Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 reboot after 1min / Zeroaccess infection?


  • This topic is locked This topic is locked
41 replies to this topic

#1 Pade1

Pade1

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 June 2012 - 01:58 AM

Hi,

This is my first post here. After having issues with my computer last night and googleing the problem today, I found this forum and I noticed that people were receiveing some very helpfull tips here so I figured I'd give it a shot :)

I have a Sony VAIO -laptop with Windows 7 64bit and MSE.
Last night I was surfing the web when suddenly I reveiced a fake antivirus -notification from something called Live Security Platinum. At the same time I noticed that MSE seemed to be turned off somehow and not reacting in any way.
After using google I used the steps in the following link to try to remove this: http://www.myantispyware.com/2012/06/01/how-to-remove-live-security-platinum-virus/
These steps seemed to work but after rebooting I still noticed a shortcut "Live Security Platinum" in the Start Menu.
MSE was still not working properly and I was also not able to turn windows firewall on, so I uninstalled MSE, downloaded it again and installed it. Shortly after launching it windows alerted "windows has encountered a critical problem and will restart in one minute".
MSE alerts that it found a threat and I think the name was something like "sirefef" but when I try to remove it with MSE the status bar never makes it more than half way before the system reboots.
I also downloaded MalwareBytes again and managed to get it installed but there is not enough time to get the scan done before the shutdown.

I have tried starting the computer in safe mode, safe mode w/networing and in normal mode but this same problem with the forced shutdown appears in all modes and also with or without wlan enabled so I only have about 2 minutes from starting the computer until it automatically shuts down to try and fix this problem :(

I found this thread here: http://www.bleepingcomputer.com/forums/topic455881.html in which the problem seemed to be very similar to mine, but I thougt it would be better to ask separately before trying the steps in the link above as something might still be different compared to my system/problem.

Your help would be greatly appreciated!

Thank you very much in advance!

Regards,
Patrik

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 13 June 2012 - 02:27 AM

Hi Patrik!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running FRST

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit Download Link and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
-----------------


Note: I've asked a moderator to move this thread over to the Malware forum, so that we can use some more specialized tools. :)



-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 June 2012 - 02:38 AM

Hi ST,

Thanks alot for your super quick reply!
I'm at work now so just letting you know I will definately give this a shot and get back to you with the log as soon as I'm back home!
Again, thanks for the quick response!

Regards,
Patrik

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 13 June 2012 - 02:43 AM

Hi Patrik!

Not a problem! I'll look for your response a little later today then. :)

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 13 June 2012 - 12:32 PM

Hi ST,

Here is the log from FRST:

Scan result of Farbar Recovery Scan Tool Version: 12-06-2012 02
Ran by SYSTEM at 13-06-2012 20:28:58
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11490408 2011-02-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2179688 2011-02-23] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-04-06] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-04-06] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-04-06] (Intel Corporation)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [226672 2010-12-06] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe [421192 2011-02-14] (AuthenTec, Inc.)
HKLM\...\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe [308040 2011-02-14] (AuthenTec, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-01-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2104456 2011-05-26] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [svcdotnet] C:\Program Files\FKL\svcdotnet\svcdotnet.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Pade\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [955792 2012-05-04] (Samsung)
HKU\Pade\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-05-04] (Samsung Electronics Co., Ltd.)
HKU\Pade\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-05-04] ()
HKU\Pade\...\Run: [Facebook Update] "C:\Users\Pade\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-04-13] (Facebook Inc.)
HKU\Pade\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Pade\...\Run: [Spotify Web Helper] "C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-26] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Pade\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> (No File)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdobeActiveFileMonitor9.0; C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-10-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2011-04-29] (Macrovision Europe Ltd.)
2 FPLService; "C:\Program Files\TrueSuite\TrueSuite.Service.exe" [290120 2011-02-14] (AuthenTec, Inc)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-03-08] (Intel Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [64704 2011-03-05] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [550080 2011-02-14] (Sony Corporation)
3 VCService; "C:\Program Files\Sony\VAIO Care\VCService.exe" [44736 2011-02-14] (Sony Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [852160 2011-03-29] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1021840 2011-04-20] (Sony Corporation)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-07-20] (MCCI Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-13 20:28 - 2012-06-13 20:29 - 00000000 ____D C:\FRST
2012-06-13 03:51 - 2012-06-13 03:51 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-13 03:51 - 2012-06-13 03:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 03:51 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-13 03:48 - 2012-06-13 03:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Pade\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-12 18:11 - 2012-06-12 18:11 - 00001266 ____A C:\Users\Pade\Desktop\shutdown.exe.lnk
2012-06-12 16:57 - 2012-06-12 16:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-12 16:57 - 2012-06-12 16:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-12 16:42 - 2012-06-12 16:42 - 00000000 ____D C:\Users\Pade\AppData\Roaming\Malwarebytes
2012-06-12 16:41 - 2012-06-12 16:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 16:38 - 2012-06-12 16:39 - 00138670 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_19.38.56_log.txt
2012-06-12 16:34 - 2012-06-13 03:56 - 01635794 ____A C:\Windows\ntbtlog.txt
2012-06-12 16:33 - 2012-06-12 16:33 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-12 16:23 - 2012-06-12 16:23 - 00000000 ____D C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331
2012-06-12 14:20 - 2012-06-12 14:20 - 00000000 ____D C:\Users\Pade\AppData\Local\Macromedia
2012-06-12 03:43 - 2012-06-12 03:43 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-12 03:22 - 2012-06-12 15:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-10 06:30 - 2012-06-10 06:30 - 00000000 ____D C:\Users\Pade\AppData\Local\{95F3E996-1A3D-407C-BEFF-EA111016674E}
2012-06-10 06:30 - 2012-06-10 06:30 - 00000000 ____D C:\Users\Pade\AppData\Local\{4CB851A2-FB7C-47A4-86CC-18D1D27D123E}
2012-06-09 13:56 - 2012-06-09 13:57 - 00000000 ____D C:\Users\Pade\AppData\Local\{00CEAE9B-321D-43E5-BCC5-5B41CA946295}
2012-06-09 13:56 - 2012-06-09 13:56 - 00000000 ____D C:\Users\Pade\AppData\Local\{E60132DF-727E-4D40-8E0F-72CC3E183815}
2012-06-09 01:31 - 2012-06-02 22:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-09 01:31 - 2012-06-02 22:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-09 01:31 - 2012-06-02 22:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-09 01:31 - 2012-06-02 22:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-09 01:31 - 2012-06-02 22:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-09 01:31 - 2012-06-02 22:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-09 01:31 - 2012-06-02 22:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-09 01:30 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-09 01:30 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:51 - 2012-06-02 08:52 - 00000000 ____D C:\Users\Pade\AppData\Local\{4AF531FE-97D9-4CF2-9A26-5A83E48C0BD1}
2012-06-02 08:51 - 2012-06-02 08:51 - 00000000 ____D C:\Users\Pade\AppData\Local\{0ED18C58-78C2-43D3-9923-AFD4402DA21D}
2012-05-31 14:09 - 2012-05-31 14:09 - 00000000 ____D C:\Users\Pade\AppData\Local\{58F203FA-C672-4F11-AF63-6422DAA7126F}
2012-05-31 14:09 - 2012-05-31 14:09 - 00000000 ____D C:\Users\Pade\AppData\Local\{5831FEED-490D-4323-AB1D-7C618B0C59AB}
2012-05-30 14:10 - 2012-05-30 14:10 - 00000000 ____D C:\Users\Pade\AppData\Local\{3A3BFD7D-9E14-442E-9F03-B831466AA3C8}
2012-05-30 14:10 - 2012-05-30 14:10 - 00000000 ____D C:\Users\Pade\AppData\Local\{2B1B2AF2-3194-473F-9EBA-51C57E09A3D2}
2012-05-26 08:46 - 2012-05-26 08:46 - 00262144 ____A C:\Windows\Minidump\052612-41449-01.dmp
2012-05-26 07:40 - 2012-05-26 07:40 - 00000000 ____D C:\Users\Pade\AppData\Local\{9AADB8E0-326F-4861-A073-627523E1D290}
2012-05-26 07:40 - 2012-05-26 07:40 - 00000000 ____D C:\Users\Pade\AppData\Local\{9A5FFA0B-7347-4072-AEA3-B36275278A33}
2012-05-19 08:14 - 2012-05-19 08:14 - 00262144 ____A C:\Windows\Minidump\051912-30763-01.dmp
2012-05-18 13:01 - 2012-06-12 19:51 - 00017085 ____A C:\Windows\SysWOW64\debug.log
2012-05-18 10:06 - 2012-05-18 10:06 - 00000000 ____D C:\Users\Pade\AppData\Local\{F8D8D878-A849-4F35-9E65-960B051D6FD3}
2012-05-18 10:06 - 2012-05-18 10:06 - 00000000 ____D C:\Users\Pade\AppData\Local\{8FA2FCE1-3BEA-4F0D-88C3-B58FFC966052}

============ 3 Months Modified Files and Folders =============

2012-06-13 17:25 - 2012-03-31 14:57 - 00015224 ____A C:\Windows\setupact.log
2012-06-13 17:25 - 2009-07-14 05:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-13 04:02 - 2012-05-18 13:01 - 00017085 ____A C:\Windows\SysWOW64\debug.log
2012-06-13 04:02 - 2011-07-31 15:45 - 00000000 ____D C:\Users\Pade\AppData\Roaming\Skype
2012-06-13 04:01 - 2012-04-13 15:56 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816854515-382891296-2279070631-1001UA.job
2012-06-13 04:01 - 2012-01-11 16:22 - 00000000 __SHD C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}
2012-06-13 03:56 - 2012-06-12 16:34 - 01635794 ____A C:\Windows\ntbtlog.txt
2012-06-13 03:51 - 2012-06-13 03:51 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-13 03:51 - 2012-06-13 03:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 03:49 - 2009-07-14 05:13 - 00786854 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 03:48 - 2012-06-13 03:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Pade\Desktop\mbam-setup-1.61.0.1400.exe
2012-06-12 18:11 - 2012-06-12 18:11 - 00001266 ____A C:\Users\Pade\Desktop\shutdown.exe.lnk
2012-06-12 17:55 - 2011-07-29 10:13 - 01388062 ____A C:\Windows\WindowsUpdate.log
2012-06-12 16:58 - 2011-07-29 10:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-12 16:58 - 2009-07-14 04:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-12 16:58 - 2009-07-14 04:45 - 00020944 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-12 16:57 - 2012-06-12 16:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-12 16:57 - 2012-06-12 16:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-12 16:57 - 2011-02-14 21:24 - 00792700 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-12 16:48 - 2012-04-01 08:50 - 00011492 ____A C:\Windows\PFRO.log
2012-06-12 16:42 - 2012-06-12 16:42 - 00000000 ____D C:\Users\Pade\AppData\Roaming\Malwarebytes
2012-06-12 16:41 - 2012-06-12 16:41 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 16:39 - 2012-06-12 16:38 - 00138670 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_19.38.56_log.txt
2012-06-12 16:33 - 2012-06-12 16:33 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-12 16:23 - 2012-06-12 16:23 - 00000000 ____D C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331
2012-06-12 16:01 - 2012-04-13 15:56 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1816854515-382891296-2279070631-1001Core.job
2012-06-12 15:54 - 2011-07-30 11:19 - 00000000 ____D C:\Users\Pade\AppData\Roaming\Spotify
2012-06-12 15:43 - 2012-06-12 03:22 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-12 14:24 - 2011-07-30 11:19 - 00000000 ____D C:\Users\Pade\AppData\Local\Spotify
2012-06-12 14:20 - 2012-06-12 14:20 - 00000000 ____D C:\Users\Pade\AppData\Local\Macromedia
2012-06-12 03:43 - 2012-06-12 03:43 - 04126880 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-06-12 03:43 - 2012-03-30 16:08 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-12 03:43 - 2011-08-08 14:03 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 19:05 - 2011-07-29 10:52 - 00000000 ____D C:\Users\Pade\AppData\Roaming\uTorrent
2012-06-10 19:00 - 2012-01-25 20:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-10 19:00 - 2012-01-25 20:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-06-10 09:01 - 2011-07-29 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-06-10 06:30 - 2012-06-10 06:30 - 00000000 ____D C:\Users\Pade\AppData\Local\{95F3E996-1A3D-407C-BEFF-EA111016674E}
2012-06-10 06:30 - 2012-06-10 06:30 - 00000000 ____D C:\Users\Pade\AppData\Local\{4CB851A2-FB7C-47A4-86CC-18D1D27D123E}
2012-06-09 13:57 - 2012-06-09 13:56 - 00000000 ____D C:\Users\Pade\AppData\Local\{00CEAE9B-321D-43E5-BCC5-5B41CA946295}
2012-06-09 13:56 - 2012-06-09 13:56 - 00000000 ____D C:\Users\Pade\AppData\Local\{E60132DF-727E-4D40-8E0F-72CC3E183815}
2012-06-06 03:33 - 2012-05-03 19:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-05 19:20 - 2011-07-29 10:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-02 22:19 - 2012-06-09 01:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 22:19 - 2012-06-09 01:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 22:19 - 2012-06-09 01:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 22:19 - 2012-06-09 01:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 22:19 - 2012-06-09 01:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 22:15 - 2012-06-09 01:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 22:15 - 2012-06-09 01:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-09 01:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-09 01:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:52 - 2012-06-02 08:51 - 00000000 ____D C:\Users\Pade\AppData\Local\{4AF531FE-97D9-4CF2-9A26-5A83E48C0BD1}
2012-06-02 08:51 - 2012-06-02 08:51 - 00000000 ____D C:\Users\Pade\AppData\Local\{0ED18C58-78C2-43D3-9923-AFD4402DA21D}
2012-05-31 14:09 - 2012-05-31 14:09 - 00000000 ____D C:\Users\Pade\AppData\Local\{58F203FA-C672-4F11-AF63-6422DAA7126F}
2012-05-31 14:09 - 2012-05-31 14:09 - 00000000 ____D C:\Users\Pade\AppData\Local\{5831FEED-490D-4323-AB1D-7C618B0C59AB}
2012-05-30 14:10 - 2012-05-30 14:10 - 00000000 ____D C:\Users\Pade\AppData\Local\{3A3BFD7D-9E14-442E-9F03-B831466AA3C8}
2012-05-30 14:10 - 2012-05-30 14:10 - 00000000 ____D C:\Users\Pade\AppData\Local\{2B1B2AF2-3194-473F-9EBA-51C57E09A3D2}
2012-05-26 08:49 - 2011-07-30 11:19 - 00000000 ____D C:\Program Files (x86)\Spotify
2012-05-26 08:46 - 2012-05-26 08:46 - 00262144 ____A C:\Windows\Minidump\052612-41449-01.dmp
2012-05-26 08:46 - 2012-04-25 03:51 - 573649301 ____A C:\Windows\MEMORY.DMP
2012-05-26 08:46 - 2011-07-30 10:15 - 00000000 ____D C:\Windows\Minidump
2012-05-26 07:40 - 2012-05-26 07:40 - 00000000 ____D C:\Users\Pade\AppData\Local\{9AADB8E0-326F-4861-A073-627523E1D290}
2012-05-26 07:40 - 2012-05-26 07:40 - 00000000 ____D C:\Users\Pade\AppData\Local\{9A5FFA0B-7347-4072-AEA3-B36275278A33}
2012-05-24 18:58 - 2011-09-27 18:29 - 00444500 ____A C:\test.xml
2012-05-19 08:14 - 2012-05-19 08:14 - 00262144 ____A C:\Windows\Minidump\051912-30763-01.dmp
2012-05-18 10:06 - 2012-05-18 10:06 - 00000000 ____D C:\Users\Pade\AppData\Local\{F8D8D878-A849-4F35-9E65-960B051D6FD3}
2012-05-18 10:06 - 2012-05-18 10:06 - 00000000 ____D C:\Users\Pade\AppData\Local\{8FA2FCE1-3BEA-4F0D-88C3-B58FFC966052}
2012-05-13 16:09 - 2011-07-29 10:53 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-11 15:16 - 2012-05-11 15:16 - 00000000 ____D C:\Users\Pade\AppData\Local\{C2F0306D-8307-4F33-8829-0DFECE7770C1}
2012-05-11 15:16 - 2012-05-11 15:15 - 00000000 ____D C:\Users\Pade\AppData\Local\{47972908-22E3-4B6D-A28D-19FAFA22416B}
2012-05-11 14:16 - 2012-05-11 14:16 - 00266472 ____A C:\Windows\Minidump\051112-33150-01.dmp
2012-05-10 14:14 - 2009-07-14 04:45 - 00423456 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-10 13:54 - 2011-08-24 19:05 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-10 13:54 - 2011-08-20 09:23 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-10 13:40 - 2011-03-14 20:46 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 13:49 - 2009-07-14 05:08 - 00032578 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-05 08:35 - 2012-05-05 08:35 - 00000943 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-03 19:00 - 2012-05-03 19:00 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-28 10:13 - 2012-04-28 10:13 - 00000000 ____D C:\Users\Pade\AppData\Local\{4AD51FF2-489A-4070-BAE6-17E30BDE7E11}
2012-04-28 10:13 - 2012-04-28 10:13 - 00000000 ____D C:\Users\Pade\AppData\Local\{1DC3EDC5-085A-4BE4-8D5F-38BE5B137A40}
2012-04-28 05:27 - 2012-04-28 05:26 - 00000000 ____D C:\Users\Pade\AppData\Local\{CC8222C4-5221-4686-ADDB-5127AF9691E2}
2012-04-28 05:26 - 2012-04-28 05:26 - 00000000 ____D C:\Users\Pade\AppData\Local\{32B2AF08-1796-400A-B88B-EC165306CF7C}
2012-04-25 03:52 - 2012-04-25 03:52 - 00262144 ____A C:\Windows\Minidump\042512-57189-01.dmp
2012-04-14 07:12 - 2011-04-29 10:14 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-14 07:12 - 2011-04-29 10:13 - 00000000 ____D C:\Users\All Users\Skype
2012-04-13 17:23 - 2012-04-13 17:23 - 00000000 ____D C:\Users\Pade\AppData\Local\{77802748-0D97-42C0-9B01-A6600EEB1D5D}
2012-04-13 17:23 - 2012-04-13 17:23 - 00000000 ____D C:\Users\Pade\AppData\Local\{38F7638A-B4E8-400C-A243-DE2F4A8D5935}
2012-04-13 17:21 - 2012-04-13 17:20 - 00000379 ____A C:\Windows\DirectX.log
2012-04-13 17:14 - 2012-04-13 17:14 - 00000000 ____D C:\Users\Pade\AppData\Local\{801EE882-5E34-4468-A64C-464007E13F7F}
2012-04-13 17:14 - 2012-04-13 17:13 - 00000000 ____D C:\Users\Pade\AppData\Local\{825D7835-084D-4DEA-8FF7-38A91D909AC1}
2012-04-13 16:00 - 2009-07-14 02:34 - 00000478 ____A C:\Windows\win.ini
2012-04-13 15:56 - 2012-04-13 15:56 - 00000000 ____D C:\Users\Pade\AppData\Local\Facebook
2012-04-13 15:55 - 2012-04-13 15:55 - 00000000 ____D C:\Users\Pade\AppData\Local\{C182A4AC-90E9-459F-91D8-5E1FF20FCA61}
2012-04-13 15:55 - 2011-07-29 10:25 - 00000000 ____D C:\Users\Pade\AppData\Local\Windows Live
2012-04-04 12:56 - 2012-06-13 03:51 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 16:11 - 2012-04-03 16:11 - 00000000 ____D C:\Users\Pade\AppData\Local\{39976F9C-6952-4DB5-B1B9-75A6B6661367}
2012-04-02 17:45 - 2012-03-04 08:58 - 00000000 ____D C:\Kattikansio
2012-04-01 08:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-04-01 08:50 - 2011-07-29 10:14 - 00000000 ____D C:\users\Pade
2012-03-31 14:57 - 2012-03-31 14:57 - 00000000 ____A C:\Windows\setuperr.log
2012-03-31 13:06 - 2012-03-31 12:21 - 00000000 ____D C:\Users\Pade\AppData\Roaming\AusLogics
2012-03-31 07:57 - 2011-04-29 10:12 - 00000000 ___HD C:\SPLASH.000
2012-03-31 06:05 - 2012-05-09 13:34 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:11 - 2012-03-31 05:11 - 00000000 ____D C:\Users\Pade\AppData\Local\{EFE70304-BAC1-451F-A6A8-26BA006AF9A2}
2012-03-31 04:39 - 2012-05-09 13:33 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 04:39 - 2012-05-09 13:33 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 03:10 - 2012-05-09 13:34 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 11:35 - 2012-05-09 13:33 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 17:44 - 2012-03-20 17:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 15:43 - 2012-03-20 15:43 - 00000000 ____D C:\Users\Pade\AppData\Local\{78AB73BF-9D9A-47C6-B5C7-862CC4E76534}
2012-03-20 15:43 - 2012-03-20 15:43 - 00000000 ____D C:\Users\Pade\AppData\Local\{3618F2AA-B63D-4324-93BB-79FDF4E634FF}
2012-03-17 07:58 - 2012-05-09 13:33 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


ZeroAccess:
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\00000001.@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\80000000.@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\800000cb.@

ZeroAccess:
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 23:19] - [2009-07-14 01:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 4011.86 MB
Available physical RAM: 3339.73 MB
Total Pagefile: 4010.01 MB
Available Pagefile: 3326.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:447.37 GB) (Free:106.09 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:18.29 GB) (Free:1.11 GB) NTFS
4 Drive g: (VISMA) (Removable) (Total:3.65 GB) (Free:3.6 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3736 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 18 GB 1024 KB
Partition 2 Primary 100 MB 18 GB
Partition 3 Primary 447 GB 18 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 18 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 447 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3733 MB 4032 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G VISMA NTFS Removable 3733 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-09 15:38

======================= End Of Log ==========================


Looking forward to your comments!

Thanks,
Patrik

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 14 June 2012 - 07:29 AM

Hi Patrik!

I'm looking over your log file now. I should have a fix for you shortly.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 14 June 2012 - 07:37 AM

Hi!

Run this fix and let me know if you're able to boot up into Windows afterwards. :)

Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

CMD: type "C:\TDSSKiller.2.7.36.0_12.06.2012_19.38.56_log.txt"
FOLDER: C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331
FOLDER: C:\Users\Pade\AppData\Local\{95F3E996-1A3D-407C-BEFF-EA111016674E}
FOLDER: C:\Users\Pade\AppData\Local\{4CB851A2-FB7C-47A4-86CC-18D1D27D123E} 
FOLDER: C:\Users\Pade\AppData\Local\{00CEAE9B-321D-43E5-BCC5-5B41CA946295} 
FOLDER: C:\Users\Pade\AppData\Local\{E60132DF-727E-4D40-8E0F-72CC3E183815} 
FOLDER: C:\Users\Pade\AppData\Local\{4AF531FE-97D9-4CF2-9A26-5A83E48C0BD1} 
FOLDER: C:\Users\Pade\AppData\Local\{0ED18C58-78C2-43D3-9923-AFD4402DA21D} 
FOLDER: C:\Users\Pade\AppData\Local\{58F203FA-C672-4F11-AF63-6422DAA7126F} 
FOLDER: C:\Users\Pade\AppData\Local\{5831FEED-490D-4323-AB1D-7C618B0C59AB} 
FOLDER: C:\Users\Pade\AppData\Local\{3A3BFD7D-9E14-442E-9F03-B831466AA3C8} 
FOLDER: C:\Users\Pade\AppData\Local\{2B1B2AF2-3194-473F-9EBA-51C57E09A3D2} 
FOLDER: C:\Users\Pade\AppData\Local\{9AADB8E0-326F-4861-A073-627523E1D290}
FOLDER: C:\Users\Pade\AppData\Local\{9A5FFA0B-7347-4072-AEA3-B36275278A33}
FOLDER: C:\Users\Pade\AppData\Local\{F8D8D878-A849-4F35-9E65-960B051D6FD3}
FOLDER: C:\Users\Pade\AppData\Local\{8FA2FCE1-3BEA-4F0D-88C3-B58FFC966052}
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [svcdotnet] C:\Program Files\FKL\svcdotnet\svcdotnet.exe [x]
2012-06-12 16:33 - 2012-06-12 16:33 - 00000000 __SHD C:\Windows\System32\%APPDATA%
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\00000001.@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\80000000.@
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\800000cb.@
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 14 June 2012 - 09:32 AM

Hi,

I ran the fix and was able to boot to windows afterwards but again just as MSE notifies me that it is cleaning the computer of a threat the notification of windows encountering a critical error and shutting down in one minute pops up again and the computer reboots :(

Here's the fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 2012-06-14 17:15:02 Run:1
Running from D:\

==============================================


========= type "C:\TDSSKiller.2.7.36.0_12.06.2012_19.38.56_log.txt" =========

19:38:56.0638 1968 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:38:56.0841 1968 ============================================================
19:38:56.0841 1968 Current date / time: 2012/06/12 19:38:56.0841
19:38:56.0841 1968 SystemInfo:
19:38:56.0841 1968
19:38:56.0841 1968 OS Version: 6.1.7601 ServicePack: 1.0
19:38:56.0841 1968 Product type: Workstation
19:38:56.0841 1968 ComputerName: PADE-VAIO
19:38:56.0841 1968 UserName: Pade
19:38:56.0841 1968 Windows directory: C:\Windows
19:38:56.0841 1968 System windows directory: C:\Windows
19:38:56.0841 1968 Running under WOW64
19:38:56.0841 1968 Processor architecture: Intel x64
19:38:56.0841 1968 Number of processors: 4
19:38:56.0841 1968 Page size: 0x1000
19:38:56.0841 1968 Boot type: Safe boot with network
19:38:56.0841 1968 ============================================================
19:38:58.0214 1968 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:38:58.0229 1968 ============================================================
19:38:58.0229 1968 \Device\Harddisk0\DR0:
19:38:58.0229 1968 MBR partitions:
19:38:58.0229 1968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2494800, BlocksNum 0x32000
19:38:58.0229 1968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x24C6800, BlocksNum 0x37EBF030
19:38:58.0229 1968 ============================================================
19:38:58.0261 1968 C: <-> \Device\Harddisk0\DR0\Partition1
19:38:58.0261 1968 ============================================================
19:38:58.0261 1968 Initialize success
19:38:58.0261 1968 ============================================================
19:39:15.0389 0860 ============================================================
19:39:15.0389 0860 Scan started
19:39:15.0389 0860 Mode: Manual;
19:39:15.0389 0860 ============================================================
19:39:16.0606 0860 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:39:16.0606 0860 1394ohci - ok
19:39:16.0700 0860 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:39:16.0700 0860 ACDaemon - ok
19:39:16.0731 0860 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:39:16.0747 0860 ACPI - ok
19:39:16.0778 0860 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:39:16.0778 0860 AcpiPmi - ok
19:39:16.0887 0860 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
19:39:16.0887 0860 AdobeActiveFileMonitor9.0 - ok
19:39:16.0981 0860 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:39:16.0981 0860 AdobeARMservice - ok
19:39:17.0137 0860 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:39:17.0137 0860 AdobeFlashPlayerUpdateSvc - ok
19:39:17.0199 0860 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:39:17.0199 0860 adp94xx - ok
19:39:17.0230 0860 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:39:17.0230 0860 adpahci - ok
19:39:17.0261 0860 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:39:17.0261 0860 adpu320 - ok
19:39:17.0308 0860 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:39:17.0308 0860 AeLookupSvc - ok
19:39:17.0355 0860 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:39:17.0355 0860 AFD - ok
19:39:17.0402 0860 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:39:17.0402 0860 agp440 - ok
19:39:17.0417 0860 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:39:17.0417 0860 ALG - ok
19:39:17.0464 0860 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:39:17.0464 0860 aliide - ok
19:39:17.0511 0860 AMD External Events Utility (14bd9450992551a5a58580b4ba85daa1) C:\Windows\system32\atiesrxx.exe
19:39:17.0511 0860 AMD External Events Utility - ok
19:39:17.0542 0860 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:39:17.0558 0860 amdide - ok
19:39:17.0573 0860 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:39:17.0573 0860 AmdK8 - ok
19:39:18.0244 0860 amdkmdag (62b34ee19b5ecda129fadd10b7d2ea9c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:18.0400 0860 amdkmdag - ok
19:39:18.0509 0860 amdkmdap (7033caa5b9550e470c985815382744ff) C:\Windows\system32\DRIVERS\atikmpag.sys
19:39:18.0509 0860 amdkmdap - ok
19:39:18.0541 0860 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:39:18.0541 0860 AmdPPM - ok
19:39:18.0572 0860 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:39:18.0572 0860 amdsata - ok
19:39:18.0603 0860 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:39:18.0603 0860 amdsbs - ok
19:39:18.0619 0860 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:39:18.0619 0860 amdxata - ok
19:39:18.0650 0860 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
19:39:18.0650 0860 androidusb - ok
19:39:18.0681 0860 ApfiltrService (9dc1a45ba81c923db68a162b0f0d0149) C:\Windows\system32\drivers\Apfiltr.sys
19:39:18.0681 0860 ApfiltrService - ok
19:39:18.0712 0860 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:39:18.0712 0860 AppID - ok
19:39:18.0728 0860 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:39:18.0728 0860 AppIDSvc - ok
19:39:18.0743 0860 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:39:18.0759 0860 Appinfo - ok
19:39:18.0821 0860 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:39:18.0821 0860 Apple Mobile Device - ok
19:39:18.0853 0860 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:39:18.0853 0860 AppMgmt - ok
19:39:18.0884 0860 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:39:18.0884 0860 arc - ok
19:39:18.0915 0860 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:39:18.0915 0860 arcsas - ok
19:39:18.0993 0860 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:39:19.0040 0860 aspnet_state - ok
19:39:19.0055 0860 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:19.0055 0860 AsyncMac - ok
19:39:19.0087 0860 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:39:19.0102 0860 atapi - ok
19:39:19.0180 0860 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
19:39:19.0196 0860 athr - ok
19:39:19.0352 0860 ATSwpWDF (26970f26ebab7d5d1b795a3f9013cd80) C:\Windows\system32\DRIVERS\ATSwpWDF.sys
19:39:19.0367 0860 ATSwpWDF - ok
19:39:19.0414 0860 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:39:19.0414 0860 AudioEndpointBuilder - ok
19:39:19.0430 0860 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:39:19.0430 0860 AudioSrv - ok
19:39:19.0445 0860 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:39:19.0461 0860 AxInstSV - ok
19:39:19.0508 0860 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:39:19.0508 0860 b06bdrv - ok
19:39:19.0539 0860 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:39:19.0539 0860 b57nd60a - ok
19:39:19.0633 0860 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:39:19.0633 0860 BBSvc - ok
19:39:19.0648 0860 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:39:19.0664 0860 BBUpdate - ok
19:39:19.0695 0860 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:39:19.0695 0860 BDESVC - ok
19:39:19.0711 0860 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:39:19.0711 0860 Beep - ok
19:39:19.0789 0860 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
19:39:19.0789 0860 BITS - ok
19:39:19.0820 0860 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:39:19.0820 0860 blbdrive - ok
19:39:19.0867 0860 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:39:19.0882 0860 Bonjour Service - ok
19:39:19.0929 0860 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:39:19.0929 0860 bowser - ok
19:39:19.0945 0860 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:39:19.0960 0860 BrFiltLo - ok
19:39:19.0976 0860 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:39:19.0976 0860 BrFiltUp - ok
19:39:20.0007 0860 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:39:20.0007 0860 Browser - ok
19:39:20.0054 0860 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:39:20.0054 0860 Brserid - ok
19:39:20.0069 0860 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:39:20.0069 0860 BrSerWdm - ok
19:39:20.0069 0860 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:39:20.0069 0860 BrUsbMdm - ok
19:39:20.0116 0860 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:39:20.0116 0860 BrUsbSer - ok
19:39:20.0132 0860 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:39:20.0132 0860 BthEnum - ok
19:39:20.0147 0860 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:39:20.0147 0860 BTHMODEM - ok
19:39:20.0179 0860 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:39:20.0179 0860 BthPan - ok
19:39:20.0225 0860 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
19:39:20.0225 0860 BTHPORT - ok
19:39:20.0257 0860 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:39:20.0257 0860 bthserv - ok
19:39:20.0272 0860 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
19:39:20.0272 0860 BTHUSB - ok
19:39:20.0319 0860 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
19:39:20.0319 0860 btwampfl - ok
19:39:20.0335 0860 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
19:39:20.0335 0860 btwaudio - ok
19:39:20.0381 0860 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
19:39:20.0381 0860 btwavdt - ok
19:39:20.0475 0860 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:39:20.0491 0860 btwdins - ok
19:39:20.0506 0860 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:39:20.0506 0860 btwl2cap - ok
19:39:20.0522 0860 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
19:39:20.0522 0860 btwrchid - ok
19:39:20.0553 0860 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:39:20.0553 0860 cdfs - ok
19:39:20.0569 0860 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:39:20.0569 0860 cdrom - ok
19:39:20.0600 0860 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:39:20.0600 0860 CertPropSvc - ok
19:39:20.0615 0860 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:39:20.0615 0860 circlass - ok
19:39:20.0631 0860 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:39:20.0647 0860 CLFS - ok
19:39:20.0725 0860 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:20.0725 0860 clr_optimization_v2.0.50727_32 - ok
19:39:20.0771 0860 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:39:20.0771 0860 clr_optimization_v2.0.50727_64 - ok
19:39:20.0818 0860 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:20.0927 0860 clr_optimization_v4.0.30319_32 - ok
19:39:20.0974 0860 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:39:21.0037 0860 clr_optimization_v4.0.30319_64 - ok
19:39:21.0052 0860 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:39:21.0052 0860 CmBatt - ok
19:39:21.0083 0860 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:39:21.0083 0860 cmdide - ok
19:39:21.0130 0860 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:39:21.0146 0860 CNG - ok
19:39:21.0177 0860 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:39:21.0177 0860 Compbatt - ok
19:39:21.0208 0860 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:39:21.0208 0860 CompositeBus - ok
19:39:21.0208 0860 COMSysApp - ok
19:39:21.0255 0860 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:39:21.0255 0860 crcdisk - ok
19:39:21.0286 0860 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:39:21.0302 0860 CryptSvc - ok
19:39:21.0317 0860 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:39:21.0333 0860 CSC - ok
19:39:21.0380 0860 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:39:21.0395 0860 CscService - ok
19:39:21.0411 0860 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
19:39:21.0411 0860 ctxusbm - ok
19:39:21.0458 0860 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:39:21.0458 0860 DcomLaunch - ok
19:39:21.0489 0860 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:39:21.0489 0860 defragsvc - ok
19:39:21.0536 0860 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:39:21.0536 0860 DfsC - ok
19:39:21.0551 0860 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
19:39:21.0551 0860 dg_ssudbus - ok
19:39:21.0598 0860 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:39:21.0598 0860 Dhcp - ok
19:39:21.0614 0860 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:39:21.0614 0860 discache - ok
19:39:21.0645 0860 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:39:21.0645 0860 Disk - ok
19:39:21.0661 0860 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
19:39:21.0676 0860 dmvsc - ok
19:39:21.0723 0860 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:39:21.0723 0860 Dnscache - ok
19:39:21.0739 0860 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:39:21.0754 0860 dot3svc - ok
19:39:21.0770 0860 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:39:21.0785 0860 DPS - ok
19:39:21.0801 0860 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:39:21.0801 0860 drmkaud - ok
19:39:21.0848 0860 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:39:21.0848 0860 DXGKrnl - ok
19:39:21.0879 0860 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
19:39:21.0879 0860 e1yexpress - ok
19:39:21.0895 0860 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:39:21.0895 0860 EapHost - ok
19:39:22.0051 0860 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:39:22.0097 0860 ebdrv - ok
19:39:22.0191 0860 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:39:22.0191 0860 EFS - ok
19:39:22.0253 0860 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:39:22.0269 0860 ehRecvr - ok
19:39:22.0285 0860 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:39:22.0300 0860 ehSched - ok
19:39:22.0363 0860 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:39:22.0378 0860 elxstor - ok
19:39:22.0394 0860 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:39:22.0394 0860 ErrDev - ok
19:39:22.0441 0860 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:39:22.0456 0860 EventSystem - ok
19:39:22.0612 0860 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:39:22.0643 0860 EvtEng - ok
19:39:22.0737 0860 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:39:22.0753 0860 exfat - ok
19:39:22.0784 0860 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:39:22.0799 0860 fastfat - ok
19:39:22.0893 0860 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:39:22.0909 0860 Fax - ok
19:39:22.0940 0860 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:39:22.0940 0860 fdc - ok
19:39:22.0955 0860 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:39:22.0971 0860 fdPHost - ok
19:39:22.0971 0860 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:39:22.0987 0860 FDResPub - ok
19:39:22.0987 0860 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:39:22.0987 0860 FileInfo - ok
19:39:23.0002 0860 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:39:23.0002 0860 Filetrace - ok
19:39:23.0080 0860 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:39:23.0096 0860 FLEXnet Licensing Service - ok
19:39:23.0111 0860 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:39:23.0111 0860 flpydisk - ok
19:39:23.0158 0860 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:39:23.0158 0860 FltMgr - ok
19:39:23.0252 0860 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:39:23.0267 0860 FontCache - ok
19:39:23.0361 0860 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:39:23.0361 0860 FontCache3.0.0.0 - ok
19:39:23.0408 0860 FPLService (ec8d14b3d2d3a3fd88aa2ee05670b497) C:\Program Files\TrueSuite\TrueSuite.Service.exe
19:39:23.0423 0860 FPLService - ok
19:39:23.0486 0860 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:39:23.0501 0860 FsDepends - ok
19:39:23.0533 0860 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:39:23.0533 0860 Fs_Rec - ok
19:39:23.0548 0860 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:39:23.0548 0860 fvevol - ok
19:39:23.0579 0860 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:39:23.0579 0860 gagp30kx - ok
19:39:23.0611 0860 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:23.0611 0860 GEARAspiWDM - ok
19:39:23.0657 0860 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:39:23.0673 0860 gpsvc - ok
19:39:23.0704 0860 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:39:23.0704 0860 hcw85cir - ok
19:39:23.0735 0860 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:39:23.0735 0860 HdAudAddService - ok
19:39:23.0751 0860 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:39:23.0751 0860 HDAudBus - ok
19:39:23.0767 0860 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:39:23.0767 0860 HidBatt - ok
19:39:23.0782 0860 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:39:23.0782 0860 HidBth - ok
19:39:23.0845 0860 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:39:23.0845 0860 HidIr - ok
19:39:23.0860 0860 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:39:23.0876 0860 hidserv - ok
19:39:23.0891 0860 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:39:23.0891 0860 HidUsb - ok
19:39:23.0923 0860 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:39:23.0923 0860 hkmsvc - ok
19:39:23.0938 0860 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:39:23.0938 0860 HomeGroupListener - ok
19:39:23.0969 0860 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:39:23.0969 0860 HomeGroupProvider - ok
19:39:24.0001 0860 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:39:24.0001 0860 HpSAMD - ok
19:39:24.0047 0860 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:39:24.0047 0860 HTTP - ok
19:39:24.0063 0860 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:39:24.0063 0860 hwpolicy - ok
19:39:24.0094 0860 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:39:24.0094 0860 i8042prt - ok
19:39:24.0125 0860 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
19:39:24.0141 0860 iaStor - ok
19:39:24.0235 0860 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:39:24.0235 0860 IAStorDataMgrSvc - ok
19:39:24.0281 0860 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:39:24.0297 0860 iaStorV - ok
19:39:24.0422 0860 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:39:24.0422 0860 idsvc - ok
19:39:24.0453 0860 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:39:24.0453 0860 iirsp - ok
19:39:24.0531 0860 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:39:24.0547 0860 IKEEXT - ok
19:39:24.0687 0860 IntcAzAudAddService (cdb772f707ac24b43a20c821852ca61f) C:\Windows\system32\drivers\RTKVHD64.sys
19:39:24.0718 0860 IntcAzAudAddService - ok
19:39:24.0843 0860 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:39:24.0843 0860 IntcDAud - ok
19:39:24.0890 0860 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:39:24.0890 0860 intelide - ok
19:39:25.0420 0860 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys
19:39:25.0654 0860 intelkmd - ok
19:39:25.0763 0860 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:39:25.0763 0860 intelppm - ok
19:39:25.0795 0860 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:39:25.0810 0860 IPBusEnum - ok
19:39:25.0857 0860 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:25.0857 0860 IpFilterDriver - ok
19:39:25.0888 0860 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:39:25.0888 0860 IPMIDRV - ok
19:39:25.0904 0860 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:39:25.0904 0860 IPNAT - ok
19:39:25.0997 0860 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:39:26.0013 0860 iPod Service - ok
19:39:26.0044 0860 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:39:26.0044 0860 IRENUM - ok
19:39:26.0060 0860 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:39:26.0060 0860 isapnp - ok
19:39:26.0091 0860 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:39:26.0091 0860 iScsiPrt - ok
19:39:26.0107 0860 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:26.0107 0860 kbdclass - ok
19:39:26.0138 0860 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:26.0138 0860 kbdhid - ok
19:39:26.0153 0860 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:26.0153 0860 KeyIso - ok
19:39:26.0169 0860 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:39:26.0169 0860 KSecDD - ok
19:39:26.0185 0860 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:39:26.0185 0860 KSecPkg - ok
19:39:26.0216 0860 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:39:26.0216 0860 ksthunk - ok
19:39:26.0247 0860 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:39:26.0263 0860 KtmRm - ok
19:39:26.0294 0860 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
19:39:26.0294 0860 LanmanServer - ok
19:39:26.0309 0860 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:39:26.0309 0860 LanmanWorkstation - ok
19:39:26.0325 0860 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:39:26.0325 0860 lltdio - ok
19:39:26.0356 0860 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:39:26.0356 0860 lltdsvc - ok
19:39:26.0387 0860 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:39:26.0387 0860 lmhosts - ok
19:39:26.0559 0860 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:39:26.0559 0860 LMS - ok
19:39:26.0606 0860 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:39:26.0606 0860 LSI_FC - ok
19:39:26.0621 0860 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:39:26.0621 0860 LSI_SAS - ok
19:39:26.0637 0860 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:39:26.0637 0860 LSI_SAS2 - ok
19:39:26.0653 0860 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:39:26.0653 0860 LSI_SCSI - ok
19:39:26.0668 0860 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:39:26.0668 0860 luafv - ok
19:39:26.0699 0860 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:39:26.0699 0860 Mcx2Svc - ok
19:39:26.0731 0860 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:39:26.0731 0860 megasas - ok
19:39:26.0777 0860 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:39:26.0777 0860 MegaSR - ok
19:39:26.0793 0860 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
19:39:26.0793 0860 MEIx64 - ok
19:39:26.0855 0860 Microsoft SharePoint Workspace Audit Service - ok
19:39:26.0887 0860 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:39:26.0887 0860 MMCSS - ok
19:39:26.0902 0860 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:39:26.0902 0860 Modem - ok
19:39:26.0918 0860 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:39:26.0918 0860 monitor - ok
19:39:26.0933 0860 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:39:26.0933 0860 mouclass - ok
19:39:26.0949 0860 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:39:26.0949 0860 mouhid - ok
19:39:26.0965 0860 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:39:26.0965 0860 mountmgr - ok
19:39:27.0074 0860 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:39:27.0074 0860 MozillaMaintenance - ok
19:39:27.0136 0860 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:39:27.0136 0860 MpFilter - ok
19:39:27.0183 0860 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:39:27.0183 0860 mpio - ok
19:39:27.0214 0860 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:39:27.0214 0860 mpsdrv - ok
19:39:27.0230 0860 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:39:27.0230 0860 MRxDAV - ok
19:39:27.0277 0860 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:27.0277 0860 mrxsmb - ok
19:39:27.0308 0860 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:27.0308 0860 mrxsmb10 - ok
19:39:27.0323 0860 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:27.0323 0860 mrxsmb20 - ok
19:39:27.0370 0860 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:39:27.0370 0860 msahci - ok
19:39:27.0401 0860 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:39:27.0401 0860 msdsm - ok
19:39:27.0448 0860 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:39:27.0448 0860 MSDTC - ok
19:39:27.0464 0860 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:39:27.0464 0860 Msfs - ok
19:39:27.0479 0860 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:39:27.0479 0860 mshidkmdf - ok
19:39:27.0495 0860 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:39:27.0495 0860 msisadrv - ok
19:39:27.0526 0860 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:39:27.0526 0860 MSiSCSI - ok
19:39:27.0526 0860 msiserver - ok
19:39:27.0542 0860 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:39:27.0542 0860 MSKSSRV - ok
19:39:27.0557 0860 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:27.0557 0860 MSPCLOCK - ok
19:39:27.0573 0860 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:39:27.0573 0860 MSPQM - ok
19:39:27.0604 0860 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:39:27.0604 0860 MsRPC - ok
19:39:27.0635 0860 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:39:27.0635 0860 mssmbios - ok
19:39:27.0651 0860 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:39:27.0651 0860 MSTEE - ok
19:39:27.0667 0860 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:39:27.0667 0860 MTConfig - ok
19:39:27.0698 0860 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:39:27.0698 0860 Mup - ok
19:39:27.0823 0860 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:39:27.0823 0860 MyWiFiDHCPDNS - ok
19:39:27.0869 0860 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:39:27.0869 0860 napagent - ok
19:39:27.0901 0860 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:39:27.0901 0860 NativeWifiP - ok
19:39:27.0979 0860 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:39:27.0994 0860 NDIS - ok
19:39:28.0025 0860 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:39:28.0025 0860 NdisCap - ok
19:39:28.0041 0860 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:28.0041 0860 NdisTapi - ok
19:39:28.0057 0860 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:28.0057 0860 Ndisuio - ok
19:39:28.0072 0860 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:28.0072 0860 NdisWan - ok
19:39:28.0088 0860 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:39:28.0103 0860 NDProxy - ok
19:39:28.0119 0860 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:39:28.0119 0860 NetBIOS - ok
19:39:28.0150 0860 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:39:28.0150 0860 NetBT - ok
19:39:28.0166 0860 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:28.0166 0860 Netlogon - ok
19:39:28.0197 0860 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:39:28.0197 0860 Netman - ok
19:39:28.0291 0860 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:28.0337 0860 NetMsmqActivator - ok
19:39:28.0337 0860 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:28.0337 0860 NetPipeActivator - ok
19:39:28.0384 0860 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:39:28.0384 0860 netprofm - ok
19:39:28.0384 0860 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:28.0400 0860 NetTcpActivator - ok
19:39:28.0400 0860 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:39:28.0400 0860 NetTcpPortSharing - ok
19:39:28.0821 0860 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
19:39:28.0977 0860 NETwNs64 - ok
19:39:29.0086 0860 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:39:29.0086 0860 nfrd960 - ok
19:39:29.0117 0860 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:39:29.0117 0860 NisDrv - ok
19:39:29.0180 0860 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:39:29.0180 0860 NisSrv - ok
19:39:29.0227 0860 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:39:29.0227 0860 NlaSvc - ok
19:39:29.0273 0860 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:39:29.0273 0860 Npfs - ok
19:39:29.0289 0860 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:39:29.0289 0860 nsi - ok
19:39:29.0305 0860 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:39:29.0305 0860 nsiproxy - ok
19:39:29.0398 0860 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:39:29.0414 0860 Ntfs - ok
19:39:29.0523 0860 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:39:29.0523 0860 Null - ok
19:39:29.0539 0860 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\drivers\nusb3hub.sys
19:39:29.0539 0860 nusb3hub - ok
19:39:29.0554 0860 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\drivers\nusb3xhc.sys
19:39:29.0554 0860 nusb3xhc - ok
19:39:30.0038 0860 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:39:30.0272 0860 nvlddmkm - ok
19:39:30.0397 0860 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:39:30.0397 0860 nvraid - ok
19:39:30.0412 0860 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:39:30.0412 0860 nvstor - ok
19:39:30.0459 0860 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:39:30.0459 0860 nv_agp - ok
19:39:30.0475 0860 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:39:30.0475 0860 ohci1394 - ok
19:39:30.0537 0860 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:30.0537 0860 ose - ok
19:39:30.0818 0860 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:39:30.0943 0860 osppsvc - ok
19:39:31.0052 0860 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:39:31.0052 0860 p2pimsvc - ok
19:39:31.0083 0860 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:39:31.0083 0860 p2psvc - ok
19:39:31.0130 0860 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:39:31.0130 0860 Parport - ok
19:39:31.0192 0860 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:39:31.0192 0860 partmgr - ok
19:39:31.0223 0860 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:39:31.0223 0860 PcaSvc - ok
19:39:31.0255 0860 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:39:31.0255 0860 pci - ok
19:39:31.0286 0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:39:31.0301 0860 pciide - ok
19:39:31.0348 0860 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:39:31.0348 0860 pcmcia - ok
19:39:31.0379 0860 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:39:31.0379 0860 pcw - ok
19:39:31.0411 0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:39:31.0426 0860 PEAUTH - ok
19:39:31.0504 0860 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:39:31.0535 0860 PeerDistSvc - ok
19:39:31.0598 0860 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:39:31.0613 0860 PerfHost - ok
19:39:31.0738 0860 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:39:31.0754 0860 pla - ok
19:39:31.0801 0860 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:39:31.0801 0860 PlugPlay - ok
19:39:31.0832 0860 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:39:31.0832 0860 PNRPAutoReg - ok
19:39:31.0863 0860 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:39:31.0863 0860 PNRPsvc - ok
19:39:31.0910 0860 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:39:31.0925 0860 PolicyAgent - ok
19:39:31.0957 0860 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:39:31.0957 0860 Power - ok
19:39:32.0019 0860 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:39:32.0019 0860 PptpMiniport - ok
19:39:32.0035 0860 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:39:32.0035 0860 Processor - ok
19:39:32.0081 0860 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:39:32.0081 0860 ProfSvc - ok
19:39:32.0097 0860 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:32.0097 0860 ProtectedStorage - ok
19:39:32.0113 0860 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:39:32.0113 0860 Psched - ok
19:39:32.0159 0860 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:39:32.0159 0860 PxHlpa64 - ok
19:39:32.0237 0860 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:39:32.0269 0860 ql2300 - ok
19:39:32.0378 0860 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:39:32.0378 0860 ql40xx - ok
19:39:32.0409 0860 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:39:32.0409 0860 QWAVE - ok
19:39:32.0440 0860 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:39:32.0440 0860 QWAVEdrv - ok
19:39:32.0471 0860 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:39:32.0471 0860 RasAcd - ok
19:39:32.0487 0860 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:39:32.0487 0860 RasAgileVpn - ok
19:39:32.0503 0860 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:39:32.0518 0860 RasAuto - ok
19:39:32.0534 0860 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:32.0534 0860 Rasl2tp - ok
19:39:32.0581 0860 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:39:32.0581 0860 RasMan - ok
19:39:32.0596 0860 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:32.0596 0860 RasPppoe - ok
19:39:32.0612 0860 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:39:32.0612 0860 RasSstp - ok
19:39:32.0643 0860 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:39:32.0643 0860 rdbss - ok
19:39:32.0659 0860 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:39:32.0659 0860 rdpbus - ok
19:39:32.0690 0860 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:32.0690 0860 RDPCDD - ok
19:39:32.0705 0860 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:39:32.0721 0860 RDPDR - ok
19:39:32.0737 0860 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:39:32.0737 0860 RDPENCDD - ok
19:39:32.0752 0860 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:39:32.0752 0860 RDPREFMP - ok
19:39:32.0783 0860 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:39:32.0799 0860 RDPWD - ok
19:39:32.0830 0860 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:39:32.0830 0860 rdyboost - ok
19:39:32.0971 0860 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:39:32.0971 0860 RegSrvc - ok
19:39:33.0017 0860 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:39:33.0017 0860 RemoteAccess - ok
19:39:33.0049 0860 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:39:33.0049 0860 RemoteRegistry - ok
19:39:33.0111 0860 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:39:33.0111 0860 RFCOMM - ok
19:39:33.0127 0860 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:39:33.0142 0860 RpcEptMapper - ok
19:39:33.0158 0860 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:39:33.0158 0860 RpcLocator - ok
19:39:33.0189 0860 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:39:33.0189 0860 RpcSs - ok
19:39:33.0283 0860 RSPCIESTOR (ca327a84085f68200452e6761f943298) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:39:33.0283 0860 RSPCIESTOR - ok
19:39:33.0314 0860 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:39:33.0314 0860 rspndr - ok
19:39:33.0361 0860 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:39:33.0361 0860 RTL8167 - ok
19:39:33.0392 0860 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:39:33.0392 0860 s3cap - ok
19:39:33.0423 0860 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:33.0423 0860 SamSs - ok
19:39:33.0454 0860 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:39:33.0454 0860 sbp2port - ok
19:39:33.0517 0860 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:39:33.0517 0860 SCardSvr - ok
19:39:33.0548 0860 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:39:33.0548 0860 scfilter - ok
19:39:33.0595 0860 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:39:33.0610 0860 Schedule - ok
19:39:33.0641 0860 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:39:33.0641 0860 SCPolicySvc - ok
19:39:33.0688 0860 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:39:33.0704 0860 sdbus - ok
19:39:33.0735 0860 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:39:33.0735 0860 SDRSVC - ok
19:39:33.0751 0860 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:39:33.0751 0860 secdrv - ok
19:39:33.0766 0860 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:39:33.0782 0860 seclogon - ok
19:39:33.0782 0860 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:39:33.0782 0860 SENS - ok
19:39:33.0813 0860 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:39:33.0813 0860 SensrSvc - ok
19:39:33.0813 0860 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:39:33.0829 0860 Serenum - ok
19:39:33.0844 0860 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:39:33.0844 0860 Serial - ok
19:39:33.0875 0860 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:39:33.0875 0860 sermouse - ok
19:39:33.0907 0860 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:39:33.0907 0860 SessionEnv - ok
19:39:33.0938 0860 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
19:39:33.0938 0860 SFEP - ok
19:39:33.0953 0860 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:39:33.0953 0860 sffdisk - ok
19:39:33.0985 0860 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:39:33.0985 0860 sffp_mmc - ok
19:39:34.0000 0860 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:39:34.0000 0860 sffp_sd - ok
19:39:34.0031 0860 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:39:34.0031 0860 sfloppy - ok
19:39:34.0094 0860 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:39:34.0094 0860 ShellHWDetection - ok
19:39:34.0125 0860 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:39:34.0125 0860 SiSRaid2 - ok
19:39:34.0141 0860 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:39:34.0141 0860 SiSRaid4 - ok
19:39:34.0234 0860 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:39:34.0250 0860 SkypeUpdate - ok
19:39:34.0265 0860 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:39:34.0265 0860 Smb - ok
19:39:34.0297 0860 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:39:34.0312 0860 SNMPTRAP - ok
19:39:34.0328 0860 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:39:34.0328 0860 spldr - ok
19:39:34.0359 0860 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:39:34.0375 0860 Spooler - ok
19:39:34.0531 0860 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:39:34.0593 0860 sppsvc - ok
19:39:34.0687 0860 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:39:34.0702 0860 sppuinotify - ok
19:39:34.0780 0860 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:39:34.0780 0860 srv - ok
19:39:34.0796 0860 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:39:34.0796 0860 srv2 - ok
19:39:34.0827 0860 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:39:34.0827 0860 srvnet - ok
19:39:34.0858 0860 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
19:39:34.0858 0860 ssadbus - ok
19:39:34.0889 0860 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:39:34.0889 0860 ssadmdfl - ok
19:39:34.0905 0860 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:39:34.0905 0860 ssadmdm - ok
19:39:34.0921 0860 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
19:39:34.0921 0860 ssadserd - ok
19:39:34.0952 0860 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
19:39:34.0952 0860 sscdbus - ok
19:39:34.0967 0860 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:39:34.0967 0860 sscdmdfl - ok
19:39:34.0999 0860 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:39:35.0014 0860 sscdmdm - ok
19:39:35.0061 0860 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:39:35.0061 0860 SSDPSRV - ok
19:39:35.0092 0860 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:39:35.0092 0860 SstpSvc - ok
19:39:35.0139 0860 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
19:39:35.0139 0860 ssudmdm - ok
19:39:35.0186 0860 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:39:35.0186 0860 stexstor - ok
19:39:35.0217 0860 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:39:35.0233 0860 stisvc - ok
19:39:35.0264 0860 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:39:35.0264 0860 storflt - ok
19:39:35.0311 0860 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:39:35.0311 0860 StorSvc - ok
19:39:35.0342 0860 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:39:35.0342 0860 storvsc - ok
19:39:35.0357 0860 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:39:35.0357 0860 swenum - ok
19:39:35.0389 0860 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:39:35.0389 0860 swprv - ok
19:39:35.0498 0860 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:39:35.0529 0860 SysMain - ok
19:39:35.0623 0860 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:39:35.0623 0860 TabletInputService - ok
19:39:35.0654 0860 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:39:35.0669 0860 TapiSrv - ok
19:39:35.0685 0860 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:39:35.0701 0860 TBS - ok
19:39:35.0810 0860 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:39:35.0841 0860 Tcpip - ok
19:39:36.0028 0860 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:39:36.0028 0860 TCPIP6 - ok
19:39:36.0153 0860 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:39:36.0153 0860 tcpipreg - ok
19:39:36.0169 0860 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:39:36.0169 0860 TDPIPE - ok
19:39:36.0200 0860 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:39:36.0200 0860 TDTCP - ok
19:39:36.0231 0860 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:39:36.0231 0860 tdx - ok
19:39:36.0262 0860 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:39:36.0278 0860 TermDD - ok
19:39:36.0325 0860 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:39:36.0340 0860 TermService - ok
19:39:36.0356 0860 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:39:36.0356 0860 Themes - ok
19:39:36.0387 0860 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:39:36.0387 0860 THREADORDER - ok
19:39:36.0403 0860 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:39:36.0403 0860 TrkWks - ok
19:39:36.0449 0860 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:39:36.0449 0860 TrustedInstaller - ok
19:39:36.0496 0860 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:36.0496 0860 tssecsrv - ok
19:39:36.0512 0860 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:39:36.0512 0860 TsUsbFlt - ok
19:39:36.0543 0860 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:39:36.0543 0860 TsUsbGD - ok
19:39:36.0559 0860 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:39:36.0559 0860 tunnel - ok
19:39:36.0574 0860 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:39:36.0574 0860 uagp35 - ok
19:39:36.0605 0860 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:39:36.0621 0860 udfs - ok
19:39:36.0637 0860 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:39:36.0652 0860 UI0Detect - ok
19:39:36.0683 0860 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:39:36.0683 0860 uliagpkx - ok
19:39:36.0715 0860 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:39:36.0715 0860 umbus - ok
19:39:36.0730 0860 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:39:36.0730 0860 UmPass - ok
19:39:36.0746 0860 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:39:36.0761 0860 UmRdpService - ok
19:39:36.0949 0860 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:39:36.0995 0860 UNS - ok
19:39:37.0089 0860 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:39:37.0089 0860 upnphost - ok
19:39:37.0136 0860 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:39:37.0136 0860 USBAAPL64 - ok
19:39:37.0183 0860 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:37.0198 0860 usbccgp - ok
19:39:37.0229 0860 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:39:37.0229 0860 usbcir - ok
19:39:37.0261 0860 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:39:37.0276 0860 usbehci - ok
19:39:37.0307 0860 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:39:37.0323 0860 usbhub - ok
19:39:37.0339 0860 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:39:37.0339 0860 usbohci - ok
19:39:37.0354 0860 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:39:37.0354 0860 usbprint - ok
19:39:37.0385 0860 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:37.0385 0860 USBSTOR - ok
19:39:37.0417 0860 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:39:37.0417 0860 usbuhci - ok
19:39:37.0448 0860 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:39:37.0463 0860 usbvideo - ok
19:39:37.0495 0860 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:39:37.0495 0860 usb_rndisx - ok
19:39:37.0526 0860 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:39:37.0526 0860 UxSms - ok
19:39:37.0619 0860 VAIO Event Service (dcb1f83ad167d16d263ce57c94e9eedf) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
19:39:37.0619 0860 VAIO Event Service - ok
19:39:37.0713 0860 VAIO Power Management (ef7cf87f940f9104a3079f839bdc60c5) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
19:39:37.0713 0860 VAIO Power Management - ok
19:39:37.0744 0860 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:39:37.0744 0860 VaultSvc - ok
19:39:37.0822 0860 VCService (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
19:39:37.0822 0860 VCService - ok
19:39:37.0869 0860 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:39:37.0869 0860 vdrvroot - ok
19:39:37.0916 0860 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:39:37.0931 0860 vds - ok
19:39:37.0963 0860 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:37.0963 0860 vga - ok
19:39:37.0978 0860 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:39:37.0978 0860 VgaSave - ok
19:39:38.0009 0860 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:39:38.0025 0860 vhdmp - ok
19:39:38.0056 0860 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:39:38.0056 0860 viaide - ok
19:39:38.0087 0860 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:39:38.0087 0860 vmbus - ok
19:39:38.0119 0860 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:39:38.0119 0860 VMBusHID - ok
19:39:38.0150 0860 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:39:38.0150 0860 volmgr - ok
19:39:38.0181 0860 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:39:38.0197 0860 volmgrx - ok
19:39:38.0228 0860 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:39:38.0228 0860 volsnap - ok
19:39:38.0259 0860 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:39:38.0259 0860 vsmraid - ok
19:39:38.0415 0860 VSNService (0ed394bfba3eb4740f063e0ba5ec7104) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
19:39:38.0431 0860 VSNService - ok
19:39:38.0509 0860 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:39:38.0540 0860 VSS - ok
19:39:38.0665 0860 VUAgent (0260e5f1790f90e8d7ec0588227aa42c) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
19:39:38.0680 0860 VUAgent - ok
19:39:38.0789 0860 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:39:38.0789 0860 vwifibus - ok
19:39:38.0805 0860 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:39:38.0805 0860 vwififlt - ok
19:39:38.0821 0860 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:39:38.0821 0860 vwifimp - ok
19:39:38.0867 0860 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:39:38.0883 0860 W32Time - ok
19:39:38.0899 0860 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:39:38.0914 0860 WacomPen - ok
19:39:38.0930 0860 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:38.0930 0860 WANARP - ok
19:39:38.0945 0860 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:38.0945 0860 Wanarpv6 - ok
19:39:39.0039 0860 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:39:39.0055 0860 WatAdminSvc - ok
19:39:39.0148 0860 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:39:39.0179 0860 wbengine - ok
19:39:39.0242 0860 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:39:39.0257 0860 WbioSrvc - ok
19:39:39.0289 0860 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:39:39.0289 0860 wcncsvc - ok
19:39:39.0320 0860 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:39:39.0320 0860 WcsPlugInService - ok
19:39:39.0367 0860 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:39:39.0367 0860 Wd - ok
19:39:39.0398 0860 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:39:39.0413 0860 Wdf01000 - ok
19:39:39.0445 0860 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:39:39.0445 0860 WdiServiceHost - ok
19:39:39.0460 0860 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:39:39.0460 0860 WdiSystemHost - ok
19:39:39.0491 0860 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
19:39:39.0491 0860 wdkmd - ok
19:39:39.0523 0860 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:39:39.0523 0860 WebClient - ok
19:39:39.0569 0860 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:39:39.0569 0860 Wecsvc - ok
19:39:39.0585 0860 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:39:39.0585 0860 wercplsupport - ok
19:39:39.0616 0860 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:39:39.0616 0860 WerSvc - ok
19:39:39.0632 0860 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:39:39.0632 0860 WfpLwf - ok
19:39:39.0647 0860 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:39:39.0663 0860 WIMMount - ok
19:39:39.0679 0860 WinHttpAutoProxySvc - ok
19:39:39.0725 0860 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:39:39.0725 0860 Winmgmt - ok
19:39:39.0819 0860 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:39:39.0850 0860 WinRM - ok
19:39:39.0959 0860 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:39:39.0975 0860 WinUsb - ok
19:39:40.0037 0860 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:39:40.0037 0860 Wlansvc - ok
19:39:40.0131 0860 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:39:40.0131 0860 wlcrasvc - ok
19:39:40.0256 0860 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:39:40.0287 0860 wlidsvc - ok
19:39:40.0427 0860 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:39:40.0427 0860 WmiAcpi - ok
19:39:40.0490 0860 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:39:40.0490 0860 wmiApSrv - ok
19:39:40.0521 0860 WMPNetworkSvc - ok
19:39:40.0552 0860 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:39:40.0552 0860 WPCSvc - ok
19:39:40.0583 0860 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:39:40.0583 0860 WPDBusEnum - ok
19:39:40.0615 0860 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:39:40.0615 0860 ws2ifsl - ok
19:39:40.0615 0860 WSearch - ok
19:39:40.0786 0860 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:39:40.0817 0860 wuauserv - ok
19:39:40.0927 0860 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:39:40.0942 0860 WudfPf - ok
19:39:40.0958 0860 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:40.0958 0860 WUDFRd - ok
19:39:40.0989 0860 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:39:41.0036 0860 wudfsvc - ok
19:39:41.0067 0860 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:39:41.0067 0860 WwanSvc - ok
19:39:41.0114 0860 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:39:41.0270 0860 \Device\Harddisk0\DR0 - ok
19:39:41.0270 0860 Boot (0x1200) (3a3872230434b3b4a1e51795978cd323) \Device\Harddisk0\DR0\Partition0
19:39:41.0285 0860 \Device\Harddisk0\DR0\Partition0 - ok
19:39:41.0301 0860 Boot (0x1200) (28c213e91e4388616fbe455789de2a5e) \Device\Harddisk0\DR0\Partition1
19:39:41.0317 0860 \Device\Harddisk0\DR0\Partition1 - ok
19:39:41.0317 0860 ============================================================
19:39:41.0317 0860 Scan finished
19:39:41.0317 0860 ============================================================
19:39:41.0317 1912 Detected object count: 0
19:39:41.0317 1912 Actual detected object count: 0
19:39:53.0126 1308 Deinitialize success

========= End of CMD: =========


========================= FOLDER: C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331 ========================

2012-06-12 16:23 - 2012-06-12 16:30 - 0000848 ____A () C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331\B7E858A7000078BA0021E280B4EB2331

====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{95F3E996-1A3D-407C-BEFF-EA111016674E} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{4CB851A2-FB7C-47A4-86CC-18D1D27D123E} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{00CEAE9B-321D-43E5-BCC5-5B41CA946295} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{E60132DF-727E-4D40-8E0F-72CC3E183815} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{4AF531FE-97D9-4CF2-9A26-5A83E48C0BD1} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{0ED18C58-78C2-43D3-9923-AFD4402DA21D} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{58F203FA-C672-4F11-AF63-6422DAA7126F} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{5831FEED-490D-4323-AB1D-7C618B0C59AB} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{3A3BFD7D-9E14-442E-9F03-B831466AA3C8} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{2B1B2AF2-3194-473F-9EBA-51C57E09A3D2} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{9AADB8E0-326F-4861-A073-627523E1D290} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{9A5FFA0B-7347-4072-AEA3-B36275278A33} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{F8D8D878-A849-4F35-9E65-960B051D6FD3} ========================


====== End of Folder: ======

========================= FOLDER: C:\Users\Pade\AppData\Local\{8FA2FCE1-3BEA-4F0D-88C3-B58FFC966052} ========================


====== End of Folder: ======
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKLM-x32\\\.\.\.\\Run\\svcdotnet Value deleted successfully.
C:\Windows\System32\%APPDATA% moved successfully.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1} moved successfully.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@ not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\00000001.@ not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\80000000.@ not found.
C:\Windows\Installer\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U\800000cb.@ not found.
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1} moved successfully.
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\@ not found.
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\L not found.
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\n not found.
C:\Users\Pade\AppData\Local\{cfd2bfd2-ef6c-d25e-ffeb-6af2bf529ee1}\U not found.

==== End of Fixlog ====

Thanks,
Patrik

#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 15 June 2012 - 12:53 AM

Hi Patrik!

I'm looking over your latest post now, and should have a new reply for you shortly.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 June 2012 - 12:57 AM

Hi Patrik!

I'm looking over your latest post now, and should have a new reply for you shortly.

-ST.


Hi ST,

Thanks! Will reply later on today again once I'm at home.
Really appreciate your help!

-Patrik

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 15 June 2012 - 12:57 AM

Hi!

I ran the fix and was able to boot to windows afterwards but again just as MSE notifies me that it is cleaning the computer of a threat the notification of windows encountering a critical error and shutting down in one minute pops up again and the computer reboots


Okay, I'm going to give you a new FRST fix to run.

After you run it I'd like to have you run a FRST scan and provide the log it produces as well as the FRST fix log in your next reply.


Do you recognize this file?


Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
C:\Users\All Users\B7E858A7000078BA0021E280B4EB2331
C:\Users\Pade\AppData\Local\{95F3E996-1A3D-407C-BEFF-EA111016674E}
C:\Users\Pade\AppData\Local\{4CB851A2-FB7C-47A4-86CC-18D1D27D123E} 
C:\Users\Pade\AppData\Local\{00CEAE9B-321D-43E5-BCC5-5B41CA946295} 
C:\Users\Pade\AppData\Local\{E60132DF-727E-4D40-8E0F-72CC3E183815} 
C:\Users\Pade\AppData\Local\{4AF531FE-97D9-4CF2-9A26-5A83E48C0BD1} 
C:\Users\Pade\AppData\Local\{0ED18C58-78C2-43D3-9923-AFD4402DA21D} 
C:\Users\Pade\AppData\Local\{58F203FA-C672-4F11-AF63-6422DAA7126F} 
C:\Users\Pade\AppData\Local\{5831FEED-490D-4323-AB1D-7C618B0C59AB} 
C:\Users\Pade\AppData\Local\{3A3BFD7D-9E14-442E-9F03-B831466AA3C8} 
C:\Users\Pade\AppData\Local\{2B1B2AF2-3194-473F-9EBA-51C57E09A3D2} 
C:\Users\Pade\AppData\Local\{9AADB8E0-326F-4861-A073-627523E1D290}
C:\Users\Pade\AppData\Local\{9A5FFA0B-7347-4072-AEA3-B36275278A33}
C:\Users\Pade\AppData\Local\{F8D8D878-A849-4F35-9E65-960B051D6FD3}
C:\Users\Pade\AppData\Local\{8FA2FCE1-3BEA-4F0D-88C3-B58FFC966052}
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 June 2012 - 01:16 AM

Hi!

So just to be sure: First I save this new fix into notepad and click on "Fix" when running FRST?
After this fix, do I need to close FRST and start it again and run the "Check" or can I run it directly after running the fix?

-Patrik

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 15 June 2012 - 01:40 AM

Hi!

So just to be sure: First I save this new fix into notepad and click on "Fix" when running FRST?

Yes, that is correct. :)

After this fix, do I need to close FRST and start it again and run the "Check" or can I run it directly after running the fix?

That's a good question, I'm not exactly sure if FRST is going to want to restart the computer after the fix, but if it doesn't prompt you to restart, you should be fine to run the scan afterwards.

-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 Pade1

Pade1
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:10 PM

Posted 15 June 2012 - 01:54 AM

Hi again,

Thanks for the clarification :)
I'll post the logs later on today!

-Patrik

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:10 AM

Posted 15 June 2012 - 02:15 AM

:thumbsup:

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users