Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I really infected?


  • This topic is locked This topic is locked
9 replies to this topic

#1 Kondo

Kondo

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 25 May 2012 - 10:30 PM

A while ago, I performed a full system scan. After almost 4hrs of scanning, my antivirus detected 14 malicious objects in my laptop. What I did is remove it from the system. Now I'm wondering if I am really infected. How do I know if I am?

AV: Microsoft Security Essentials. Of course, I checked first if there's new virus definitions before performing the scan. I will be attaching a screenshot of the latest found thread in my laptop.

http://i1251.photobucket.com/albums/hh554/Asura_Kishin/infectd.png

All of the found threats were located in one folder as stated in the details of the item. And the other items (13) were all the same and listed below, which is also located in the same folder.

Although performing another scan is time consuming, I will be performing another full system scan tomorrow morning. I just want to know if there's other alternative for this.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 26 May 2012 - 12:15 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Kondo

Kondo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 27 May 2012 - 02:25 AM

I am having a problem with aswMBR (avast Antirootkit). After several minutes, the program will not respond and therefore will automatically be terminated. Here are the other logs you requested.
Results of screen317's Security Check version 0.99.24
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
Microsoft VM for Java
Java™ 6 Update 29
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
1Games Ragnarok Online PH __hahaha main\trace.exe
``````````End of Log````````````



Farbar Service Scanner Version: 25-05-2012
Ran by paolo (administrator) on 27-05-2012 at 14:04:13
Running from "D:\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox by Farbar Version: 14-01-2012
Ran by paolo (administrator) on 27-05-2012 at 14:06:06
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: wpad:80

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/24/2012 00:05:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: start.exe_unknown, version: 0.0.0.0, time stamp: 0x4c592cb9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000029
Fault offset: 0x00090572
Faulting process id: 0x1360
Faulting application start time: 0xstart.exe_unknown0
Faulting application path: start.exe_unknown1
Faulting module path: start.exe_unknown2
Report Id: start.exe_unknown3

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))


System errors:
=============
Error: (05/27/2012 02:06:07 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/27/2012 01:51:41 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/26/2012 10:56:31 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/24/2012 08:33:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/24/2012 11:10:38 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (05/24/2012 11:10:38 AM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/24/2012 11:10:38 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/22/2012 08:12:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (05/22/2012 08:12:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (05/22/2012 08:12:08 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/29/2011 03:51:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8257 seconds with 960 seconds of active time. This session ended with a crash.

Error: (08/22/2010 10:53:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2418 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (07/18/2010 02:52:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:59:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:58:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:57:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

'PTC Places' Namespace Shell Extension (Version: 1.1.13)
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.2)
Acer Crystal Eye Webcam (Version: 5.2.11.2)
ActivePerl 5.14.2 Build 1402 (Version: 5.14.1402)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Alcor Micro USB Card Reader (Version: 1.2.17.05001)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.23)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
Bandisoft MPEG-1 Decoder
Bing Bar (Version: 6.3.2322.0)
Bing Bar Platform (Version: 6.3.2322.0)
Bluetooth Win7 Suite (Version: 6.04.003.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.17)
Chikka Messenger
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
D3DX10 (Version: 15.4.2368.0902)
DriverAgent by eSupport.com
ESET Online Scanner v3
Fable III (Version: 1.0.0001.131)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Globe Broadband (Version: 11.300.05.01.158)
Google Chrome (Version: 19.0.1084.52)
Google Update Helper (Version: 1.3.21.111)
Gravity Game Start 1.1 (Version: 1.1)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HI-TECH PICC lite V9.60PL0 (Version: 9.60)
Internet Download Manager
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
MediaBar (Version: 2.0.0.93318)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft VM for Java
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.31.0)
Nokia PC Suite (Version: 7.1.51.0)
Nokia Software Updater (Version: 02.05.008.43342)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
NVIDIA PhysX (Version: 9.10.0514)
Pando Media Booster (Version: 2.6.0.7)
PC Connectivity Solution (Version: 10.24.0.0)
PDFCreator (Version: 1.2.3)
PSF Manual Patch (Version: 2.0.3)
PSF Manual Patch (Version: 2.2.7)
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.69.80.9)
Ragnarok Online (Version: 13.30.000)
Ragnarok Online2 (Version: 2.00.0000)
Rainmeter (Version: 2.2 r1116)
Real Desktop 1.74 Standard
Skype™ 5.8 (Version: 5.8.158)
SmartSound Quicktracks 5 (Version: 5.1.7)
Sun Broadband Wireless (Version: 16.001.06.04.256)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.1.10 (Version: 1.1.10)
Windows Driver Package - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1974.76 MB
Available physical RAM: 1078.54 MB
Total Pagefile: 3949.52 MB
Available Pagefile: 2879.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:161.27 GB) (Free:110 GB) NTFS
2 Drive d: () (Fixed) (Total:136.72 GB) (Free:96.74 GB) NTFS

========================= Users: ========================================

User accounts for \\JPCZAFRA

Administrator Guest paolo
Public


**** End of log ****



Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.27.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
paolo :: JPCZAFRA [administrator]

Protection: Disabled

5/27/2012 2:38:44 PM
mbam-log-2012-05-27 (14-38-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217252
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 27 May 2012 - 10:45 AM

MiniToolbox log is incomplete.
You missed "List IP configuration" section.
Please redo.

Then....

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

==================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Kondo

Kondo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 27 May 2012 - 12:55 PM

MiniToolBox by Farbar Version: 14-01-2012
Ran by paolo (administrator) on 27-05-2012 at 23:59:30
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: wpad:80

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller = Local Area Connection (Connected)
Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64 icmpredirects=enabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1500 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : JPCZafra
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.name

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 7E-E4-00-2C-58-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : C8-0A-A9-50-B0-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a8d8:7dbe:e3e4:6f1e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, May 27, 2012 11:57:51 PM
Lease Expires . . . . . . . . . . : Monday, May 28, 2012 11:57:51 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 331877033
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-96-67-90-C8-0A-A9-50-B0-7C
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 78-E4-00-2C-58-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.MCL Free Wifi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain.name:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.name
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:18c1:2a19:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::18c1:2a19:3f57:fefd%28(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{08CF7FAE-2589-4627-B79C-BCAFA6A5F5DE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{FD9DED8E-4907-4719-A1F4-A082610DA952}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: google.com.domain.name
Addresses: 109.234.109.21
213.128.138.236
109.234.109.20


Pinging google.com [74.125.71.113] with 32 bytes of data:
Reply from 74.125.71.113: bytes=32 time=28ms TTL=53
Reply from 74.125.71.113: bytes=32 time=28ms TTL=53

Ping statistics for 74.125.71.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 28ms, Average = 28ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com.domain.name
Addresses: 213.128.138.236
109.234.109.20
109.234.109.21


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=475ms TTL=40
Reply from 98.139.183.24: bytes=32 time=502ms TTL=41

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 475ms, Maximum = 502ms, Average = 488ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com.domain.name
Addresses: 109.234.109.20
213.128.138.236
109.234.109.21


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
22...7e e4 00 2c 58 8e ......Microsoft Virtual WiFi Miniport Adapter
11...c8 0a a9 50 b0 7c ......Atheros AR8151 PCI-E Gigabit Ethernet Controller
10...78 e4 00 2c 58 8e ......Atheros AR5B93 Wireless Network Adapter
1...........................Software Loopback Interface 1
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
28...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
43...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
28 58 ::/0 On-link
1 306 ::1/128 On-link
28 58 2001::/32 On-link
28 306 2001:0:4137:9e76:18c1:2a19:3f57:fefd/128
On-link
11 276 fe80::/64 On-link
28 306 fe80::/64 On-link
28 306 fe80::18c1:2a19:3f57:fefd/128
On-link
11 276 fe80::a8d8:7dbe:e3e4:6f1e/128
On-link
1 306 ff00::/8 On-link
28 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 10 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 42 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 43 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 44 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 45 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 46 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 47 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 48 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 49 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/27/2012 03:15:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp: 0x4f5f9c86
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x00052cc7
Faulting process id: 0xf5c
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (05/27/2012 03:03:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp: 0x4f5f9c86
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x00052cc7
Faulting process id: 0xc1c
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (05/27/2012 02:56:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: aswMBR.exe, version: 0.9.9.1665, time stamp: 0x4f5f9c86
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000005
Fault offset: 0x00052cc7
Faulting process id: 0xdf8
Faulting application start time: 0xaswMBR.exe0
Faulting application path: aswMBR.exe1
Faulting module path: aswMBR.exe2
Report Id: aswMBR.exe3

Error: (05/24/2012 00:05:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: start.exe_unknown, version: 0.0.0.0, time stamp: 0x4c592cb9
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b60
Exception code: 0xc0000029
Fault offset: 0x00090572
Faulting process id: 0x1360
Faulting application start time: 0xstart.exe_unknown0
Faulting application path: start.exe_unknown1
Faulting module path: start.exe_unknown2
Report Id: start.exe_unknown3

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/22/2012 08:11:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)


System errors:
=============
Error: (05/27/2012 02:06:07 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/27/2012 01:51:41 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/26/2012 10:56:31 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/24/2012 08:33:46 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.

Error: (05/24/2012 11:10:38 AM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (05/24/2012 11:10:38 AM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%1352

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/24/2012 11:10:38 AM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (05/22/2012 08:12:09 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (05/22/2012 08:12:09 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (05/22/2012 08:12:08 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}


Microsoft Office Sessions:
=========================
Error: (11/29/2011 03:51:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8257 seconds with 960 seconds of active time. This session ended with a crash.

Error: (08/22/2010 10:53:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2418 seconds with 1200 seconds of active time. This session ended with a crash.

Error: (07/18/2010 02:52:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:59:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:58:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/17/2010 05:57:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

'PTC Places' Namespace Shell Extension (Version: 1.1.13)
Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 3.1.2)
Acer Crystal Eye Webcam (Version: 5.2.11.2)
ActivePerl 5.14.2 Build 1402 (Version: 5.14.1402)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin (Version: 11.2.202.235)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Alcor Micro USB Card Reader (Version: 1.2.17.05001)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.23)
AutoHotkey 1.0.48.05 (Version: 1.0.48.05)
Bandisoft MPEG-1 Decoder
Bing Bar (Version: 6.3.2322.0)
Bing Bar Platform (Version: 6.3.2322.0)
Bluetooth Win7 Suite (Version: 6.04.003.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.17)
Chikka Messenger
Combined Community Codec Pack 2009-09-09 (Version: 2009.09.09.0)
D3DX10 (Version: 15.4.2368.0902)
DriverAgent by eSupport.com
ESET Online Scanner v3
Fable III (Version: 1.0.0001.131)
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Globe Broadband (Version: 11.300.05.01.158)
Google Chrome (Version: 19.0.1084.52)
Google Update Helper (Version: 1.3.21.111)
Gravity Game Start 1.1 (Version: 1.1)
HI-TECH C51-lite V9.60PL0 (Version: 9.60)
HI-TECH PICC lite V9.60PL0 (Version: 9.60)
Internet Download Manager
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 15.4.3502.0922)
Korean Fonts Support For Adobe Reader X (Version: 10.0.0)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
MediaBar (Version: 2.0.0.93318)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.6029.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft Visual C# 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31010)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft VM for Java
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVC80_x86 (Version: 1.0.1.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.31.0)
Nokia PC Suite (Version: 7.1.51.0)
Nokia Software Updater (Version: 02.05.008.43342)
Nokia_Multimedia_Common_Components_2_5 (Version: 2.6.86)
NVIDIA PhysX (Version: 9.10.0514)
Pando Media Booster (Version: 2.6.0.7)
PC Connectivity Solution (Version: 10.24.0.0)
PDFCreator (Version: 1.2.3)
PSF Manual Patch (Version: 2.0.3)
PSF Manual Patch (Version: 2.2.7)
PunkBuster Services (Version: 0.990)
QuickTime (Version: 7.69.80.9)
Ragnarok Online (Version: 13.30.000)
Ragnarok Online2 (Version: 2.00.0000)
Rainmeter (Version: 2.2 r1116)
Real Desktop 1.74 Standard
Skype™ 5.8 (Version: 5.8.158)
SmartSound Quicktracks 5 (Version: 5.1.7)
Sun Broadband Wireless (Version: 16.001.06.04.256)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
System Requirements Lab CYRI (Version: 4.5.1.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar (Version: 6.8.5.1)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.1.10 (Version: 1.1.10)
Windows Driver Package - Nokia Modem (06/09/2010 4.5) (Version: 06/09/2010 4.5)
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7) (Version: 06/09/2010 7.01.0.7)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 1974.76 MB
Available physical RAM: 1155.89 MB
Total Pagefile: 3949.52 MB
Available Pagefile: 3005.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.89 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:161.27 GB) (Free:109.61 GB) NTFS
2 Drive d: () (Fixed) (Total:136.72 GB) (Free:96.73 GB) NTFS

========================= Users: ========================================

User accounts for \\JPCZAFRA

Administrator Guest paolo
Public


**** End of log ****



.\debug.cpp(238) : Debug log started at 27.05.2012 - 16:01:44
.\boot_cleaner.cpp(527) : Bootkit Remover
.\boot_cleaner.cpp(528) : © 2009 Esage Lab
.\boot_cleaner.cpp(529) : www.esagelab.com
.\boot_cleaner.cpp(533) : Program version: 1.2.0.1
.\boot_cleaner.cpp(540) : OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8344f000 0x00403000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x83418000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc7000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x89824000 0x00085000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x898a9000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x898ba000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x898c2000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x89904000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x899af000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x89a20000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x89a2e000 0x000f3000 "\SystemRoot\System32\Drivers\spgc.sys"
.\debug.cpp(256) : 0x89b21000 0x00009000 "\SystemRoot\System32\Drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x89b2a000 0x00026000 "\SystemRoot\System32\Drivers\SCSIPORT.SYS"
.\debug.cpp(256) : 0x89b50000 0x00048000 "\SystemRoot\system32\drivers\ACPI.sys"
.\debug.cpp(256) : 0x89b98000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x89ba0000 0x0000b000 "\SystemRoot\system32\drivers\vdrvroot.sys"
.\debug.cpp(256) : 0x89bab000 0x0002a000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x89bd5000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x89be6000 0x00008000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x89bee000 0x0000b000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x89800000 0x00010000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x89c18000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x89c63000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x89c79000 0x00009000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x89c82000 0x00023000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x89ca5000 0x0000a000 "\SystemRoot\system32\drivers\msahci.sys"
.\debug.cpp(256) : 0x89caf000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x89cbd000 0x00009000 "\SystemRoot\system32\drivers\amdxata.sys"
.\debug.cpp(256) : 0x89cc6000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x89cfa000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x89d0b000 0x00028000 "\SystemRoot\system32\DRIVERS\MpFilter.sys"
.\debug.cpp(256) : 0x89d33000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x89e62000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x89e8d000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x89ea0000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x89efd000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x89f0b000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x89f14000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x8a01b000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x8a059000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8a07e000 0x0014b000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8a1c9000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8a1fa000 0x00008000 "\SystemRoot\system32\DRIVERS\wd.sys"
.\debug.cpp(256) : 0x8a202000 0x0003f000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8a241000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8a249000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8a276000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8a286000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8a28e000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8a2c0000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8a2d1000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a329000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8a348000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8a34f000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8a356000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8a362000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8a383000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8a390000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8a398000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8a3a0000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8a3a8000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8a3b3000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8a3c1000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8a3d8000 0x0000c000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8c837000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8c891000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8c8c3000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x8c8ca000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8c8e9000 0x00011000 "\SystemRoot\system32\DRIVERS\vwififlt.sys"
.\debug.cpp(256) : 0x8c8fa000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8c908000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8c91b000 0x00011000 "\SystemRoot\system32\drivers\termdd.sys"
.\debug.cpp(256) : 0x8c92c000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8c96d000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8c977000 0x0000a000 "\SystemRoot\system32\drivers\mssmbios.sys"
.\debug.cpp(256) : 0x8c981000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x8c98d000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8c9a5000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x8c9b3000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x8c9d4000 0x0002a000 "\SystemRoot\system32\DRIVERS\atikmpag.sys"
.\debug.cpp(256) : 0x90c0d000 0x00562000 "\SystemRoot\system32\DRIVERS\atipmdag.sys"
.\debug.cpp(256) : 0x9116f000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x91226000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x9125f000 0x0001f000 "\SystemRoot\system32\drivers\HDAudBus.sys"
.\debug.cpp(256) : 0x9127e000 0x0000b000 "\SystemRoot\system32\DRIVERS\HECI.sys"
.\debug.cpp(256) : 0x91289000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x91298000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x912e3000 0x00012000 "\SystemRoot\system32\DRIVERS\L1C62x86.sys"
.\debug.cpp(256) : 0x8c9fe000 0x0012d000 "\SystemRoot\system32\DRIVERS\athr.sys"
.\debug.cpp(256) : 0x912f5000 0x0000a000 "\SystemRoot\system32\DRIVERS\vwifibus.sys"
.\debug.cpp(256) : 0x912ff000 0x00018000 "\SystemRoot\system32\drivers\i8042prt.sys"
.\debug.cpp(256) : 0x91317000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x91324000 0x00037000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x9135b000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x9135d000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x9136a000 0x00009000 "\SystemRoot\system32\drivers\wmiacpi.sys"
.\debug.cpp(256) : 0x91373000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x91377000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x91389000 0x0000d000 "\SystemRoot\system32\drivers\CompositeBus.sys"
.\debug.cpp(256) : 0x91396000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x913a8000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x913c0000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x913cb000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8cb2b000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8cb43000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8cb5a000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x913ed000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x913f7000 0x00002000 "\SystemRoot\system32\drivers\swenum.sys"
.\debug.cpp(256) : 0x8cb71000 0x00034000 "\SystemRoot\system32\drivers\ks.sys"
.\debug.cpp(256) : 0x90c00000 0x0000a000 "\SystemRoot\system32\DRIVERS\btath_bus.sys"
.\debug.cpp(256) : 0x8cba5000 0x0000e000 "\SystemRoot\system32\drivers\umbus.sys"
.\debug.cpp(256) : 0x8cbb3000 0x00012000 "\SystemRoot\system32\DRIVERS\ew_jubusenum.sys"
.\debug.cpp(256) : 0x9380d000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x93851000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x93862000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x938b2000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x938e1000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x94c70000 0x00250000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x938fa000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x93904000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x93911000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x9391c000 0x0000a000 "\SystemRoot\System32\Drivers\dump_msahci.sys"
.\debug.cpp(256) : 0x93926000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x93937000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x93942000 0x00017000 "\SystemRoot\system32\DRIVERS\usbccgp.sys"
.\debug.cpp(256) : 0x94ed0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x93959000 0x00024000 "\SystemRoot\System32\Drivers\usbvideo.sys"
.\debug.cpp(256) : 0x94f00000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x9397d000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x93988000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x9399b000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x939a2000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x939ad000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x939c8000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x939e2000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x939f2000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x93a38000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x93a48000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x93a5b000 0x00009000 "\SystemRoot\system32\DRIVERS\vwifimp.sys"
.\debug.cpp(256) : 0x93a64000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x93ae9000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x93b02000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x93b14000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x93b37000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x93b72000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x93ba5000 0x00018000 "\SystemRoot\system32\DRIVERS\idmwfp.sys"
.\debug.cpp(256) : 0xa0418000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0xa04af000 0x00009000 "\??\C:\Windows\system32\drivers\rtwtkrnl.sys"
.\debug.cpp(256) : 0xa04b8000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0xa04c2000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0xa04e3000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0xa04f0000 0x00050000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0xa0540000 0x00052000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0xa0592000 0x00006000 "\??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC2212F7-C139-42FC-9EEE-B4784EFA3769}\MpKsld6b81162.sys"
.\debug.cpp(256) : 0xa0598000 0x00004000 "\??\C:\Windows\system32\drivers\mbam.sys"
.\debug.cpp(256) : 0xa059c000 0x0006a000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x77440000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47d70000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x77680000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00990000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x775c0000 0x000ac000 "\Windows\System32\msvcrt.dll"
.\debug.cpp(256) : 0x773e0000 0x00057000 "\Windows\System32\shlwapi.dll"
.\debug.cpp(256) : 0x775b0000 0x0000a000 "\Windows\System32\lpk.dll"
.\debug.cpp(256) : 0x77310000 0x000cc000 "\Windows\System32\msctf.dll"
.\debug.cpp(256) : 0x772d0000 0x00035000 "\Windows\System32\ws2_32.dll"
.\debug.cpp(256) : 0x77230000 0x000a0000 "\Windows\System32\advapi32.dll"
.\debug.cpp(256) : 0x77110000 0x0011b000 "\Windows\System32\wininet.dll"
.\debug.cpp(256) : 0x770c0000 0x00045000 "\Windows\System32\Wldap32.dll"
.\debug.cpp(256) : 0x77030000 0x00083000 "\Windows\System32\clbcatq.dll"
.\debug.cpp(256) : 0x77590000 0x0001f000 "\Windows\System32\imm32.dll"
.\debug.cpp(256) : 0x76ed0000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x77580000 0x00003000 "\Windows\System32\normaliz.dll"
.\debug.cpp(256) : 0x76e50000 0x0007b000 "\Windows\System32\comdlg32.dll"
.\debug.cpp(256) : 0x76cb0000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x76c60000 0x0004e000 "\Windows\System32\gdi32.dll"
.\debug.cpp(256) : 0x76c40000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(256) : 0x76b20000 0x00111000 "\Windows\System32\urlmon.dll"
.\debug.cpp(256) : 0x76af0000 0x0002a000 "\Windows\System32\imagehlp.dll"
.\debug.cpp(256) : 0x76a40000 0x000a1000 "\Windows\System32\rpcrt4.dll"
.\debug.cpp(256) : 0x76960000 0x000d4000 "\Windows\System32\kernel32.dll"
.\debug.cpp(256) : 0x768c0000 0x0009d000 "\Windows\System32\usp10.dll"
.\debug.cpp(256) : 0x75c70000 0x00c4a000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x75c10000 0x00052000 "\Windows\System32\difxapi.dll"
.\debug.cpp(256) : 0x75b80000 0x0008f000 "\Windows\System32\oleaut32.dll"
.\debug.cpp(256) : 0x759c0000 0x001b8000 "\Windows\System32\iertutil.dll"
.\debug.cpp(256) : 0x758f0000 0x000c9000 "\Windows\System32\user32.dll"
.\debug.cpp(256) : 0x758e0000 0x00005000 "\Windows\System32\psapi.dll"
.\debug.cpp(256) : 0x758d0000 0x00006000 "\Windows\System32\nsi.dll"
.\debug.cpp(256) : 0x758a0000 0x00027000 "\Windows\System32\cfgmgr32.dll"
.\debug.cpp(256) : 0x75870000 0x0002d000 "\Windows\System32\wintrust.dll"
.\debug.cpp(256) : 0x75820000 0x0004a000 "\Windows\System32\KernelBase.dll"
.\debug.cpp(256) : 0x75700000 0x0011d000 "\Windows\System32\crypt32.dll"
.\debug.cpp(256) : 0x75670000 0x00084000 "\Windows\System32\comctl32.dll"
.\debug.cpp(256) : 0x75650000 0x00012000 "\Windows\System32\devobj.dll"
.\debug.cpp(256) : 0x75640000 0x0000c000 "\Windows\System32\msasn1.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination "\Device\Video0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination "\Device\WUDFLpcDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination "\Device\Ndis"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6CE446E2-D7FF-461E-A0BD-33D31F3780A1}"
.\debug.cpp(400) : Destination "\Device\NDMP2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination "\Device\Video1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&b6d72d3&0&00E5#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1B1A&PID_0000#7&2eff553c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination "\Device\AgileVPN"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDMWFP"
.\debug.cpp(400) : Destination "\Device\IDMWFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{08CF7FAE-2589-4627-B79C-BCAFA6A5F5DE}"
.\debug.cpp(400) : Destination "\Device\NDMP7"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21997e8d&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination "\Device\Video2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_37_-_Intel®_Core™_i3_CPU_______M_330__@_2.13GHz#_3#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000058"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\E:"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination "\Device\WMIAdminDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&4f2f5dc&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination "\Device\Video3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000001"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&b6d72d3&0&00E5#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_37_-_Intel®_Core™_i3_CPU_______M_330__@_2.13GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000057"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination "\Device\Video4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination "\Device\ProcessManagement"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&26b529ce&0&01#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{efd17a0f-6dc5-11df-b196-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{fede31d4-7d26-4d22-b058-516dc4524889}"
.\debug.cpp(400) : Destination "\Device\0000004e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination "\Device\Video5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) : Destination "\Device\CompositeBattery"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination "\Device\HarddiskVolumeShadowCopy5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_1B1A&PID_0000#7&2eff553c&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000007b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B34&SUBSYS_03571025&REV_05#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0007"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68E0&SUBSYS_03561025&REV_00#4&1cdfbf58&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination "\Device\TeredoTun"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination "\Device\SPDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination "\Device\WMIDataDevice"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#3&11583659&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000061"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination "\Device\PEAuth"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21997e8d&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&4f2f5dc&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\vwififlt"
.\debug.cpp(400) : Destination "\Device\vwififlt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination "\Device\NamedPipe"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination "\Device\Psched"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination "\Device\Mup"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_37_-_Intel®_Core™_i3_CPU_______M_330__@_2.13GHz#_4#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000059"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination "\Device\Tcp"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000005"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgrMsg"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5d624f94-8850-40c3-a3fa-a4fd2080baf3}#vwifimp#5&26b529ce&0&01#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination "\Device\USBFDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination "\Device\NDMP14"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination "\Device\USBFDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&16c44e4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LCD"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{B2100051-1F63-40B8-80EF-C52B2CA17342}"
.\debug.cpp(400) : Destination "\Device\NDMP6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1D568E45-20C4-43BA-A92B-E8B2E971369B}"
.\debug.cpp(400) : Destination "\Device\NDMP5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{efd17a13-6dc5-11df-b196-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{efd17a15-6dc5-11df-b196-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination "\Device\Harddisk0\DR0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000005b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination "\DosDevices\LPT1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&28a6e135&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{efd17a14-6dc5-11df-b196-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination "\Device\FsWrap"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B64&SUBSYS_03571025&REV_06#3&11583659&0&B0#{e2d1ff34-3458-49a9-88da-8e6915ce9be5}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination "\Device\IPSECDOSP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000004f"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\00000052"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&3921bc3c&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&3921bc3c&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{efd17a0f-6dc5-11df-b196-806e6f6e6963}#0000002857D00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#3&11583659&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000060"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000044"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&93bff10&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD028D#5&26da6aa&0&UID256#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination "\GLOBAL??"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FD9DED8E-4907-4719-A1F4-A082610DA952}"
.\debug.cpp(400) : Destination "\Device\NDMP16"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&4f2f5dc&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination "\clfs"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_68E0&SUBSYS_03561025&REV_00#4&1cdfbf58&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0018"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000002"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_37_-_Intel®_Core™_i3_CPU_______M_330__@_2.13GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination "\Device\00000056"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination "\Device\Secdrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219#HF1315-S32B-OV01-VA-R02.01.05#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{efd17a0f-6dc5-11df-b196-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS545032B9A300_________________PB3OC60F#5&84b5ae0&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP0T0L0-0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000004"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000047"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) : Destination "\Device\nativewifip"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\RTWTKRNL"
.\debug.cpp(400) : Destination "\Device\RTWTKRNL"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination "\Device\NDMP15"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EB52B740-2B1E-46AE-B953-8720FCEE3E69}"
.\debug.cpp(400) : Destination "\Device\NDMP3"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000049"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3FC891C2-E435-472A-A4CA-3B24E7BFB669}"
.\debug.cpp(400) : Destination "\Device\NDMP17"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination "\Device\MountPointManager"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000045"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_8087&PID_0020#5&294ce84&0&1#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination "\Device\USBPDO-2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LGD028D#5&26da6aa&0&UID256#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination "\Device\00000078"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination "\Device\PartmgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination "\Device\WANARP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination "\Device\Nsi"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{efd17a18-6dc5-11df-b196-806e6f6e6963}"
.\debug.cpp(400) : Destination "\Device\CdRom0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000043"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_168C&DEV_002A&SUBSYS_E01F105B&REV_01#4&b6d72d3&0&00E5#{435b6226-1dcc-43b3-887e-217dbaa27ba3}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0021"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination "\Device\NXTIPSEC"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination "\Device\NDMP9"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A4SH_________________CA11____#5&1b050b85&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0269&SUBSYS_10250357&REV_1001#4&3469b201&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination "\Device\00000074"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_3B3C&SUBSYS_03571025&REV_05#3&11583659&0&D0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0003"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination "\Device\NDMP11"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination "\Device\WwanProt"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination "\Device\WFP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#3&11583659&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination "\Device\00000062"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination "\Device\WANARPV6"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort0"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_1B1A&PID_0000#6&19e9b777&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination "\Device\USBPDO-5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21997e8d&0&5#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\PciIde0Channel5"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1073&SUBSYS_03571025&REV_C0#4&12322aa2&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1969&DEV_1073&SUBSYS_03571025&REV_C0#4&12322aa2&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\NTPNP_PCI0020"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination "\Device\0000007d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\00000042"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000048"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination "\Device\0000004d"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002#5&4f2f5dc&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination "\Device\00000071"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpKsld6b81162"
.\debug.cpp(400) : Destination "\Device\MpKsld6b81162"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination "\Device\NDMP10"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination "\Device\AscKmd"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination "\Device\NdisWan"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{97867BF6-29B1-42F2-9556-51FACDD45CD6}"
.\debug.cpp(400) : Destination "\Device\NDMP1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomSlimtype_DVD_A__DS8A4SH_________________CA11____#5&1b050b85&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination "\Device\Ide\IdeDeviceP1T0L0-1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219&MI_00#7&612d10c&0&0000#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination "\Device\MPS"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination "\Device\VolMgrControl"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN1B20#4&3921bc3c&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000006e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination "\FileSystem\Filters\FltMgr"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{AF1DE77B-5AE7-4411-AA6E-2B8410D9C687}"
.\debug.cpp(400) : Destination "\Device\NDMP8"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E30E9A0C-3AD9-4A48-928C-824540C8C224}"
.\debug.cpp(400) : Destination "\Device\NDMP4"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination "\Device\HarddiskVolume2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination "\DosDevices\COM1"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination "\Device\MailSlot"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Oceanus.00"
.\debug.cpp(400) : Destination "\Device\Oceanus.00"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination "\Device\NDMP12"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MBAMProtector"
.\debug.cpp(400) : Destination "\Device\MBAMProtector"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination "\Device\NDMP13"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination "\Device\00000051"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination "\Device\Null"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination "\Device\Ide\IdePort2"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#USB#0000#{c671678c-82c1-43f3-d700-0049433e9a4b}"
.\debug.cpp(400) : Destination "\Device\00000050"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004c"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination "\Device\Ndisuio"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination "\Device\SstpDrv"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination "\Device\0000007e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination ""
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_064E&PID_A219&MI_00#7&612d10c&0&0000#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination "\Device\0000007a"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination "\Device\0000004b"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination "\Device\WfpAle"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#0#{e849804e-c719-43d8-ac88-96b894c191e2}"
.\debug.cpp(400) : Destination "\Device\0000005e"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) : Destination "\Device\SynTP"
.\debug.cpp(409) : --
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination "\Device\00000046"
.\debug.cpp(409) : --
.\debug.cpp(453) : **********************************************
.\boot_cleaner.cpp(565) : System volume is \\.\C:
.\boot_cleaner.cpp(600) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000
.\boot_cleaner.cpp(276) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1061) :
.\boot_cleaner.cpp(1062) : Size Device Name MBR Status
.\boot_cleaner.cpp(1063) : --------------------------------------------
.\boot_cleaner.cpp(1107) : 298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1113) :
.\boot_cleaner.cpp(1152) : Done;



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-28 01:52:12
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545032B9A300 rev.PB3OC60F
Running: kcum2qco.exe; Driver: C:\Users\paolo\AppData\Local\Temp\uxdyypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwRollbackEnlistment + 1409 83484989 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 834A44E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spgc.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x90C0E000, 0x2E832C, 0xE8000020]
.text USBPORT.SYS!DllUnload 912BCDB9 5 Bytes JMP 8669B1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [89A5ADDC] \SystemRoot\System32\Drivers\spgc.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [89A5AE30] \SystemRoot\System32\Drivers\spgc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89A30042] \SystemRoot\System32\Drivers\spgc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89A306D6] \SystemRoot\System32\Drivers\spgc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89A30800] \SystemRoot\System32\Drivers\spgc.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89A3013E] \SystemRoot\System32\Drivers\spgc.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8540E1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 854091F8
Device \Driver\usbehci \Device\USBPDO-0 866781F8
Device \Driver\usbehci \Device\USBPDO-1 866781F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{FD9DED8E-4907-4719-A1F4-A082610DA952} 8662F1F8
Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume1 854091F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 854091F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8657B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8540B1F8
Device \Driver\atapi \Device\Ide\IdePort0 8540B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8540B1F8
Device \Driver\atapi \Device\Ide\IdePort2 8540B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8540B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8540C1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8540C1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel5 8540C1F8
Device \Driver\volmgr \Device\HarddiskVolume3 854091F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{B2100051-1F63-40B8-80EF-C52B2CA17342} 8662F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8662F1F8
Device \Driver\usbehci \Device\USBFDO-0 866781F8
Device \Driver\usbehci \Device\USBFDO-1 866781F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{08CF7FAE-2589-4627-B79C-BCAFA6A5F5DE} 8662F1F8

---- Threads - GMER 1.0.15 ----

Thread System [4:3976] A05C6F2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0013d37d153e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313b698fa
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313b698fa@002376f0be1a 0x34 0x58 0xDB 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xF6 0x9D 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0013d37d153e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313b698fa (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313b698fa@002376f0be1a 0x34 0x58 0xDB 0xA9 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x55 0xF6 0x9D 0xD8 ...

---- EOF - GMER 1.0.15 ----

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 27 May 2012 - 12:59 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Kondo

Kondo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 27 May 2012 - 10:35 PM

11:32:10.0916 2516 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
11:32:11.0586 2516 ============================================================
11:32:11.0586 2516 Current date / time: 2012/05/28 11:32:11.0586
11:32:11.0586 2516 SystemInfo:
11:32:11.0586 2516
11:32:11.0586 2516 OS Version: 6.1.7601 ServicePack: 1.0
11:32:11.0586 2516 Product type: Workstation
11:32:11.0586 2516 ComputerName: JPCZAFRA
11:32:11.0586 2516 UserName: paolo
11:32:11.0586 2516 Windows directory: C:\Windows
11:32:11.0586 2516 System windows directory: C:\Windows
11:32:11.0586 2516 Processor architecture: Intel x86
11:32:11.0586 2516 Number of processors: 4
11:32:11.0586 2516 Page size: 0x1000
11:32:11.0586 2516 Boot type: Normal boot
11:32:11.0586 2516 ============================================================
11:32:15.0346 2516 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:32:15.0346 2516 ============================================================
11:32:15.0346 2516 \Device\Harddisk0\DR0:
11:32:15.0346 2516 MBR partitions:
11:32:15.0346 2516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:32:15.0346 2516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1428C000
11:32:15.0346 2516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142BE800, BlocksNum 0x1116F800
11:32:15.0346 2516 ============================================================
11:32:15.0377 2516 C: <-> \Device\Harddisk0\DR0\Partition1
11:32:15.0440 2516 D: <-> \Device\Harddisk0\DR0\Partition2
11:32:15.0440 2516 ============================================================
11:32:15.0440 2516 Initialize success
11:32:15.0440 2516 ============================================================
11:32:34.0394 2264 ============================================================
11:32:34.0394 2264 Scan started
11:32:34.0394 2264 Mode: Manual;
11:32:34.0394 2264 ============================================================
11:32:38.0028 2264 1394hub - ok
11:32:38.0138 2264 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:32:38.0138 2264 1394ohci - ok
11:32:38.0184 2264 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:32:38.0200 2264 ACPI - ok
11:32:38.0231 2264 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:32:38.0231 2264 AcpiPmi - ok
11:32:38.0372 2264 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:32:38.0387 2264 AdobeARMservice - ok
11:32:38.0465 2264 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:32:38.0481 2264 adp94xx - ok
11:32:38.0512 2264 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:32:38.0512 2264 adpahci - ok
11:32:38.0543 2264 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:32:38.0543 2264 adpu320 - ok
11:32:38.0574 2264 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:32:38.0590 2264 AeLookupSvc - ok
11:32:38.0652 2264 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:32:38.0652 2264 AFD - ok
11:32:38.0793 2264 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
11:32:38.0808 2264 AgereSoftModem - ok
11:32:38.0840 2264 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:32:38.0840 2264 agp440 - ok
11:32:38.0871 2264 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:32:38.0871 2264 aic78xx - ok
11:32:38.0918 2264 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:32:38.0918 2264 ALG - ok
11:32:38.0949 2264 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:32:38.0949 2264 aliide - ok
11:32:38.0996 2264 AMD External Events Utility (6328b9a26843e73a57b6f7275e4dbc07) C:\Windows\system32\atiesrxx.exe
11:32:38.0996 2264 AMD External Events Utility - ok
11:32:39.0011 2264 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:32:39.0027 2264 amdagp - ok
11:32:39.0042 2264 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:32:39.0042 2264 amdide - ok
11:32:39.0089 2264 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:32:39.0089 2264 AmdK8 - ok
11:32:39.0370 2264 amdkmdag (dd38d901f6bef17bd34eacc806b1e7a2) C:\Windows\system32\DRIVERS\atipmdag.sys
11:32:39.0495 2264 amdkmdag - ok
11:32:39.0947 2264 amdkmdap (8fb5e5961e1b3bf14490bc6d7719f6f3) C:\Windows\system32\DRIVERS\atikmpag.sys
11:32:39.0947 2264 amdkmdap - ok
11:32:40.0072 2264 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:32:40.0088 2264 AmdPPM - ok
11:32:40.0244 2264 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:32:40.0244 2264 amdsata - ok
11:32:40.0306 2264 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:32:40.0306 2264 amdsbs - ok
11:32:40.0337 2264 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:32:40.0337 2264 amdxata - ok
11:32:40.0384 2264 AmUStor (3bb8a4dca55f3ec1579b72eb91da7eba) C:\Windows\system32\drivers\AmUStor.SYS
11:32:40.0384 2264 AmUStor - ok
11:32:40.0602 2264 apf001 - ok
11:32:40.0665 2264 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:32:40.0665 2264 AppID - ok
11:32:40.0727 2264 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:32:40.0727 2264 AppIDSvc - ok
11:32:40.0774 2264 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:32:40.0790 2264 Appinfo - ok
11:32:40.0930 2264 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:32:40.0930 2264 Apple Mobile Device - ok
11:32:41.0211 2264 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:32:41.0211 2264 AppMgmt - ok
11:32:41.0367 2264 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:32:41.0382 2264 arc - ok
11:32:41.0414 2264 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:32:41.0429 2264 arcsas - ok
11:32:41.0585 2264 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:32:41.0601 2264 aspnet_state - ok
11:32:41.0663 2264 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:32:41.0663 2264 AsyncMac - ok
11:32:41.0694 2264 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:32:41.0694 2264 atapi - ok
11:32:41.0741 2264 AthBTPort (70578876136a336896b8fea990f9891e) C:\Windows\system32\DRIVERS\btath_flt.sys
11:32:41.0741 2264 AthBTPort - ok
11:32:41.0804 2264 AtherosSvc (adaf2e30caa36e3bc8e119f57acedd70) C:\Program Files\Bluetooth Suite\adminservice.exe
11:32:41.0804 2264 AtherosSvc - ok
11:32:41.0944 2264 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
11:32:41.0975 2264 athr - ok
11:32:42.0240 2264 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:32:42.0240 2264 AudioEndpointBuilder - ok
11:32:42.0256 2264 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:32:42.0256 2264 Audiosrv - ok
11:32:42.0443 2264 Autodesk Licensing Service (32a5defddc3562bf89d73586f5915b34) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
11:32:42.0693 2264 Autodesk Licensing Service - ok
11:32:42.0755 2264 Autorun CDROM Monitor (564820c1522ff9686b9080762e482c5b) C:\Windows\system32\SupportAppXL\cdrom_mon.exe
11:32:42.0755 2264 Autorun CDROM Monitor - ok
11:32:42.0802 2264 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:32:42.0802 2264 AxInstSV - ok
11:32:42.0896 2264 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:32:42.0911 2264 b06bdrv - ok
11:32:42.0942 2264 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:32:42.0958 2264 b57nd60x - ok
11:32:43.0005 2264 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:32:43.0005 2264 BDESVC - ok
11:32:43.0020 2264 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:32:43.0020 2264 Beep - ok
11:32:43.0083 2264 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:32:43.0083 2264 BFE - ok
11:32:43.0145 2264 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:32:43.0161 2264 BITS - ok
11:32:43.0192 2264 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:32:43.0192 2264 blbdrive - ok
11:32:43.0535 2264 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:32:43.0566 2264 Bonjour Service - ok
11:32:43.0707 2264 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:32:43.0707 2264 bowser - ok
11:32:43.0754 2264 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:32:43.0769 2264 BrFiltLo - ok
11:32:43.0832 2264 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:32:43.0832 2264 BrFiltUp - ok
11:32:43.0956 2264 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:32:43.0956 2264 Browser - ok
11:32:44.0050 2264 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:32:44.0066 2264 Brserid - ok
11:32:44.0128 2264 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:32:44.0159 2264 BrSerWdm - ok
11:32:44.0175 2264 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:32:44.0175 2264 BrUsbMdm - ok
11:32:44.0190 2264 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:32:44.0190 2264 BrUsbSer - ok
11:32:44.0346 2264 BTATH_A2DP (62f4fab90866bff82c7cbc47080fc531) C:\Windows\system32\drivers\btath_a2dp.sys
11:32:44.0346 2264 BTATH_A2DP - ok
11:32:44.0409 2264 BTATH_BUS (8f503c5857e4ba3126e4dddd63d44403) C:\Windows\system32\DRIVERS\btath_bus.sys
11:32:44.0409 2264 BTATH_BUS - ok
11:32:44.0549 2264 BTATH_HCRP (23eb94eaff6b3bfd6c62b68c788d85d0) C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:32:44.0580 2264 BTATH_HCRP - ok
11:32:44.0705 2264 BTATH_RCP (5473e44113073464d77278aa36e3f569) C:\Windows\system32\DRIVERS\btath_rcp.sys
11:32:44.0705 2264 BTATH_RCP - ok
11:32:44.0846 2264 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
11:32:44.0877 2264 BthEnum - ok
11:32:44.0924 2264 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:32:44.0939 2264 BTHMODEM - ok
11:32:45.0017 2264 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:32:45.0033 2264 BthPan - ok
11:32:45.0142 2264 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
11:32:45.0158 2264 BTHPORT - ok
11:32:45.0204 2264 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:32:45.0220 2264 bthserv - ok
11:32:45.0267 2264 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
11:32:45.0267 2264 BTHUSB - ok
11:32:45.0314 2264 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:32:45.0314 2264 cdfs - ok
11:32:45.0360 2264 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
11:32:45.0360 2264 cdrom - ok
11:32:45.0688 2264 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:32:45.0688 2264 CertPropSvc - ok
11:32:45.0766 2264 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:32:45.0766 2264 circlass - ok
11:32:45.0860 2264 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:32:45.0860 2264 CLFS - ok
11:32:45.0922 2264 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:32:45.0938 2264 clr_optimization_v2.0.50727_32 - ok
11:32:45.0984 2264 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:32:46.0078 2264 clr_optimization_v4.0.30319_32 - ok
11:32:46.0109 2264 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:32:46.0109 2264 CmBatt - ok
11:32:46.0140 2264 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:32:46.0140 2264 cmdide - ok
11:32:46.0218 2264 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:32:46.0218 2264 CNG - ok
11:32:46.0234 2264 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:32:46.0250 2264 Compbatt - ok
11:32:46.0297 2264 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:32:46.0297 2264 CompositeBus - ok
11:32:46.0329 2264 COMSysApp - ok
11:32:46.0344 2264 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:32:46.0344 2264 crcdisk - ok
11:32:46.0375 2264 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:32:46.0391 2264 CryptSvc - ok
11:32:46.0516 2264 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:32:46.0516 2264 CSC - ok
11:32:46.0687 2264 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:32:46.0719 2264 CscService - ok
11:32:46.0812 2264 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:32:46.0828 2264 DcomLaunch - ok
11:32:46.0937 2264 DCService.exe (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe
11:32:46.0937 2264 DCService.exe - ok
11:32:46.0968 2264 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:32:46.0968 2264 defragsvc - ok
11:32:47.0093 2264 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:32:47.0093 2264 DfsC - ok
11:32:47.0155 2264 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:32:47.0171 2264 Dhcp - ok
11:32:47.0202 2264 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:32:47.0202 2264 discache - ok
11:32:47.0249 2264 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:32:47.0249 2264 Disk - ok
11:32:47.0296 2264 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:32:47.0296 2264 Dnscache - ok
11:32:47.0327 2264 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:32:47.0343 2264 dot3svc - ok
11:32:47.0374 2264 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:32:47.0374 2264 DPS - ok
11:32:47.0421 2264 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:32:47.0421 2264 drmkaud - ok
11:32:47.0483 2264 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
11:32:47.0483 2264 DrvAgent32 - ok
11:32:47.0561 2264 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:32:47.0561 2264 DXGKrnl - ok
11:32:47.0670 2264 EagleNT - ok
11:32:47.0857 2264 EagleXNt (23a0d582f326d9a826780a6eea14efe7) C:\Windows\system32\drivers\EagleXNt.sys
11:32:47.0873 2264 EagleXNt - ok
11:32:47.0904 2264 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:32:47.0920 2264 EapHost - ok
11:32:48.0138 2264 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:32:48.0201 2264 ebdrv - ok
11:32:48.0310 2264 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:32:48.0310 2264 EFS - ok
11:32:48.0388 2264 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:32:48.0403 2264 ehRecvr - ok
11:32:48.0419 2264 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:32:48.0435 2264 ehSched - ok
11:32:49.0917 2264 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:32:49.0948 2264 elxstor - ok
11:32:49.0963 2264 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:32:49.0963 2264 ErrDev - ok
11:32:50.0041 2264 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:32:50.0041 2264 EventSystem - ok
11:32:50.0088 2264 ewusbnet (17d36cd3211636beeb3076123bb832f6) C:\Windows\system32\DRIVERS\ewusbnet.sys
11:32:50.0088 2264 ewusbnet - ok
11:32:50.0119 2264 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:32:50.0135 2264 ew_hwusbdev - ok
11:32:50.0166 2264 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:32:50.0166 2264 exfat - ok
11:32:50.0197 2264 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:32:50.0197 2264 fastfat - ok
11:32:50.0275 2264 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:32:50.0291 2264 Fax - ok
11:32:50.0322 2264 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:32:50.0322 2264 fdc - ok
11:32:50.0353 2264 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:32:50.0353 2264 fdPHost - ok
11:32:50.0369 2264 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:32:50.0369 2264 FDResPub - ok
11:32:50.0385 2264 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:32:50.0385 2264 FileInfo - ok
11:32:50.0400 2264 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:32:50.0416 2264 Filetrace - ok
11:32:50.0416 2264 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:32:50.0416 2264 flpydisk - ok
11:32:50.0463 2264 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:32:50.0463 2264 FltMgr - ok
11:32:50.0572 2264 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:32:50.0587 2264 FontCache - ok
11:32:50.0665 2264 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:32:50.0665 2264 FontCache3.0.0.0 - ok
11:32:50.0728 2264 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:32:50.0728 2264 FsDepends - ok
11:32:50.0806 2264 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
11:32:50.0806 2264 fssfltr - ok
11:32:50.0962 2264 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:32:51.0009 2264 fsssvc - ok
11:32:51.0118 2264 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:32:51.0133 2264 Fs_Rec - ok
11:32:51.0180 2264 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:32:51.0180 2264 fvevol - ok
11:32:51.0227 2264 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:32:51.0227 2264 gagp30kx - ok
11:32:51.0430 2264 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:32:51.0477 2264 gpsvc - ok
11:32:51.0586 2264 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:32:51.0586 2264 gupdate - ok
11:32:51.0601 2264 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:32:51.0617 2264 gupdatem - ok
11:32:51.0695 2264 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:32:51.0695 2264 hcw85cir - ok
11:32:51.0773 2264 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:32:51.0773 2264 HdAudAddService - ok
11:32:51.0820 2264 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:32:51.0820 2264 HDAudBus - ok
11:32:51.0867 2264 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
11:32:51.0882 2264 HECI - ok
11:32:51.0929 2264 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:32:51.0929 2264 HidBatt - ok
11:32:51.0945 2264 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:32:51.0945 2264 HidBth - ok
11:32:51.0976 2264 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:32:51.0976 2264 HidIr - ok
11:32:52.0023 2264 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:32:52.0023 2264 hidserv - ok
11:32:52.0054 2264 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:32:52.0054 2264 HidUsb - ok
11:32:52.0085 2264 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:32:52.0101 2264 hkmsvc - ok
11:32:52.0132 2264 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:32:52.0147 2264 HomeGroupListener - ok
11:32:52.0163 2264 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:32:52.0179 2264 HomeGroupProvider - ok
11:32:52.0210 2264 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:32:52.0210 2264 HpSAMD - ok
11:32:52.0288 2264 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:32:52.0288 2264 HTTP - ok
11:32:52.0335 2264 huawei_enumerator (bb3c8e4b88842f3a1b9c5d603210c277) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:32:52.0335 2264 huawei_enumerator - ok
11:32:52.0381 2264 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:32:52.0381 2264 hwdatacard - ok
11:32:52.0413 2264 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:32:52.0413 2264 hwpolicy - ok
11:32:52.0506 2264 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:32:52.0506 2264 i8042prt - ok
11:32:52.0584 2264 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:32:52.0584 2264 iaStorV - ok
11:32:52.0693 2264 IDMWFP (e7e1c00a45e188fb1a3745ddd991fffa) C:\Windows\system32\DRIVERS\idmwfp.sys
11:32:52.0693 2264 IDMWFP - ok
11:32:52.0865 2264 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:32:52.0881 2264 idsvc - ok
11:32:52.0974 2264 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:32:52.0974 2264 iirsp - ok
11:32:53.0052 2264 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:32:53.0068 2264 IKEEXT - ok
11:32:53.0099 2264 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:32:53.0099 2264 intelide - ok
11:32:53.0130 2264 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:32:53.0130 2264 intelppm - ok
11:32:53.0161 2264 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:32:53.0161 2264 IPBusEnum - ok
11:32:53.0193 2264 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:32:53.0193 2264 IpFilterDriver - ok
11:32:53.0349 2264 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:32:53.0349 2264 iphlpsvc - ok
11:32:53.0395 2264 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:32:53.0395 2264 IPMIDRV - ok
11:32:53.0442 2264 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:32:53.0442 2264 IPNAT - ok
11:32:53.0473 2264 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:32:53.0473 2264 IRENUM - ok
11:32:53.0505 2264 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:32:53.0520 2264 isapnp - ok
11:32:53.0551 2264 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:32:53.0598 2264 iScsiPrt - ok
11:32:53.0629 2264 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:32:53.0629 2264 kbdclass - ok
11:32:53.0707 2264 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:32:53.0707 2264 kbdhid - ok
11:32:53.0739 2264 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:32:53.0739 2264 KeyIso - ok
11:32:53.0770 2264 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:32:53.0770 2264 KSecDD - ok
11:32:53.0801 2264 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:32:53.0801 2264 KSecPkg - ok
11:32:53.0863 2264 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:32:53.0863 2264 KtmRm - ok
11:32:53.0910 2264 L1c (6ef8146358452995a4a9335e44abb015) C:\Windows\system32\DRIVERS\L1C62x86.sys
11:32:53.0910 2264 L1c - ok
11:32:53.0988 2264 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:32:54.0004 2264 LanmanServer - ok
11:32:54.0082 2264 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:32:54.0097 2264 LanmanWorkstation - ok
11:32:54.0129 2264 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:32:54.0144 2264 lltdio - ok
11:32:54.0207 2264 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:32:54.0207 2264 lltdsvc - ok
11:32:54.0238 2264 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:32:54.0238 2264 lmhosts - ok
11:32:54.0643 2264 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:32:54.0659 2264 LSI_FC - ok
11:32:54.0737 2264 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:32:54.0737 2264 LSI_SAS - ok
11:32:54.0753 2264 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:32:54.0768 2264 LSI_SAS2 - ok
11:32:54.0846 2264 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:32:54.0846 2264 LSI_SCSI - ok
11:32:54.0909 2264 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:32:54.0909 2264 luafv - ok
11:32:55.0002 2264 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
11:32:55.0002 2264 MBAMProtector - ok
11:32:55.0891 2264 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:32:55.0923 2264 MBAMService - ok
11:32:56.0001 2264 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:32:56.0016 2264 Mcx2Svc - ok
11:32:56.0063 2264 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:32:56.0079 2264 megasas - ok
11:32:56.0141 2264 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:32:56.0141 2264 MegaSR - ok
11:32:56.0188 2264 mirrorv3 (d96ea49ab9a9174331bc023fd0cadc18) C:\Windows\system32\DRIVERS\rminiv3.sys
11:32:56.0203 2264 mirrorv3 - ok
11:32:56.0297 2264 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:32:56.0297 2264 MMCSS - ok
11:32:56.0422 2264 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:32:56.0437 2264 Modem - ok
11:32:56.0593 2264 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:32:56.0593 2264 monitor - ok
11:32:56.0765 2264 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:32:56.0765 2264 mouclass - ok
11:32:56.0905 2264 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:32:56.0921 2264 mouhid - ok
11:32:56.0999 2264 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:32:56.0999 2264 mountmgr - ok
11:32:57.0108 2264 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:32:57.0108 2264 MozillaMaintenance - ok
11:32:57.0202 2264 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
11:32:57.0202 2264 MpFilter - ok
11:32:57.0280 2264 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:32:57.0280 2264 mpio - ok
11:32:57.0467 2264 MpKsl5b56632b (a69630d039c38018689190234f866d77) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C0AC85F-3A31-4DAA-939D-66C00CFE011B}\MpKsl5b56632b.sys
11:32:57.0467 2264 MpKsl5b56632b - ok
11:32:57.0514 2264 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:32:57.0514 2264 mpsdrv - ok
11:32:57.0623 2264 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:32:57.0639 2264 MpsSvc - ok
11:32:58.0309 2264 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:32:58.0325 2264 MRxDAV - ok
11:32:58.0450 2264 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:32:58.0465 2264 mrxsmb - ok
11:32:58.0590 2264 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:32:58.0606 2264 mrxsmb10 - ok
11:32:58.0668 2264 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:32:58.0684 2264 mrxsmb20 - ok
11:32:58.0715 2264 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:32:58.0715 2264 msahci - ok
11:32:58.0793 2264 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:32:58.0793 2264 msdsm - ok
11:32:58.0840 2264 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:32:58.0855 2264 MSDTC - ok
11:32:58.0918 2264 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:32:58.0980 2264 Msfs - ok
11:32:58.0996 2264 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:32:59.0011 2264 mshidkmdf - ok
11:32:59.0043 2264 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:32:59.0043 2264 msisadrv - ok
11:32:59.0167 2264 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:32:59.0199 2264 MSiSCSI - ok
11:32:59.0214 2264 msiserver - ok
11:32:59.0245 2264 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:32:59.0245 2264 MSKSSRV - ok
11:32:59.0495 2264 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:32:59.0495 2264 MsMpSvc - ok
11:32:59.0526 2264 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:32:59.0526 2264 MSPCLOCK - ok
11:32:59.0573 2264 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:32:59.0589 2264 MSPQM - ok
11:32:59.0620 2264 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:32:59.0620 2264 MsRPC - ok
11:32:59.0667 2264 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:32:59.0682 2264 mssmbios - ok
11:32:59.0745 2264 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:32:59.0760 2264 MSTEE - ok
11:32:59.0776 2264 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:32:59.0776 2264 MTConfig - ok
11:32:59.0807 2264 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:32:59.0807 2264 Mup - ok
11:32:59.0932 2264 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:32:59.0947 2264 napagent - ok
11:33:00.0025 2264 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:33:00.0025 2264 NativeWifiP - ok
11:33:00.0181 2264 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:33:00.0197 2264 NDIS - ok
11:33:00.0259 2264 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:33:00.0259 2264 NdisCap - ok
11:33:00.0306 2264 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:33:00.0306 2264 NdisTapi - ok
11:33:00.0353 2264 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:33:00.0353 2264 Ndisuio - ok
11:33:00.0400 2264 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:33:00.0400 2264 NdisWan - ok
11:33:00.0431 2264 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:33:00.0431 2264 NDProxy - ok
11:33:00.0509 2264 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:33:00.0509 2264 NetBIOS - ok
11:33:00.0587 2264 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:33:00.0587 2264 NetBT - ok
11:33:00.0634 2264 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:33:00.0634 2264 Netlogon - ok
11:33:01.0071 2264 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:33:01.0071 2264 Netman - ok
11:33:01.0149 2264 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:33:01.0164 2264 NetMsmqActivator - ok
11:33:01.0164 2264 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:33:01.0164 2264 NetPipeActivator - ok
11:33:01.0195 2264 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:33:01.0211 2264 netprofm - ok
11:33:01.0211 2264 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:33:01.0227 2264 NetTcpActivator - ok
11:33:01.0227 2264 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:33:01.0227 2264 NetTcpPortSharing - ok
11:33:01.0289 2264 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:33:01.0289 2264 nfrd960 - ok
11:33:01.0336 2264 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
11:33:01.0351 2264 NisDrv - ok
11:33:01.0476 2264 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
11:33:01.0476 2264 NisSrv - ok
11:33:01.0507 2264 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:33:01.0523 2264 NlaSvc - ok
11:33:01.0554 2264 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\Windows\system32\drivers\ccdcmb.sys
11:33:01.0554 2264 nmwcd - ok
11:33:01.0601 2264 nmwcdc (3859c69a77793180548802dac9f34a38) C:\Windows\system32\drivers\ccdcmbo.sys
11:33:01.0601 2264 nmwcdc - ok
11:33:01.0632 2264 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\Windows\system32\drivers\nmwcdnsu.sys
11:33:01.0648 2264 nmwcdnsu - ok
11:33:01.0726 2264 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\Windows\system32\drivers\nmwcdnsuc.sys
11:33:01.0726 2264 nmwcdnsuc - ok
11:33:01.0741 2264 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:33:01.0741 2264 Npfs - ok
11:33:01.0757 2264 npggsvc - ok
11:33:01.0819 2264 npkcrypt (aaf9b4df67938753cb21808ea3574242) D:\Games\Ragnarok Online\npkcrypt.sys
11:33:01.0851 2264 npkcrypt - ok
11:33:01.0866 2264 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:33:01.0866 2264 nsi - ok
11:33:01.0897 2264 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:33:01.0897 2264 nsiproxy - ok
11:33:02.0568 2264 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:33:02.0599 2264 Ntfs - ok
11:33:03.0972 2264 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:33:03.0988 2264 Null - ok
11:33:04.0081 2264 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:33:04.0081 2264 nvraid - ok
11:33:04.0191 2264 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:33:04.0191 2264 nvstor - ok
11:33:04.0237 2264 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:33:04.0237 2264 nv_agp - ok
11:33:04.0378 2264 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:33:04.0393 2264 odserv - ok
11:33:04.0690 2264 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:33:04.0690 2264 ohci1394 - ok
11:33:04.0815 2264 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:33:04.0815 2264 ose - ok
11:33:04.0877 2264 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:33:04.0877 2264 p2pimsvc - ok
11:33:04.0924 2264 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:33:04.0924 2264 p2psvc - ok
11:33:04.0955 2264 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:33:04.0955 2264 Parport - ok
11:33:04.0986 2264 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:33:05.0002 2264 partmgr - ok
11:33:05.0017 2264 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:33:05.0017 2264 Parvdm - ok
11:33:05.0049 2264 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:33:05.0064 2264 PcaSvc - ok
11:33:05.0142 2264 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
11:33:05.0142 2264 pccsmcfd - ok
11:33:05.0189 2264 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:33:05.0189 2264 pci - ok
11:33:05.0220 2264 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:33:05.0220 2264 pciide - ok
11:33:05.0267 2264 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:33:05.0267 2264 pcmcia - ok
11:33:05.0283 2264 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:33:05.0298 2264 pcw - ok
11:33:05.0376 2264 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:33:05.0392 2264 PEAUTH - ok
11:33:05.0563 2264 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:33:05.0579 2264 PeerDistSvc - ok
11:33:05.0735 2264 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:33:05.0751 2264 pla - ok
11:33:05.0875 2264 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:33:05.0891 2264 PlugPlay - ok
11:33:05.0985 2264 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
11:33:06.0000 2264 PnkBstrA - ok
11:33:06.0047 2264 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:33:06.0047 2264 PNRPAutoReg - ok
11:33:06.0125 2264 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:33:06.0125 2264 PNRPsvc - ok
11:33:06.0187 2264 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:33:06.0203 2264 PolicyAgent - ok
11:33:06.0265 2264 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:33:06.0281 2264 Power - ok
11:33:06.0343 2264 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:33:06.0359 2264 PptpMiniport - ok
11:33:06.0390 2264 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:33:06.0390 2264 Processor - ok
11:33:06.0515 2264 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:33:06.0531 2264 ProfSvc - ok
11:33:06.0577 2264 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:33:06.0577 2264 ProtectedStorage - ok
11:33:06.0655 2264 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:33:06.0655 2264 Psched - ok
11:33:07.0139 2264 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:33:07.0186 2264 ql2300 - ok
11:33:07.0638 2264 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:33:07.0654 2264 ql40xx - ok
11:33:07.0763 2264 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:33:07.0794 2264 QWAVE - ok
11:33:07.0872 2264 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:33:07.0872 2264 QWAVEdrv - ok
11:33:07.0935 2264 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:33:07.0950 2264 RasAcd - ok
11:33:07.0997 2264 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:33:07.0997 2264 RasAgileVpn - ok
11:33:08.0059 2264 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:33:08.0075 2264 RasAuto - ok
11:33:08.0122 2264 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:33:08.0122 2264 Rasl2tp - ok
11:33:08.0247 2264 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:33:08.0262 2264 RasMan - ok
11:33:08.0309 2264 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:33:08.0309 2264 RasPppoe - ok
11:33:08.0403 2264 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:33:08.0403 2264 RasSstp - ok
11:33:08.0527 2264 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:33:08.0527 2264 rdbss - ok
11:33:08.0574 2264 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:33:08.0605 2264 rdpbus - ok
11:33:08.0668 2264 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:33:08.0668 2264 RDPCDD - ok
11:33:08.0793 2264 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:33:08.0793 2264 RDPDR - ok
11:33:08.0839 2264 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:33:08.0855 2264 RDPENCDD - ok
11:33:08.0886 2264 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:33:08.0886 2264 RDPREFMP - ok
11:33:08.0949 2264 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
11:33:08.0949 2264 RdpVideoMiniport - ok
11:33:08.0995 2264 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:33:08.0995 2264 RDPWD - ok
11:33:09.0058 2264 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:33:09.0058 2264 rdyboost - ok
11:33:09.0105 2264 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:33:09.0105 2264 RemoteAccess - ok
11:33:09.0151 2264 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:33:09.0167 2264 RemoteRegistry - ok
11:33:09.0245 2264 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:33:09.0261 2264 RFCOMM - ok
11:33:09.0354 2264 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:33:09.0354 2264 RpcEptMapper - ok
11:33:09.0432 2264 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:33:09.0432 2264 RpcLocator - ok
11:33:09.0557 2264 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:33:09.0557 2264 RpcSs - ok
11:33:09.0619 2264 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:33:09.0619 2264 rspndr - ok
11:33:09.0713 2264 RTWTKRNL (aeeb933cc479ff489ed166ca216ef36c) C:\Windows\system32\drivers\rtwtkrnl.sys
11:33:09.0713 2264 RTWTKRNL - ok
11:33:09.0775 2264 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:33:09.0791 2264 SamSs - ok
11:33:09.0822 2264 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:33:09.0822 2264 sbp2port - ok
11:33:09.0869 2264 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:33:09.0869 2264 SCardSvr - ok
11:33:09.0900 2264 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:33:09.0900 2264 scfilter - ok
11:33:09.0978 2264 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:33:09.0994 2264 Schedule - ok
11:33:10.0025 2264 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:33:10.0025 2264 SCPolicySvc - ok
11:33:10.0056 2264 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:33:10.0072 2264 SDRSVC - ok
11:33:10.0165 2264 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:33:10.0181 2264 SeaPort - ok
11:33:10.0243 2264 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:33:10.0243 2264 secdrv - ok
11:33:10.0259 2264 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:33:10.0275 2264 seclogon - ok
11:33:10.0290 2264 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:33:10.0306 2264 SENS - ok
11:33:10.0368 2264 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:33:10.0384 2264 SensrSvc - ok
11:33:10.0399 2264 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:33:10.0399 2264 Serenum - ok
11:33:10.0431 2264 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:33:10.0431 2264 Serial - ok
11:33:10.0540 2264 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:33:10.0540 2264 sermouse - ok
11:33:10.0649 2264 ServiceLayer (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
11:33:10.0914 2264 ServiceLayer - ok
11:33:10.0977 2264 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:33:10.0977 2264 SessionEnv - ok
11:33:11.0008 2264 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:33:11.0023 2264 sffdisk - ok
11:33:11.0023 2264 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:33:11.0039 2264 sffp_mmc - ok
11:33:11.0055 2264 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:33:11.0055 2264 sffp_sd - ok
11:33:11.0070 2264 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:33:11.0070 2264 sfloppy - ok
11:33:11.0117 2264 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:33:11.0133 2264 SharedAccess - ok
11:33:11.0179 2264 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:33:11.0179 2264 ShellHWDetection - ok
11:33:11.0211 2264 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:33:11.0226 2264 sisagp - ok
11:33:11.0257 2264 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:33:11.0273 2264 SiSRaid2 - ok
11:33:11.0289 2264 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:33:11.0289 2264 SiSRaid4 - ok
11:33:11.0320 2264 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:33:11.0320 2264 Smb - ok
11:33:11.0367 2264 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:33:11.0367 2264 SNMPTRAP - ok
11:33:11.0398 2264 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:33:11.0398 2264 spldr - ok
11:33:11.0460 2264 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:33:11.0460 2264 Spooler - ok
11:33:11.0725 2264 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:33:11.0788 2264 sppsvc - ok
11:33:11.0897 2264 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:33:11.0913 2264 sppuinotify - ok
11:33:12.0022 2264 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
11:33:12.0022 2264 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
11:33:12.0022 2264 sptd ( LockedFile.Multi.Generic ) - warning
11:33:12.0022 2264 sptd - detected LockedFile.Multi.Generic (1)
11:33:12.0053 2264 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:33:12.0069 2264 srv - ok
11:33:12.0100 2264 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:33:12.0100 2264 srv2 - ok
11:33:12.0115 2264 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:33:12.0115 2264 srvnet - ok
11:33:12.0162 2264 ssadbus (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
11:33:12.0178 2264 ssadbus - ok
11:33:12.0209 2264 ssadmdfl (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:33:12.0209 2264 ssadmdfl - ok
11:33:12.0225 2264 ssadmdm (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:33:12.0240 2264 ssadmdm - ok
11:33:12.0287 2264 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:33:12.0287 2264 SSDPSRV - ok
11:33:12.0318 2264 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:33:12.0334 2264 SstpSvc - ok
11:33:12.0349 2264 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:33:12.0349 2264 stexstor - ok
11:33:12.0412 2264 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:33:12.0427 2264 StiSvc - ok
11:33:12.0459 2264 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:33:12.0459 2264 swenum - ok
11:33:12.0505 2264 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:33:12.0505 2264 swprv - ok
11:33:12.0552 2264 Synth3dVsc - ok
11:33:12.0615 2264 SynTP (85aa36b9c4c07cabc1b4e57e11e60e24) C:\Windows\system32\DRIVERS\SynTP.sys
11:33:12.0615 2264 SynTP - ok
11:33:12.0739 2264 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:33:12.0771 2264 SysMain - ok
11:33:12.0802 2264 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:33:12.0817 2264 TabletInputService - ok
11:33:12.0849 2264 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:33:12.0864 2264 TapiSrv - ok
11:33:12.0895 2264 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:33:12.0895 2264 TBS - ok
11:33:13.0036 2264 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:33:13.0067 2264 Tcpip - ok
11:33:13.0270 2264 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:33:13.0285 2264 TCPIP6 - ok
11:33:13.0363 2264 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:33:13.0363 2264 tcpipreg - ok
11:33:13.0395 2264 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:33:13.0395 2264 TDPIPE - ok
11:33:13.0426 2264 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:33:13.0426 2264 TDTCP - ok
11:33:13.0473 2264 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:33:13.0473 2264 tdx - ok
11:33:13.0504 2264 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
11:33:13.0504 2264 teamviewervpn - ok
11:33:13.0535 2264 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:33:13.0535 2264 TermDD - ok
11:33:13.0582 2264 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:33:13.0597 2264 TermService - ok
11:33:13.0629 2264 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:33:13.0644 2264 Themes - ok
11:33:13.0675 2264 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:33:13.0675 2264 THREADORDER - ok
11:33:13.0753 2264 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:33:13.0753 2264 TrkWks - ok
11:33:13.0800 2264 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:33:13.0816 2264 TrustedInstaller - ok
11:33:13.0831 2264 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:33:13.0831 2264 tssecsrv - ok
11:33:13.0863 2264 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:33:13.0863 2264 TsUsbFlt - ok
11:33:13.0878 2264 tsusbhub - ok
11:33:13.0925 2264 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:33:13.0925 2264 tunnel - ok
11:33:13.0956 2264 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:33:13.0956 2264 uagp35 - ok
11:33:14.0003 2264 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:33:14.0019 2264 udfs - ok
11:33:14.0050 2264 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:33:14.0050 2264 UI0Detect - ok
11:33:14.0081 2264 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:33:14.0081 2264 uliagpkx - ok
11:33:14.0112 2264 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:33:14.0112 2264 umbus - ok
11:33:14.0143 2264 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:33:14.0143 2264 UmPass - ok
11:33:14.0190 2264 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:33:14.0206 2264 UmRdpService - ok
11:33:14.0237 2264 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:33:14.0253 2264 upnphost - ok
11:33:14.0299 2264 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:33:14.0299 2264 upperdev - ok
11:33:14.0346 2264 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:33:14.0346 2264 USBAAPL - ok
11:33:14.0377 2264 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:33:14.0377 2264 usbccgp - ok
11:33:14.0424 2264 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:33:14.0424 2264 usbcir - ok
11:33:14.0471 2264 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:33:14.0471 2264 usbehci - ok
11:33:14.0518 2264 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:33:14.0518 2264 usbhub - ok
11:33:14.0549 2264 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
11:33:14.0549 2264 usbohci - ok
11:33:14.0565 2264 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:33:14.0565 2264 usbprint - ok
11:33:14.0611 2264 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys
11:33:14.0627 2264 usbser - ok
11:33:14.0767 2264 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:33:14.0767 2264 UsbserFilt - ok
11:33:14.0814 2264 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:33:14.0814 2264 USBSTOR - ok
11:33:14.0845 2264 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
11:33:14.0861 2264 usbuhci - ok
11:33:14.0908 2264 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
11:33:14.0908 2264 usbvideo - ok
11:33:14.0955 2264 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:33:14.0955 2264 UxSms - ok
11:33:15.0001 2264 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:33:15.0001 2264 VaultSvc - ok
11:33:15.0033 2264 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:33:15.0033 2264 vdrvroot - ok
11:33:15.0095 2264 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:33:15.0095 2264 vds - ok
11:33:15.0157 2264 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:33:15.0157 2264 vga - ok
11:33:15.0204 2264 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:33:15.0204 2264 VgaSave - ok
11:33:15.0251 2264 VGPU - ok
11:33:15.0298 2264 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:33:15.0298 2264 vhdmp - ok
11:33:15.0329 2264 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:33:15.0329 2264 viaagp - ok
11:33:15.0345 2264 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:33:15.0360 2264 ViaC7 - ok
11:33:15.0376 2264 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:33:15.0376 2264 viaide - ok
11:33:15.0376 2264 VMnetAdapter - ok
11:33:15.0407 2264 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:33:15.0407 2264 volmgr - ok
11:33:15.0438 2264 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:33:15.0438 2264 volmgrx - ok
11:33:15.0485 2264 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:33:15.0485 2264 volsnap - ok
11:33:15.0532 2264 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:33:15.0532 2264 vsmraid - ok
11:33:15.0625 2264 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:33:15.0641 2264 VSS - ok
11:33:15.0688 2264 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
11:33:15.0688 2264 vwifibus - ok
11:33:15.0719 2264 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
11:33:15.0719 2264 vwififlt - ok
11:33:15.0797 2264 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
11:33:15.0797 2264 vwifimp - ok
11:33:15.0859 2264 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:33:15.0859 2264 W32Time - ok
11:33:15.0906 2264 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:33:15.0906 2264 WacomPen - ok
11:33:15.0953 2264 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:15.0953 2264 WANARP - ok
11:33:15.0969 2264 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:15.0969 2264 Wanarpv6 - ok
11:33:16.0109 2264 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
11:33:16.0125 2264 WatAdminSvc - ok
11:33:16.0327 2264 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:33:16.0343 2264 wbengine - ok
11:33:16.0374 2264 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:33:16.0390 2264 WbioSrvc - ok
11:33:16.0437 2264 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:33:16.0452 2264 wcncsvc - ok
11:33:16.0499 2264 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:33:16.0499 2264 WcsPlugInService - ok
11:33:16.0561 2264 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:33:16.0561 2264 Wd - ok
11:33:16.0593 2264 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:33:16.0608 2264 Wdf01000 - ok
11:33:16.0624 2264 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:33:16.0624 2264 WdiServiceHost - ok
11:33:16.0639 2264 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:33:16.0639 2264 WdiSystemHost - ok
11:33:16.0702 2264 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:33:16.0717 2264 WebClient - ok
11:33:16.0749 2264 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:33:16.0764 2264 Wecsvc - ok
11:33:16.0780 2264 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:33:16.0780 2264 wercplsupport - ok
11:33:16.0811 2264 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:33:16.0827 2264 WerSvc - ok
11:33:16.0858 2264 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:33:16.0858 2264 WfpLwf - ok
11:33:16.0873 2264 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:33:16.0889 2264 WIMMount - ok
11:33:16.0983 2264 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:33:16.0983 2264 WinDefend - ok
11:33:17.0014 2264 WinHttpAutoProxySvc - ok
11:33:17.0076 2264 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:33:17.0076 2264 Winmgmt - ok
11:33:17.0185 2264 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:33:17.0201 2264 WinRM - ok
11:33:17.0295 2264 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:33:17.0295 2264 WinUsb - ok
11:33:17.0388 2264 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:33:17.0404 2264 Wlansvc - ok
11:33:17.0466 2264 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:33:17.0466 2264 wlcrasvc - ok
11:33:17.0638 2264 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:33:17.0685 2264 wlidsvc - ok
11:33:17.0809 2264 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:33:17.0809 2264 WmiAcpi - ok
11:33:17.0872 2264 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:33:17.0872 2264 wmiApSrv - ok
11:33:17.0997 2264 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:33:18.0012 2264 WMPNetworkSvc - ok
11:33:18.0106 2264 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:33:18.0106 2264 WPCSvc - ok
11:33:18.0137 2264 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:33:18.0153 2264 WPDBusEnum - ok
11:33:18.0184 2264 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:33:18.0184 2264 ws2ifsl - ok
11:33:18.0199 2264 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:33:18.0215 2264 wscsvc - ok
11:33:18.0215 2264 WSearch - ok
11:33:18.0371 2264 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:33:18.0402 2264 wuauserv - ok
11:33:18.0558 2264 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:33:18.0558 2264 WudfPf - ok
11:33:18.0621 2264 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:33:18.0621 2264 WUDFRd - ok
11:33:18.0683 2264 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:33:18.0683 2264 wudfsvc - ok
11:33:18.0730 2264 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:33:18.0745 2264 WwanSvc - ok
11:33:18.0777 2264 XDva312 - ok
11:33:18.0948 2264 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:33:18.0964 2264 YahooAUService - ok
11:33:19.0057 2264 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:33:19.0775 2264 \Device\Harddisk0\DR0 - ok
11:33:19.0775 2264 Boot (0x1200) (d331c903cfb5eee40b8da2deb15621df) \Device\Harddisk0\DR0\Partition0
11:33:19.0775 2264 \Device\Harddisk0\DR0\Partition0 - ok
11:33:19.0869 2264 Boot (0x1200) (671047cbee200eef9bf2b2ba8f5ce5eb) \Device\Harddisk0\DR0\Partition1
11:33:19.0869 2264 \Device\Harddisk0\DR0\Partition1 - ok
11:33:19.0884 2264 Boot (0x1200) (ea48adee2c7b1128ec24137554986ce9) \Device\Harddisk0\DR0\Partition2
11:33:19.0884 2264 \Device\Harddisk0\DR0\Partition2 - ok
11:33:19.0884 2264 ============================================================
11:33:19.0884 2264 Scan finished
11:33:19.0884 2264 ============================================================
11:33:19.0900 3240 Detected object count: 1
11:33:19.0900 3240 Actual detected object count: 1
11:33:41.0865 3240 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:33:41.0865 3240 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:33:52.0894 3728 Deinitialize success

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:02 PM

Posted 27 May 2012 - 10:52 PM

Nothing there but GMER shows some malicious activity.
Unfortunately I can't go any further with tools allowed in this forum, so...

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Kondo

Kondo
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:02 PM

Posted 28 May 2012 - 12:14 PM

http://www.bleepingcomputer.com/forums/topic455131.html

Sorry if I made a vague title. I just can't think of what to put in it.

By the way, is it okay to have both MSE and MBAM installed in my computer?

Edited by Kondo, 28 May 2012 - 12:15 PM.


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 28 May 2012 - 04:29 PM

Malware topic here: http://www.bleepingcomputer.com/forums/topic455131.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MR Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users