 01:45 - 2012-04-28 20:19 - 0000000 ____D C:\ProgramData\SpeedyPC Software
2012-04-10 01:45 - 2011-11-19 08:40 - 0000000 ____D C:\Users\Tony\AppData\Roaming\DriverCure


============ 3 Months Modified Files and Folders =============

2012-05-07 15:01 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-01 02:45 - 2011-11-15 22:22 - 4275376128 __ASH C:\hiberfil.sys
2012-04-30 05:26 - 2012-04-29 06:27 - 0366022 ____A C:\Windows\ntbtlog.txt
2012-04-30 05:15 - 2012-04-27 01:18 - 1118607 ____A C:\Windows\System32\Drivers\Cat.DB
2012-04-30 05:15 - 2011-11-19 07:34 - 0013434 ____A C:\Windows\PFRO.log
2012-04-30 05:14 - 2011-11-15 22:25 - 0619061 ____A C:\Windows\WindowsUpdate.log
2012-04-30 05:13 - 2012-04-30 05:13 - 0000000 ____D C:\Windows\System32\appmgmt
2012-04-30 04:51 - 2011-11-19 07:31 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-29 18:48 - 2009-07-13 20:45 - 0010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-29 18:48 - 2009-07-13 20:45 - 0010208 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-29 18:44 - 2012-04-06 17:04 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-29 18:43 - 2011-11-19 07:31 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-29 18:43 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-29 18:43 - 2009-07-13 20:51 - 0026591 ____A C:\Windows\setupact.log
2012-04-29 07:41 - 2012-04-29 07:39 - 0130416 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_01.39.23_log.txt
2012-04-29 07:37 - 2012-04-29 07:36 - 0131996 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_01.36.01_log.txt
2012-04-29 07:37 - 2012-04-29 05:00 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-29 07:31 - 2012-04-29 06:46 - 0000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2012-04-29 07:22 - 2009-07-13 15:12 - 0000000 ___HD C:\Recycle.bin
2012-04-29 06:56 - 2009-07-13 21:08 - 0017640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-29 06:48 - 2012-04-29 06:48 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Spam Monitor
2012-04-29 06:48 - 2012-04-29 06:48 - 0000000 ____D C:\Users\Tony\AppData\Roaming\PC Tools
2012-04-29 06:46 - 2012-04-29 06:46 - 0002251 ____A C:\Users\Public\Desktop\PC Tools Internet Security.lnk
2012-04-29 06:46 - 2012-04-29 06:46 - 0001143 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2012-04-29 06:46 - 2012-04-29 06:44 - 26853544 ____A (GridinSoft LLC) C:\Users\Tony\Downloads\gtk2121-setup.exe
2012-04-29 06:46 - 2012-04-27 01:36 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-29 06:42 - 2011-11-15 17:19 - 0000000 ____D C:\users\Tony
2012-04-29 06:40 - 2012-04-27 01:17 - 0001695 ____A C:\Users\Tony\Desktop\SD_Online_aff_GenericRevenueWire_207.exe.lnk
2012-04-29 06:39 - 2012-04-29 06:34 - 0009631 ____A C:\Users\Tony\Desktop\hijackthis.log
2012-04-29 06:36 - 2012-04-29 06:36 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-04-29 06:36 - 2012-04-29 06:36 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-04-29 06:35 - 2012-04-29 06:35 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-04-29 06:35 - 2012-04-29 06:35 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-04-29 06:35 - 2012-04-29 06:35 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-04-29 06:34 - 2012-04-29 06:33 - 0000000 ____D C:\Users\Tony\Desktop\backups
2012-04-29 06:33 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-29 05:35 - 2012-04-29 05:35 - 0000000 ____D C:\!KillBox
2012-04-29 05:33 - 2012-04-27 01:25 - 0024932 ____A C:\Users\Tony\Desktop\Extras.Txt
2012-04-29 05:32 - 2012-04-27 01:24 - 0381772 ____A C:\Users\Tony\Desktop\OTL.Txt
2012-04-29 05:32 - 2012-01-15 00:06 - 0000000 ____D C:\Users\Tony\AppData\Local\CrashDumps
2012-04-29 05:27 - 2012-04-29 05:27 - 0089088 ____A C:\Users\Tony\Downloads\mbr.exe
2012-04-29 05:27 - 2012-04-29 04:57 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-04-29 05:26 - 2012-04-29 05:26 - 0302592 ____A C:\Users\Tony\Downloads\73fny5ic.exe
2012-04-29 05:21 - 2012-04-29 05:20 - 0000000 ____D C:\Users\All Users\WRData
2012-04-29 05:21 - 2012-04-29 05:20 - 0000000 ____D C:\ProgramData\WRData
2012-04-29 05:20 - 2012-04-29 05:20 - 3818105 ____A C:\Users\Tony\Downloads\ComboFix.exe
2012-04-29 05:20 - 2012-04-29 05:20 - 0463080 ____A (CNET Download.com) C:\Users\Tony\Downloads\cnet2_ComboFix_exe.exe
2012-04-29 05:07 - 2012-04-29 05:07 - 0126642 ____A C:\TDSSKiller.2.7.33.0_29.04.2012_23.07.03_log.txt
2012-04-29 05:02 - 2012-04-29 04:59 - 0000000 ____D C:\Program Files (x86)\McAfee
2012-04-29 05:01 - 2012-04-29 05:00 - 0127436 ____A C:\TDSSKiller.2.7.33.0_29.04.2012_23.00.02_log.txt
2012-04-29 04:59 - 2012-04-29 04:59 - 2074160 ____A (Kaspersky Lab ZAO) C:\Users\Tony\Downloads\tdsskiller.exe
2012-04-29 04:59 - 2012-04-29 04:59 - 0000000 ____D C:\Users\All Users\McAfee
2012-04-29 04:59 - 2012-04-29 04:59 - 0000000 ____D C:\ProgramData\McAfee
2012-04-29 04:59 - 2012-04-29 04:58 - 7492440 ____A C:\Users\Tony\Downloads\saSetup.exe
2012-04-29 04:57 - 2012-04-29 04:57 - 16339280 ____A (Mozilla) C:\Users\Tony\Desktop\Firefox Setup 12.0.exe
2012-04-29 04:57 - 2012-04-29 04:57 - 0001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-04-29 04:57 - 2012-04-29 04:57 - 0000000 ____D C:\Users\Tony\AppData\Roaming\Mozilla
2012-04-29 04:57 - 2012-04-29 04:57 - 0000000 ____D C:\Users\Tony\AppData\Local\Mozilla
2012-04-29 04:57 - 2012-04-29 04:57 - 0000000 ____D C:\Users\All Users\Mozilla
2012-04-29 04:57 - 2012-04-29 04:57 - 0000000 ____D C:\ProgramData\Mozilla
2012-04-29 04:57 - 2012-04-29 04:57 - 0000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-29 04:50 - 2012-04-29 04:50 - 0007168 ____A C:\Windows\SysWOW64\Drivers\utm2odcz.sys
2012-04-29 04:49 - 2012-04-29 04:49 - 0000000 ____D C:\Users\All Users\is-AJKCE
2012-04-29 04:49 - 2012-04-29 04:49 - 0000000 ____D C:\ProgramData\is-AJKCE
2012-04-29 04:38 - 2012-04-29 04:38 - 0000000 ____D C:\Windows\pss
2012-04-28 23:59 - 2012-04-14 00:16 - 0001879 ____A C:\Users\Tony\Desktop\Dance Revolution 2010-2011 - Shortcut.lnk
2012-04-28 20:22 - 2011-11-19 07:41 - 0000000 ____D C:\Users\All Users\Atheros
2012-04-28 20:22 - 2011-11-19 07:41 - 0000000 ____D C:\ProgramData\Atheros
2012-04-28 20:22 - 2009-07-13 23:45 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-04-28 20:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-28 20:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-28 20:19 - 2012-04-27 01:17 - 0000000 ____D C:\Users\All Users\PC Tools
2012-04-28 20:19 - 2012-04-27 01:17 - 0000000 ____D C:\ProgramData\PC Tools
2012-04-28 17:38 - 2011-11-19 07:39 - 0000000 ____D C:\Users\Tony\Documents\Bluetooth Folder
2012-04-28 02:27 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-27 01:48 - 2012-04-27 01:48 - 0317368 ____A C:\Windows\Minidump\042712-23946-01.dmp
2012-04-27 01:25 - 2012-04-27 01:25 - 0000000 ____D C:\_OTL
2012-04-27 01:17 - 2012-04-27 01:17 - 0000000 ____D C:\Users\Tony\Desktop\Spyware Doctor 2012 + Serial
2012-04-27 01:17 - 2012-04-27 01:17 - 0000000 ____D C:\Users\Tony\AppData\Roaming\TestApp
2012-04-14 15:13 - 2011-11-19 07:32 - 0002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-14 00:40 - 2012-04-14 00:40 - 0001339 ____A C:\Users\Tony\Desktop\Database Folders.lnk
2012-04-10 23:33 - 2012-04-10 01:45 - 0000000 ____D C:\Users\All Users\SpeedyPC Software
2012-04-10 23:33 - 2012-04-10 01:45 - 0000000 ____D C:\ProgramData\SpeedyPC Software
2012-04-10 01:45 - 2012-04-10 01:45 - 0000000 ____D C:\Users\Tony\AppData\Roaming\SpeedyPC Software
2012-04-10 01:45 - 2012-04-10 01:45 - 0000000 ____D C:\Users\Tony\AppData\Roaming\DriverCure
2012-04-10 01:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-04-08 17:13 - 2011-11-15 17:20 - 0000000 ____D C:\Users\Tony\AppData\Local\VirtualStore
2012-04-06 17:07 - 2009-07-13 18:34 - 0001389 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-04-06 17:06 - 2012-04-06 17:06 - 0000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-04-06 17:03 - 2012-04-06 17:03 - 0000000 ____D C:\Windows\system64
2012-03-22 21:35 - 2012-01-05 22:14 - 0004689 ____A C:\Windows\CompanionLanSetup.log
2012-03-22 00:59 - 2012-03-03 20:53 - 0015341 ____A C:\Users\Tony\Documents\mum.docx
2012-03-19 19:50 - 2012-04-29 06:46 - 0181512 ____A (PC Tools) C:\Windows\System32\Drivers\pctplfw64.sys
2012-03-19 19:50 - 2012-04-29 06:46 - 0092896 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg64.sys
2012-03-19 19:50 - 2012-04-27 01:17 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-03-19 19:49 - 2012-04-29 06:46 - 0014776 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix64.sys
2012-03-19 19:45 - 2011-11-19 07:31 - 0000000 ____D C:\Users\Tony\AppData\Local\Google
2012-03-19 19:43 - 2012-04-29 06:46 - 0339608 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi64.sys
2012-03-19 19:43 - 2012-04-29 06:46 - 0145432 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter64.sys
2012-03-19 18:21 - 2012-04-29 06:47 - 2271160 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-03-19 18:21 - 2012-04-29 06:47 - 1681336 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-03-19 18:21 - 2012-04-29 06:47 - 0149432 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-03-19 18:21 - 2012-04-29 06:47 - 0085192 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD64.sys
2012-03-19 18:20 - 2012-04-29 06:47 - 0767928 ____A C:\Windows\BDTSupport.dll
2012-03-19 17:39 - 2012-04-29 06:47 - 0003488 ____A C:\Windows\UDB.zip
2012-03-19 17:39 - 2012-04-29 06:47 - 0000882 ____A C:\Windows\RegSDImport.xml
2012-03-19 17:39 - 2012-04-29 06:47 - 0000879 ____A C:\Windows\RegISSImport.xml
2012-03-19 17:39 - 2012-04-29 06:47 - 0000131 ____A C:\Windows\IDB.zip
2012-03-19 17:11 - 2012-04-29 06:46 - 0706776 ____A (PC Tools) C:\Windows\System32\Drivers\TfSysMon.sys
2012-03-19 17:11 - 2012-04-29 06:46 - 0065664 ____A (PC Tools) C:\Windows\System32\Drivers\TfFsMon.sys
2012-03-19 17:11 - 2012-04-27 01:38 - 0041968 ____A (PC Tools) C:\Windows\System32\Drivers\TfNetMon.sys
2012-03-18 19:02 - 2012-04-29 06:46 - 0077976 ____A (PC Tools) C:\Windows\System32\Drivers\pctNdisLW64.sys
2012-03-16 18:14 - 2012-03-15 13:19 - 0011891 ____A C:\Users\Tony\Documents\Most people around the world agree that the royal Melbourne show should be band.docx
2012-03-15 18:15 - 2012-04-29 06:40 - 0426104 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore64.sys
2012-03-07 13:14 - 2012-01-14 13:31 - 0012769 ____A C:\Users\Tony\Documents\my house.docx
2012-02-27 17:43 - 2012-04-29 06:40 - 1096176 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA64.sys
2012-02-27 17:43 - 2012-04-29 06:40 - 0453896 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS64.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe
[2009-07-13 15:50] - [2009-07-13 17:39] - 0030208 ____A (Microsoft Corporation) 6F8F1376A13114CC10C0E69274F5A4DE

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16359.06 MB
Available physical RAM: 15176.93 MB
Total Pagefile: 16357.21 MB
Available Pagefile: 15165.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:931.41 GB) (Free:840.81 GB) NTFS
2 Drive e: (GRMCULXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
3 Drive f: (MAT'S IPOD) (Removable) (Total:0.97 GB) (Free:0.93 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 992 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 931 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 992 MB 20 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F MAT'S IPOD FAT32 Removable 992 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-28 15:18

======================= End Of Log ==========================

Edited by diintzke, 07 May 2012 - 12:07 AM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 07 May 2012 - 02:51 AM

Well done. :thumbup2:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire content of the code box below. (To do this highlight the content of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
SubSystems: [Windows] ==> ZeroAccess
2 NAL; C:\Windows\System32\kpfwsvc.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\kpfwsvc.dll
3 utm2odcz; C:\Windows\SysWow64\Drivers\utm2odcz.sys [7168 2012-04-29] ()
C:\Windows\SysWow64\Drivers\utm2odcz.sys
C:\Users\Tony\Downloads\73fny5ic.exe
NETSVC: Hardlock
NETSVC: NAL
end
Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#10 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 May 2012 - 03:52 AM

ok so the computer turns back on now :D
heres the fixlog.


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 05-05-2012 02
Ran by SYSTEM at 2012-05-07 18:03:09 Run:1
Running from F:\

==============================================

HKLM-x32\\\.\.\.\\Run\\HKLM-x32\...\Run: [] [x] Value not found.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
NAL service deleted successfully.
C:\Windows\System32\kpfwsvc.dll moved successfully.
utm2odcz service deleted successfully.
C:\Windows\SysWow64\Drivers\utm2odcz.sys moved successfully.
C:\Users\Tony\Downloads\73fny5ic.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs Hardlock Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs NAL Deleted successfully.

==== End of Fixlog ====


although the virus is still here and keeps redirecting pages, as well as having a little ad down the bottom of my web browser :\
this bloody thing just wont go away!
any idea's?

Attached Files


Edited by diintzke, 07 May 2012 - 03:52 AM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 07 May 2012 - 04:20 AM

Great.

But we are not done yet. We have still some work to do.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please delete your copy of TDSSKiller and download the latest version TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#12 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 May 2012 - 06:52 AM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.01

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Tony :: TONY-PC [administrator]

Protection: Enabled

7/05/2012 9:47:24 PM
mbam-log-2012-05-07 (21-47-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197366
Time elapsed: 1 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 May 2012 - 06:55 AM

21:53:05.0578 5104 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:53:06.0312 5104 ============================================================
21:53:06.0312 5104 Current date / time: 2012/05/07 21:53:06.0312
21:53:06.0312 5104 SystemInfo:
21:53:06.0312 5104
21:53:06.0312 5104 OS Version: 6.1.7600 ServicePack: 0.0
21:53:06.0312 5104 Product type: Workstation
21:53:06.0312 5104 ComputerName: TONY-PC
21:53:06.0312 5104 UserName: Tony
21:53:06.0312 5104 Windows directory: C:\Windows
21:53:06.0312 5104 System windows directory: C:\Windows
21:53:06.0312 5104 Running under WOW64
21:53:06.0312 5104 Processor architecture: Intel x64
21:53:06.0312 5104 Number of processors: 4
21:53:06.0312 5104 Page size: 0x1000
21:53:06.0313 5104 Boot type: Normal boot
21:53:06.0313 5104 ============================================================
21:53:07.0862 5104 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:53:07.0865 5104 Drive \Device\Harddisk1\DR1 - Size: 0x3E080000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:53:07.0867 5104 ============================================================
21:53:07.0867 5104 \Device\Harddisk0\DR0:
21:53:07.0867 5104 MBR partitions:
21:53:07.0867 5104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:53:07.0867 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
21:53:07.0867 5104 \Device\Harddisk1\DR1:
21:53:07.0867 5104 MBR partitions:
21:53:07.0867 5104 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x28, BlocksNum 0x1F03D8
21:53:07.0867 5104 ============================================================
21:53:07.0881 5104 C: <-> \Device\Harddisk0\DR0\Partition1
21:53:07.0881 5104 ============================================================
21:53:07.0881 5104 Initialize success
21:53:07.0881 5104 ============================================================
21:53:31.0145 4368 ============================================================
21:53:31.0145 4368 Scan started
21:53:31.0145 4368 Mode: Manual;
21:53:31.0145 4368 ============================================================
21:53:31.0636 4368 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:53:31.0638 4368 1394ohci - ok
21:53:31.0656 4368 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:53:31.0659 4368 ACPI - ok
21:53:31.0667 4368 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:53:31.0668 4368 AcpiPmi - ok
21:53:31.0735 4368 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:53:31.0736 4368 AdobeARMservice - ok
21:53:31.0830 4368 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:31.0832 4368 AdobeFlashPlayerUpdateSvc - ok
21:53:31.0855 4368 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:53:31.0862 4368 adp94xx - ok
21:53:31.0870 4368 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:53:31.0874 4368 adpahci - ok
21:53:31.0896 4368 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:53:31.0898 4368 adpu320 - ok
21:53:31.0916 4368 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:53:31.0917 4368 AeLookupSvc - ok
21:53:31.0956 4368 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
21:53:31.0962 4368 AFD - ok
21:53:31.0979 4368 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:53:31.0981 4368 agp440 - ok
21:53:31.0996 4368 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:53:31.0997 4368 ALG - ok
21:53:32.0009 4368 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:53:32.0010 4368 aliide - ok
21:53:32.0050 4368 AMD External Events Utility (245e5cb043d4e45b4d0513f0b3b03bfc) C:\Windows\system32\atiesrxx.exe
21:53:32.0052 4368 AMD External Events Utility - ok
21:53:32.0083 4368 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:53:32.0084 4368 amdide - ok
21:53:32.0105 4368 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:53:32.0108 4368 AmdK8 - ok
21:53:32.0221 4368 amdkmdag (0e882c155315ff446602d48000441ae4) C:\Windows\system32\DRIVERS\atikmdag.sys
21:53:32.0335 4368 amdkmdag - ok
21:53:32.0376 4368 amdkmdap (9b918fd1a17385a22be43ad9ee299bd3) C:\Windows\system32\DRIVERS\atikmpag.sys
21:53:32.0378 4368 amdkmdap - ok
21:53:32.0395 4368 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:53:32.0397 4368 AmdPPM - ok
21:53:32.0409 4368 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
21:53:32.0412 4368 amdsata - ok
21:53:32.0426 4368 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:53:32.0429 4368 amdsbs - ok
21:53:32.0433 4368 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
21:53:32.0434 4368 amdxata - ok
21:53:32.0448 4368 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:53:32.0451 4368 AppID - ok
21:53:32.0465 4368 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:53:32.0466 4368 AppIDSvc - ok
21:53:32.0483 4368 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:53:32.0484 4368 Appinfo - ok
21:53:32.0540 4368 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:53:32.0541 4368 Apple Mobile Device - ok
21:53:32.0563 4368 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:53:32.0565 4368 AppMgmt - ok
21:53:32.0580 4368 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:53:32.0582 4368 arc - ok
21:53:32.0600 4368 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:53:32.0603 4368 arcsas - ok
21:53:32.0628 4368 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
21:53:32.0631 4368 asmthub3 - ok
21:53:32.0656 4368 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
21:53:32.0661 4368 asmtxhci - ok
21:53:32.0684 4368 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:32.0686 4368 AsyncMac - ok
21:53:32.0710 4368 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:53:32.0711 4368 atapi - ok
21:53:32.0731 4368 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
21:53:32.0732 4368 AthBTPort - ok
21:53:32.0742 4368 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
21:53:32.0744 4368 ATHDFU - ok
21:53:32.0773 4368 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:53:32.0774 4368 AtherosSvc - ok
21:53:32.0802 4368 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
21:53:32.0804 4368 AtiHDAudioService - ok
21:53:32.0824 4368 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:53:32.0830 4368 AudioEndpointBuilder - ok
21:53:32.0836 4368 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:53:32.0839 4368 AudioSrv - ok
21:53:32.0855 4368 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:53:32.0857 4368 AxInstSV - ok
21:53:32.0885 4368 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:53:32.0888 4368 b06bdrv - ok
21:53:32.0923 4368 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:53:32.0927 4368 b57nd60a - ok
21:53:32.0970 4368 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:53:32.0973 4368 BDESVC - ok
21:53:32.0979 4368 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:53:32.0981 4368 Beep - ok
21:53:33.0018 4368 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
21:53:33.0026 4368 BITS - ok
21:53:33.0034 4368 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:53:33.0036 4368 blbdrive - ok
21:53:33.0066 4368 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:53:33.0070 4368 Bonjour Service - ok
21:53:33.0086 4368 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
21:53:33.0088 4368 bowser - ok
21:53:33.0099 4368 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:53:33.0100 4368 BrFiltLo - ok
21:53:33.0103 4368 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:53:33.0105 4368 BrFiltUp - ok
21:53:33.0138 4368 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:53:33.0139 4368 Browser - ok
21:53:33.0405 4368 Browser Defender Update Service (9d5fd177db76a7f5d6b8678870820d3c) C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
21:53:33.0410 4368 Browser Defender Update Service - ok
21:53:33.0421 4368 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:53:33.0425 4368 Brserid - ok
21:53:33.0430 4368 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:53:33.0432 4368 BrSerWdm - ok
21:53:33.0435 4368 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:53:33.0436 4368 BrUsbMdm - ok
21:53:33.0438 4368 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:53:33.0439 4368 BrUsbSer - ok
21:53:33.0453 4368 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
21:53:33.0455 4368 BTATH_A2DP - ok
21:53:33.0466 4368 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
21:53:33.0467 4368 BTATH_BUS - ok
21:53:33.0493 4368 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:53:33.0496 4368 BTATH_HCRP - ok
21:53:33.0506 4368 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:53:33.0508 4368 BTATH_LWFLT - ok
21:53:33.0526 4368 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:53:33.0529 4368 BTATH_RCP - ok
21:53:33.0556 4368 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
21:53:33.0559 4368 BtFilter - ok
21:53:33.0580 4368 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:53:33.0581 4368 BthEnum - ok
21:53:33.0593 4368 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:53:33.0595 4368 BTHMODEM - ok
21:53:33.0612 4368 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:53:33.0613 4368 BthPan - ok
21:53:33.0624 4368 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
21:53:33.0629 4368 BTHPORT - ok
21:53:33.0639 4368 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:53:33.0640 4368 bthserv - ok
21:53:33.0651 4368 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
21:53:33.0653 4368 BTHUSB - ok
21:53:33.0666 4368 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:53:33.0667 4368 cdfs - ok
21:53:33.0679 4368 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:53:33.0680 4368 cdrom - ok
21:53:33.0714 4368 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:53:33.0715 4368 CertPropSvc - ok
21:53:33.0734 4368 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:53:33.0736 4368 circlass - ok
21:53:33.0758 4368 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:53:33.0761 4368 CLFS - ok
21:53:33.0799 4368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:33.0801 4368 clr_optimization_v2.0.50727_32 - ok
21:53:33.0830 4368 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:53:33.0831 4368 clr_optimization_v2.0.50727_64 - ok
21:53:33.0848 4368 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:53:33.0850 4368 CmBatt - ok
21:53:33.0862 4368 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:53:33.0863 4368 cmdide - ok
21:53:33.0892 4368 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:53:33.0896 4368 CNG - ok
21:53:33.0900 4368 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:53:33.0902 4368 Compbatt - ok
21:53:33.0927 4368 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:53:33.0929 4368 CompositeBus - ok
21:53:33.0931 4368 COMSysApp - ok
21:53:33.0945 4368 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:53:33.0947 4368 crcdisk - ok
21:53:33.0972 4368 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
21:53:33.0974 4368 CryptSvc - ok
21:53:34.0000 4368 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
21:53:34.0006 4368 CSC - ok
21:53:34.0028 4368 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
21:53:34.0034 4368 CscService - ok
21:53:34.0061 4368 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:53:34.0064 4368 DcomLaunch - ok
21:53:34.0083 4368 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:53:34.0084 4368 defragsvc - ok
21:53:34.0117 4368 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
21:53:34.0118 4368 DfsC - ok
21:53:34.0137 4368 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:53:34.0140 4368 Dhcp - ok
21:53:34.0155 4368 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:53:34.0157 4368 discache - ok
21:53:34.0175 4368 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:53:34.0176 4368 Disk - ok
21:53:34.0191 4368 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
21:53:34.0193 4368 Dnscache - ok
21:53:34.0210 4368 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:53:34.0212 4368 dot3svc - ok
21:53:34.0222 4368 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:53:34.0223 4368 DPS - ok
21:53:34.0251 4368 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:53:34.0252 4368 drmkaud - ok
21:53:34.0286 4368 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
21:53:34.0298 4368 DXGKrnl - ok
21:53:34.0337 4368 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
21:53:34.0342 4368 e1cexpress - ok
21:53:34.0355 4368 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:53:34.0357 4368 EapHost - ok
21:53:34.0405 4368 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:53:34.0427 4368 ebdrv - ok
21:53:34.0480 4368 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
21:53:34.0481 4368 EFS - ok
21:53:34.0532 4368 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
21:53:34.0538 4368 ehRecvr - ok
21:53:34.0559 4368 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:53:34.0561 4368 ehSched - ok
21:53:34.0585 4368 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:53:34.0592 4368 elxstor - ok
21:53:34.0600 4368 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:53:34.0602 4368 ErrDev - ok
21:53:34.0629 4368 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:53:34.0632 4368 EventSystem - ok
21:53:34.0650 4368 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:53:34.0652 4368 exfat - ok
21:53:34.0669 4368 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:53:34.0670 4368 fastfat - ok
21:53:34.0701 4368 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:53:34.0704 4368 Fax - ok
21:53:34.0736 4368 FaxLffv2 (98da98304006e14c6c7aa30a2c768ff2) C:\Windows\system32\Drivers\FaxLffv2.sys
21:53:34.0737 4368 FaxLffv2 - ok
21:53:34.0760 4368 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:53:34.0761 4368 fdc - ok
21:53:34.0779 4368 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:53:34.0781 4368 fdPHost - ok
21:53:34.0785 4368 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:53:34.0785 4368 FDResPub - ok
21:53:34.0800 4368 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:53:34.0800 4368 FileInfo - ok
21:53:34.0803 4368 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:53:34.0805 4368 Filetrace - ok
21:53:34.0807 4368 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:53:34.0809 4368 flpydisk - ok
21:53:34.0832 4368 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:53:34.0833 4368 FltMgr - ok
21:53:34.0860 4368 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
21:53:34.0865 4368 FontCache - ok
21:53:34.0920 4368 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:53:34.0921 4368 FontCache3.0.0.0 - ok
21:53:34.0939 4368 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:53:34.0942 4368 FsDepends - ok
21:53:34.0972 4368 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:34.0973 4368 Fs_Rec - ok
21:53:35.0009 4368 FUSServices - ok
21:53:35.0034 4368 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
21:53:35.0036 4368 fvevol - ok
21:53:35.0056 4368 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:53:35.0059 4368 gagp30kx - ok
21:53:35.0079 4368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:53:35.0080 4368 GEARAspiWDM - ok
21:53:35.0110 4368 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:53:35.0115 4368 gpsvc - ok
21:53:35.0191 4368 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:53:35.0193 4368 gupdate - ok
21:53:35.0204 4368 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:53:35.0205 4368 gupdatem - ok
21:53:35.0224 4368 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:53:35.0225 4368 gusvc - ok
21:53:35.0244 4368 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:53:35.0245 4368 hcw85cir - ok
21:53:35.0278 4368 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:53:35.0283 4368 HdAudAddService - ok
21:53:35.0304 4368 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:35.0306 4368 HDAudBus - ok
21:53:35.0309 4368 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:53:35.0311 4368 HidBatt - ok
21:53:35.0325 4368 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:53:35.0328 4368 HidBth - ok
21:53:35.0339 4368 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:53:35.0341 4368 HidIr - ok
21:53:35.0352 4368 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:53:35.0354 4368 hidserv - ok
21:53:35.0369 4368 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:35.0371 4368 HidUsb - ok
21:53:35.0386 4368 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:53:35.0387 4368 hkmsvc - ok
21:53:35.0405 4368 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:53:35.0407 4368 HomeGroupListener - ok
21:53:35.0435 4368 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:53:35.0436 4368 HomeGroupProvider - ok
21:53:35.0448 4368 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:53:35.0451 4368 HpSAMD - ok
21:53:35.0472 4368 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:53:35.0477 4368 HTTP - ok
21:53:35.0486 4368 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:53:35.0487 4368 hwpolicy - ok
21:53:35.0499 4368 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:35.0501 4368 i8042prt - ok
21:53:35.0522 4368 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
21:53:35.0525 4368 iaStorV - ok
21:53:35.0584 4368 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:53:35.0590 4368 idsvc - ok
21:53:35.0608 4368 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:53:35.0609 4368 iirsp - ok
21:53:35.0640 4368 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:53:35.0647 4368 IKEEXT - ok
21:53:35.0706 4368 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
21:53:35.0724 4368 IntcAzAudAddService - ok
21:53:35.0808 4368 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:53:35.0809 4368 intelide - ok
21:53:35.0821 4368 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:35.0822 4368 intelppm - ok
21:53:35.0850 4368 Intel® PROSet Monitoring Service (068ec06f3b6dd7b81b365d8fd2ce27e6) C:\Windows\system32\IProsetMonitor.exe
21:53:35.0852 4368 Intel® PROSet Monitoring Service - ok
21:53:35.0866 4368 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:53:35.0868 4368 IPBusEnum - ok
21:53:35.0883 4368 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:35.0886 4368 IpFilterDriver - ok
21:53:35.0899 4368 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:53:35.0902 4368 IPMIDRV - ok
21:53:35.0933 4368 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:53:35.0936 4368 IPNAT - ok
21:53:35.0991 4368 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
21:53:35.0998 4368 iPod Service - ok
21:53:36.0010 4368 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:53:36.0012 4368 IRENUM - ok
21:53:36.0016 4368 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:53:36.0017 4368 isapnp - ok
21:53:36.0026 4368 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:53:36.0028 4368 iScsiPrt - ok
21:53:36.0044 4368 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
21:53:36.0045 4368 JRAID - ok
21:53:36.0054 4368 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:36.0055 4368 kbdclass - ok
21:53:36.0071 4368 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:53:36.0073 4368 kbdhid - ok
21:53:36.0079 4368 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:53:36.0080 4368 KeyIso - ok
21:53:36.0091 4368 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:53:36.0091 4368 KSecDD - ok
21:53:36.0105 4368 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
21:53:36.0106 4368 KSecPkg - ok
21:53:36.0114 4368 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:53:36.0115 4368 ksthunk - ok
21:53:36.0153 4368 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:53:36.0160 4368 KtmRm - ok
21:53:36.0188 4368 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\system32\srvsvc.dll
21:53:36.0191 4368 LanmanServer - ok
21:53:36.0213 4368 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:53:36.0215 4368 LanmanWorkstation - ok
21:53:36.0236 4368 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:36.0237 4368 lltdio - ok
21:53:36.0253 4368 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:53:36.0256 4368 lltdsvc - ok
21:53:36.0267 4368 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:53:36.0268 4368 lmhosts - ok
21:53:36.0296 4368 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:53:36.0299 4368 LSI_FC - ok
21:53:36.0306 4368 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:53:36.0309 4368 LSI_SAS - ok
21:53:36.0339 4368 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:53:36.0342 4368 LSI_SAS2 - ok
21:53:36.0350 4368 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:53:36.0353 4368 LSI_SCSI - ok
21:53:36.0367 4368 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:53:36.0368 4368 luafv - ok
21:53:36.0389 4368 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:53:36.0390 4368 MBAMProtector - ok
21:53:36.0461 4368 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:36.0466 4368 MBAMService - ok
21:53:36.0535 4368 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
21:53:36.0536 4368 McAfee SiteAdvisor Service - ok
21:53:36.0549 4368 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:53:36.0552 4368 Mcx2Svc - ok
21:53:36.0560 4368 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:53:36.0562 4368 megasas - ok
21:53:36.0573 4368 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:53:36.0578 4368 MegaSR - ok
21:53:36.0608 4368 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:53:36.0610 4368 MEIx64 - ok
21:53:36.0681 4368 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:53:36.0682 4368 Microsoft Office Groove Audit Service - ok
21:53:36.0695 4368 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:53:36.0697 4368 MMCSS - ok
21:53:36.0704 4368 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:53:36.0706 4368 Modem - ok
21:53:36.0720 4368 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:53:36.0721 4368 monitor - ok
21:53:36.0735 4368 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:53:36.0737 4368 mouclass - ok
21:53:36.0754 4368 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:36.0755 4368 mouhid - ok
21:53:36.0788 4368 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:53:36.0789 4368 mountmgr - ok
21:53:36.0816 4368 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:53:36.0818 4368 MozillaMaintenance - ok
21:53:36.0823 4368 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:53:36.0826 4368 mpio - ok
21:53:36.0837 4368 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:53:36.0839 4368 mpsdrv - ok
21:53:36.0845 4368 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:53:36.0848 4368 MRxDAV - ok
21:53:36.0871 4368 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:36.0872 4368 mrxsmb - ok
21:53:36.0890 4368 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:36.0892 4368 mrxsmb10 - ok
21:53:36.0907 4368 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:36.0908 4368 mrxsmb20 - ok
21:53:36.0921 4368 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:53:36.0922 4368 msahci - ok
21:53:36.0926 4368 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:53:36.0929 4368 msdsm - ok
21:53:36.0944 4368 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:53:36.0946 4368 MSDTC - ok
21:53:36.0957 4368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:53:36.0957 4368 Msfs - ok
21:53:36.0965 4368 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:53:36.0967 4368 mshidkmdf - ok
21:53:36.0975 4368 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:53:36.0975 4368 msisadrv - ok
21:53:37.0008 4368 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:53:37.0011 4368 MSiSCSI - ok
21:53:37.0014 4368 msiserver - ok
21:53:37.0030 4368 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:37.0032 4368 MSKSSRV - ok
21:53:37.0035 4368 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:37.0037 4368 MSPCLOCK - ok
21:53:37.0039 4368 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:53:37.0041 4368 MSPQM - ok
21:53:37.0062 4368 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:53:37.0065 4368 MsRPC - ok
21:53:37.0081 4368 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:53:37.0082 4368 mssmbios - ok
21:53:37.0085 4368 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:53:37.0087 4368 MSTEE - ok
21:53:37.0100 4368 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:53:37.0102 4368 MTConfig - ok
21:53:37.0117 4368 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:53:37.0118 4368 Mup - ok
21:53:37.0134 4368 mv91xx (34d08c9c64f657d194961e96c47e9c69) C:\Windows\system32\DRIVERS\mv91xx.sys
21:53:37.0137 4368 mv91xx - ok
21:53:37.0172 4368 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:53:37.0177 4368 napagent - ok
21:53:37.0199 4368 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:37.0201 4368 NativeWifiP - ok
21:53:37.0233 4368 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:53:37.0236 4368 NDIS - ok
21:53:37.0247 4368 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:53:37.0249 4368 NdisCap - ok
21:53:37.0271 4368 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:37.0273 4368 NdisTapi - ok
21:53:37.0287 4368 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:37.0289 4368 Ndisuio - ok
21:53:37.0302 4368 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:37.0305 4368 NdisWan - ok
21:53:37.0314 4368 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:53:37.0316 4368 NDProxy - ok
21:53:37.0332 4368 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:53:37.0333 4368 NetBIOS - ok
21:53:37.0357 4368 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:53:37.0361 4368 NetBT - ok
21:53:37.0368 4368 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:53:37.0370 4368 Netlogon - ok
21:53:37.0411 4368 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:53:37.0415 4368 Netman - ok
21:53:37.0437 4368 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:53:37.0442 4368 netprofm - ok
21:53:37.0512 4368 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:37.0513 4368 NetTcpPortSharing - ok
21:53:37.0530 4368 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:53:37.0532 4368 nfrd960 - ok
21:53:37.0552 4368 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:53:37.0555 4368 NlaSvc - ok
21:53:37.0568 4368 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:53:37.0568 4368 Npfs - ok
21:53:37.0582 4368 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:53:37.0583 4368 nsi - ok
21:53:37.0586 4368 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:53:37.0587 4368 nsiproxy - ok
21:53:37.0635 4368 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
21:53:37.0642 4368 Ntfs - ok
21:53:37.0685 4368 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:53:37.0686 4368 Null - ok
21:53:37.0704 4368 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
21:53:37.0707 4368 nvraid - ok
21:53:37.0712 4368 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
21:53:37.0715 4368 nvstor - ok
21:53:37.0728 4368 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:53:37.0731 4368 nv_agp - ok
21:53:37.0827 4368 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:53:37.0830 4368 odserv - ok
21:53:37.0847 4368 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:53:37.0850 4368 ohci1394 - ok
21:53:37.0904 4368 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:53:37.0905 4368 ose - ok
21:53:37.0941 4368 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:53:37.0945 4368 p2pimsvc - ok
21:53:37.0972 4368 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:53:37.0977 4368 p2psvc - ok
21:53:37.0991 4368 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:53:37.0994 4368 Parport - ok
21:53:38.0003 4368 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:53:38.0004 4368 partmgr - ok
21:53:38.0022 4368 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:53:38.0024 4368 PcaSvc - ok
21:53:38.0032 4368 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:53:38.0033 4368 pci - ok
21:53:38.0048 4368 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:53:38.0048 4368 pciide - ok
21:53:38.0057 4368 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:53:38.0059 4368 pcmcia - ok
21:53:38.0093 4368 PCTBD (99a3a277a99c437283324067970e1d37) C:\Windows\system32\Drivers\PCTBD64.sys
21:53:38.0095 4368 PCTBD - ok
21:53:38.0146 4368 PCTCore (dbb55b4da79a6f59b63e233907ba6bae) C:\Windows\system32\drivers\PCTCore64.sys
21:53:38.0150 4368 PCTCore - ok
21:53:38.0188 4368 pctDS (ba1f42a42f405f62ceff6b69a2797f7c) C:\Windows\system32\drivers\pctDS64.sys
21:53:38.0192 4368 pctDS - ok
21:53:38.0221 4368 pctEFA (146cc91c93ced13e7fe40e8d8615be39) C:\Windows\system32\drivers\pctEFA64.sys
21:53:38.0229 4368 pctEFA - ok
21:53:38.0280 4368 PCTFW-PacketFilter (f48e1ee1e1819e6d3641b676848d4130) C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys
21:53:38.0282 4368 PCTFW-PacketFilter - ok
21:53:38.0318 4368 pctgntdi (5b4b9d0e748aa06a8887fe79351c91f3) C:\Windows\System32\drivers\pctgntdi64.sys
21:53:38.0323 4368 pctgntdi - ok
21:53:38.0344 4368 pctNdisLW64 (2cd661d05c2049fb1264e70b2226a845) C:\Windows\system32\DRIVERS\pctNdisLW64.sys
21:53:38.0345 4368 pctNdisLW64 - ok
21:53:38.0375 4368 pctplfw (60aaf5f37104d77e328b96eea4cf0a01) C:\Windows\System32\drivers\pctplfw64.sys
21:53:38.0378 4368 pctplfw - ok
21:53:38.0449 4368 pctplsg (db1f94051396af34fe521bfeececdb53) C:\Windows\System32\drivers\pctplsg64.sys
21:53:38.0451 4368 pctplsg - ok
21:53:38.0488 4368 PCTSD (afa19eff0197c474379ed904e25a995d) C:\Windows\system32\Drivers\PCTSD64.sys
21:53:38.0492 4368 PCTSD - ok
21:53:38.0502 4368 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:53:38.0503 4368 pcw - ok
21:53:38.0522 4368 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:53:38.0530 4368 PEAUTH - ok
21:53:38.0569 4368 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:53:38.0580 4368 PeerDistSvc - ok
21:53:38.0638 4368 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:53:38.0639 4368 PerfHost - ok
21:53:38.0716 4368 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:53:38.0727 4368 pla - ok
21:53:38.0759 4368 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
21:53:38.0763 4368 PlugPlay - ok
21:53:38.0768 4368 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:53:38.0770 4368 PNRPAutoReg - ok
21:53:38.0783 4368 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:53:38.0786 4368 PNRPsvc - ok
21:53:38.0827 4368 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:53:38.0834 4368 PolicyAgent - ok
21:53:38.0858 4368 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:53:38.0860 4368 Power - ok
21:53:38.0894 4368 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:38.0896 4368 PptpMiniport - ok
21:53:38.0914 4368 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:53:38.0917 4368 Processor - ok
21:53:38.0941 4368 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
21:53:38.0943 4368 ProfSvc - ok
21:53:38.0957 4368 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:53:38.0959 4368 ProtectedStorage - ok
21:53:38.0984 4368 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:53:38.0986 4368 Psched - ok
21:53:39.0034 4368 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:53:39.0048 4368 ql2300 - ok
21:53:39.0085 4368 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:53:39.0087 4368 ql40xx - ok
21:53:39.0101 4368 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:53:39.0104 4368 QWAVE - ok
21:53:39.0112 4368 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:53:39.0114 4368 QWAVEdrv - ok
21:53:39.0132 4368 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:39.0133 4368 RasAcd - ok
21:53:39.0157 4368 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:53:39.0158 4368 RasAgileVpn - ok
21:53:39.0171 4368 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:53:39.0174 4368 RasAuto - ok
21:53:39.0187 4368 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:39.0190 4368 Rasl2tp - ok
21:53:39.0216 4368 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:53:39.0220 4368 RasMan - ok
21:53:39.0238 4368 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:39.0240 4368 RasPppoe - ok
21:53:39.0250 4368 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:39.0252 4368 RasSstp - ok
21:53:39.0274 4368 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:39.0275 4368 rdbss - ok
21:53:39.0289 4368 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:53:39.0290 4368 rdpbus - ok
21:53:39.0301 4368 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:39.0301 4368 RDPCDD - ok
21:53:39.0321 4368 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
21:53:39.0323 4368 RDPDR - ok
21:53:39.0330 4368 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:53:39.0331 4368 RDPENCDD - ok
21:53:39.0334 4368 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:53:39.0335 4368 RDPREFMP - ok
21:53:39.0338 4368 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:53:39.0340 4368 RDPWD - ok
21:53:39.0359 4368 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:53:39.0360 4368 rdyboost - ok
21:53:39.0380 4368 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:53:39.0382 4368 RemoteAccess - ok
21:53:39.0398 4368 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:53:39.0400 4368 RemoteRegistry - ok
21:53:39.0430 4368 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:53:39.0433 4368 RFCOMM - ok
21:53:39.0447 4368 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:53:39.0449 4368 RpcEptMapper - ok
21:53:39.0462 4368 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:53:39.0463 4368 RpcLocator - ok
21:53:39.0485 4368 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:53:39.0490 4368 RpcSs - ok
21:53:39.0509 4368 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:39.0511 4368 rspndr - ok
21:53:39.0522 4368 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
21:53:39.0523 4368 s3cap - ok
21:53:39.0527 4368 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:53:39.0529 4368 SamSs - ok
21:53:39.0533 4368 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:53:39.0536 4368 sbp2port - ok
21:53:39.0551 4368 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:53:39.0554 4368 SCardSvr - ok
21:53:39.0565 4368 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:53:39.0567 4368 scfilter - ok
21:53:39.0597 4368 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
21:53:39.0607 4368 Schedule - ok
21:53:39.0635 4368 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:53:39.0636 4368 SCPolicySvc - ok
21:53:39.0733 4368 sdAuxService (17d6a03103586d7954ba74c2219ce1bb) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
21:53:39.0736 4368 sdAuxService - ok
21:53:39.0769 4368 sdCoreService (697e0a2a300ee8719cafae55b4771053) C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
21:53:39.0777 4368 sdCoreService - ok
21:53:39.0830 4368 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:53:39.0834 4368 SDRSVC - ok
21:53:39.0859 4368 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:53:39.0861 4368 secdrv - ok
21:53:39.0865 4368 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:53:39.0867 4368 seclogon - ok
21:53:39.0879 4368 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:53:39.0881 4368 SENS - ok
21:53:39.0885 4368 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:53:39.0888 4368 SensrSvc - ok
21:53:39.0909 4368 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:53:39.0910 4368 Serenum - ok
21:53:39.0938 4368 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:53:39.0941 4368 Serial - ok
21:53:39.0958 4368 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:53:39.0960 4368 sermouse - ok
21:53:39.0977 4368 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:53:39.0979 4368 SessionEnv - ok
21:53:39.0994 4368 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:53:39.0995 4368 sffdisk - ok
21:53:40.0001 4368 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:53:40.0003 4368 sffp_mmc - ok
21:53:40.0007 4368 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:53:40.0008 4368 sffp_sd - ok
21:53:40.0021 4368 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:53:40.0022 4368 sfloppy - ok
21:53:40.0041 4368 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:53:40.0043 4368 SharedAccess - ok
21:53:40.0058 4368 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:53:40.0060 4368 ShellHWDetection - ok
21:53:40.0069 4368 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:53:40.0070 4368 SiSRaid2 - ok
21:53:40.0085 4368 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:53:40.0088 4368 SiSRaid4 - ok
21:53:40.0092 4368 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:53:40.0094 4368 Smb - ok
21:53:40.0109 4368 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:53:40.0110 4368 SNMPTRAP - ok
21:53:40.0121 4368 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:53:40.0121 4368 spldr - ok
21:53:40.0147 4368 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
21:53:40.0150 4368 Spooler - ok
21:53:40.0204 4368 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:53:40.0218 4368 sppsvc - ok
21:53:40.0240 4368 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:53:40.0243 4368 sppuinotify - ok
21:53:40.0265 4368 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
21:53:40.0267 4368 srv - ok
21:53:40.0283 4368 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
21:53:40.0285 4368 srv2 - ok
21:53:40.0300 4368 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
21:53:40.0301 4368 srvnet - ok
21:53:40.0324 4368 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:53:40.0326 4368 SSDPSRV - ok
21:53:40.0340 4368 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:53:40.0342 4368 SstpSvc - ok
21:53:40.0349 4368 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:53:40.0351 4368 stexstor - ok
21:53:40.0369 4368 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:53:40.0372 4368 stisvc - ok
21:53:40.0390 4368 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:53:40.0391 4368 storflt - ok
21:53:40.0399 4368 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
21:53:40.0400 4368 storvsc - ok
21:53:40.0407 4368 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:53:40.0407 4368 swenum - ok
21:53:40.0420 4368 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:53:40.0423 4368 swprv - ok
21:53:40.0453 4368 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:53:40.0460 4368 SysMain - ok
21:53:40.0481 4368 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:53:40.0482 4368 TabletInputService - ok
21:53:40.0497 4368 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:53:40.0499 4368 TapiSrv - ok
21:53:40.0509 4368 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:53:40.0510 4368 TBS - ok
21:53:40.0546 4368 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
21:53:40.0553 4368 Tcpip - ok
21:53:40.0586 4368 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
21:53:40.0594 4368 TCPIP6 - ok
21:53:40.0608 4368 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:53:40.0609 4368 tcpipreg - ok
21:53:40.0626 4368 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:53:40.0628 4368 TDPIPE - ok
21:53:40.0635 4368 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:53:40.0636 4368 TDTCP - ok
21:53:40.0646 4368 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:53:40.0647 4368 tdx - ok
21:53:40.0666 4368 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:53:40.0666 4368 TermDD - ok
21:53:40.0690 4368 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:53:40.0693 4368 TermService - ok
21:53:40.0725 4368 TfFsMon (9cd5c339754e2310790ca27dbbd31f88) C:\Windows\system32\drivers\TfFsMon.sys
21:53:40.0727 4368 TfFsMon - ok
21:53:40.0736 4368 TfNetMon (00809507fafa1be93dbbace5029f27bb) C:\Windows\system32\drivers\TfNetMon.sys
21:53:40.0737 4368 TfNetMon - ok
21:53:40.0762 4368 TFSysMon (3593a7b1264fba24fe9e097a99b3e848) C:\Windows\system32\drivers\TfSysMon.sys
21:53:40.0768 4368 TFSysMon - ok
21:53:40.0779 4368 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:53:40.0781 4368 Themes - ok
21:53:40.0806 4368 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:53:40.0806 4368 THREADORDER - ok
21:53:40.0860 4368 ThreatFire - ok
21:53:40.0873 4368 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:53:40.0875 4368 TrkWks - ok
21:53:40.0905 4368 TrojanKillerDriver (9bf9e809fbb2d5d0403b32b15abe5f30) C:\Windows\system32\DRIVERS\gtkdrv.sys
21:53:40.0907 4368 TrojanKillerDriver - ok
21:53:40.0935 4368 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:53:40.0937 4368 TrustedInstaller - ok
21:53:40.0954 4368 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:40.0957 4368 tssecsrv - ok
21:53:40.0980 4368 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:53:40.0983 4368 tunnel - ok
21:53:41.0021 4368 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:53:41.0024 4368 uagp35 - ok
21:53:41.0045 4368 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:53:41.0048 4368 udfs - ok
21:53:41.0067 4368 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:53:41.0069 4368 UI0Detect - ok
21:53:41.0087 4368 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:53:41.0089 4368 uliagpkx - ok
21:53:41.0094 4368 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:53:41.0096 4368 umbus - ok
21:53:41.0102 4368 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:53:41.0104 4368 UmPass - ok
21:53:41.0123 4368 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
21:53:41.0126 4368 UmRdpService - ok
21:53:41.0154 4368 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:53:41.0158 4368 upnphost - ok
21:53:41.0188 4368 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:53:41.0191 4368 USBAAPL64 - ok
21:53:41.0203 4368 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:41.0206 4368 usbccgp - ok
21:53:41.0210 4368 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:53:41.0212 4368 usbcir - ok
21:53:41.0228 4368 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
21:53:41.0230 4368 usbehci - ok
21:53:41.0250 4368 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
21:53:41.0254 4368 usbhub - ok
21:53:41.0265 4368 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:53:41.0267 4368 usbohci - ok
21:53:41.0280 4368 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:53:41.0281 4368 usbprint - ok
21:53:41.0304 4368 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:53:41.0306 4368 usbscan - ok
21:53:41.0311 4368 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:41.0312 4368 USBSTOR - ok
21:53:41.0316 4368 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:53:41.0317 4368 usbuhci - ok
21:53:41.0321 4368 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:53:41.0322 4368 UxSms - ok
21:53:41.0346 4368 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
21:53:41.0347 4368 VaultSvc - ok
21:53:41.0350 4368 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:53:41.0350 4368 vdrvroot - ok
21:53:41.0368 4368 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:53:41.0373 4368 vds - ok
21:53:41.0384 4368 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:41.0386 4368 vga - ok
21:53:41.0399 4368 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:53:41.0401 4368 VgaSave - ok
21:53:41.0411 4368 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:53:41.0415 4368 vhdmp - ok
21:53:41.0420 4368 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:53:41.0421 4368 viaide - ok
21:53:41.0427 4368 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
21:53:41.0431 4368 vmbus - ok
21:53:41.0447 4368 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:53:41.0449 4368 VMBusHID - ok
21:53:41.0472 4368 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:53:41.0473 4368 volmgr - ok
21:53:41.0494 4368 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:53:41.0497 4368 volmgrx - ok
21:53:41.0520 4368 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:53:41.0522 4368 volsnap - ok
21:53:41.0528 4368 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:53:41.0531 4368 vsmraid - ok
21:53:41.0569 4368 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:53:41.0577 4368 VSS - ok
21:53:41.0607 4368 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:53:41.0609 4368 vwifibus - ok
21:53:41.0654 4368 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:53:41.0658 4368 W32Time - ok
21:53:41.0665 4368 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:53:41.0667 4368 WacomPen - ok
21:53:41.0691 4368 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:41.0694 4368 WANARP - ok
21:53:41.0696 4368 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:53:41.0698 4368 Wanarpv6 - ok
21:53:41.0740 4368 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:53:41.0748 4368 wbengine - ok
21:53:41.0772 4368 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:53:41.0775 4368 WbioSrvc - ok
21:53:41.0796 4368 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
21:53:41.0800 4368 wcncsvc - ok
21:53:41.0814 4368 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:53:41.0816 4368 WcsPlugInService - ok
21:53:41.0821 4368 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:53:41.0822 4368 Wd - ok
21:53:41.0842 4368 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:53:41.0845 4368 Wdf01000 - ok
21:53:41.0863 4368 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:53:41.0864 4368 WdiServiceHost - ok
21:53:41.0866 4368 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:53:41.0867 4368 WdiSystemHost - ok
21:53:41.0884 4368 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
21:53:41.0886 4368 WebClient - ok
21:53:41.0902 4368 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:53:41.0904 4368 Wecsvc - ok
21:53:41.0921 4368 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:53:41.0922 4368 wercplsupport - ok
21:53:41.0939 4368 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:53:41.0940 4368 WerSvc - ok
21:53:41.0957 4368 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:41.0958 4368 WfpLwf - ok
21:53:41.0968 4368 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:53:41.0970 4368 WIMMount - ok
21:53:41.0974 4368 WinHttpAutoProxySvc - ok
21:53:42.0027 4368 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:53:42.0029 4368 Winmgmt - ok
21:53:42.0070 4368 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:53:42.0079 4368 WinRM - ok
21:53:42.0125 4368 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:53:42.0127 4368 WinUsb - ok
21:53:42.0163 4368 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:53:42.0171 4368 Wlansvc - ok
21:53:42.0194 4368 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:53:42.0195 4368 WmiAcpi - ok
21:53:42.0215 4368 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:53:42.0217 4368 wmiApSrv - ok
21:53:42.0226 4368 WMPNetworkSvc - ok
21:53:42.0253 4368 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:53:42.0255 4368 WPCSvc - ok
21:53:42.0269 4368 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:53:42.0271 4368 WPDBusEnum - ok
21:53:42.0283 4368 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:53:42.0285 4368 ws2ifsl - ok
21:53:42.0288 4368 WSearch - ok
21:53:42.0342 4368 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
21:53:42.0352 4368 wuauserv - ok
21:53:42.0369 4368 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:53:42.0371 4368 WudfPf - ok
21:53:42.0396 4368 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:42.0397 4368 WUDFRd - ok
21:53:42.0410 4368 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:53:42.0413 4368 wudfsvc - ok
21:53:42.0436 4368 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:53:42.0439 4368 WwanSvc - ok
21:53:42.0477 4368 XMLDIUSB (c504f30c5d2aa0f1f5d773a2fe311795) C:\Windows\system32\Drivers\XMLDIUSB.sys
21:53:42.0480 4368 XMLDIUSB - ok
21:53:42.0505 4368 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:53:42.0557 4368 \Device\Harddisk0\DR0 - ok
21:53:42.0569 4368 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:53:42.0603 4368 \Device\Harddisk1\DR1 - ok
21:53:42.0606 4368 Boot (0x1200) (92b0469523a8c597963274c5eb0c0312) \Device\Harddisk0\DR0\Partition0
21:53:42.0607 4368 \Device\Harddisk0\DR0\Partition0 - ok
21:53:42.0613 4368 Boot (0x1200) (a91249c61f6e144164cb6ee8bc161170) \Device\Harddisk0\DR0\Partition1
21:53:42.0614 4368 \Device\Harddisk0\DR0\Partition1 - ok
21:53:42.0617 4368 Boot (0x1200) (cda3b1610bc1f6a7cbf5ce2d727ba3c8) \Device\Harddisk1\DR1\Partition0
21:53:42.0618 4368 \Device\Harddisk1\DR1\Partition0 - ok
21:53:42.0618 4368 ============================================================
21:53:42.0618 4368 Scan finished
21:53:42.0618 4368 ============================================================
21:53:42.0623 4596 Detected object count: 0
21:53:42.0623 4596 Actual detected object count: 0

its not picking anything up, although that add still persists :S
and i get redirects in my browser at random times

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:19 PM

Posted 07 May 2012 - 07:32 AM

Some of the checks we should do anyway to rule out some infections.

  • Please download MiniRegTool64.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
    • Check Export keys radio button.
    • Check the Search radio button.
    • Press Go button and post the result.
  • Download aswMBR.exe ( 511KB ) to your desktop.
    • Double click the aswMBR.exe to run it.
    • Click the "Scan" button.
    • On completion of the scan click Save log, save it to your desktop and post in your next reply.
    • Also the utility makes a file on your desktop named MBR.dat. We don't need it at the moment.
  • Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open, copy and paste OTL.txt and attach Extra.txt to your reply:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


#15 diintzke

diintzke
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:19 AM

Posted 07 May 2012 - 07:43 AM

Mini Reg tool result:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5]
"Num_Catalog_Entries"=dword:00000008
"Serial_Access_Num"=dword:00000024
"Num_Catalog_Entries64"=dword:00000008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007]
"LibraryPath"="%SystemRoot%\\system32\\wshbth.dll"
"DisplayString"="Bluetooth Namespace"
"ProviderId"=hex:e0,63,aa,06,60,7d,ff,41,af,b2,3e,e6,d2,d9,39,2d
"SupportedNameSpace"=dword:00000010
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008]
"LibraryPath"="C:\\Program Files (x86)\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000001]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\nlasvc.dll,-1000"
"ProviderId"=hex:3a,24,42,66,a8,3b,a6,4a,ba,a5,2e,0b,d7,1f,dd,83
"SupportedNameSpace"=dword:0000000f
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000002]
"LibraryPath"="mswsock.dll"
"DisplayString"="@%SystemRoot%\\system32\\wshtcpip.dll,-60103"
"ProviderId"=hex:40,9d,05,22,9e,7e,cf,11,ae,5a,00,aa,00,a7,11,2b
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000003]
"LibraryPath"="%SystemRoot%\\System32\\winrnr.dll"
"DisplayString"="NTDS"
"ProviderId"=hex:ee,37,26,3b,80,e5,cf,11,a5,55,00,c0,4f,d8,d4,ac
"SupportedNameSpace"=dword:00000020
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000004]
"LibraryPath"="%SystemRoot%\\system32\\napinsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\napinsp.dll,-1000"
"ProviderId"=hex:a2,cb,4a,96,bc,b2,eb,40,8c,6a,a6,db,40,16,1c,ae
"SupportedNameSpace"=dword:00000025
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1000"
"ProviderId"=hex:ce,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000027
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006]
"LibraryPath"="%SystemRoot%\\system32\\pnrpnsp.dll"
"DisplayString"="@%SystemRoot%\\system32\\pnrpnsp.dll,-1001"
"ProviderId"=hex:cd,89,fe,03,6d,76,76,49,b9,c1,bb,9b,c4,2c,7b,4d
"SupportedNameSpace"=dword:00000026
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000007]
"LibraryPath"="%SystemRoot%\\system32\\wshbth.dll"
"DisplayString"="Bluetooth Namespace"
"ProviderId"=hex:e0,63,aa,06,60,7d,ff,41,af,b2,3e,e6,d2,d9,39,2d
"SupportedNameSpace"=dword:00000010
"Enabled"=dword:00000001
"Version"=dword:00000000
"StoresServiceClassInfo"=dword:00000000
"ProviderInfo"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008]
"LibraryPath"="C:\\Program Files\\Bonjour\\mdnsNSP.dll"
"DisplayString"="mdnsNSP"
"ProviderId"=hex:e9,e6,00,b6,3b,55,19,4a,86,96,33,5e,5c,89,61,53
"SupportedNameSpace"=dword:0000000c
"Enabled"=dword:00000001
"Version"=dword:00000001
"StoresServiceClassInfo"=dword:00000001
"ProviderInfo"=hex:

MBR Tool Result:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2012-05-07 22:42:36
-----------------------------
22:42:36.499 OS Version: Windows x64 6.1.7600
22:42:36.499 Number of processors: 4 586 0x2A07
22:42:36.500 ComputerName: TONY-PC UserName: Tony
22:42:37.505 Initialize success
22:42:40.149 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0
22:42:40.151 Disk 0 Vendor: WDC_WD10 51.0 Size: 953869MB BusType: 11
22:42:40.153 Device \Driver\mv91xx -> DriverStartIo SCSIPORT.SYS fffff88001051bc0
22:42:42.166 Disk 0 MBR read successfully
22:42:42.169 Disk 0 MBR scan
22:42:42.172 Disk 0 Windows 7 default MBR code
22:42:42.175 Service scanning
22:42:45.442 Modules scanning
22:42:45.446 Disk 0 trace - called modules:
22:42:45.455 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys SCSIPORT.SYS hal.dll mv91xx.sys
22:42:45.459 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800e093060]
22:42:45.462 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800de39cf0]
22:42:45.466 5 PCTCore64.sys[fffff880012b96f4] -> nt!IofCallDriver -> \Device\Scsi\mv91xx1Port1Path0Target1Lun0[0xfffffa800dd46050]
22:42:45.470 Scan finished successfully
22:42:53.955 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
22:42:53.959 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users