Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.r and sirefef.ah


  • This topic is locked This topic is locked
52 replies to this topic

#1 little_anarchist

little_anarchist

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 10 July 2012 - 03:20 PM

I am having problems with my computer restarting every minute caused by sirefef.r and sirefef.ah
I am running windows 7 32-bit version.
I have run FRST.exe
FRST.txt log is attached.
Any ideas?
Attached File  FRST.txt   21.58KB   3 downloads

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 09-07-2012 01
Ran by SYSTEM at 10-07-2012 15:00:04
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]
HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]
HKLM\...\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [483328 2008-04-22] (Adobe Systems Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444856 2011-08-11] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Paul\...\Run: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-06-08] (Google Inc.)
HKU\Paul\...\Run: [googletalk] C:\Users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Paul\...\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcStd7_0_0 -reboot 1 [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\Paul\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Paul\...\Run: [AdobeBridge] [x]
Tcpip\Parameters: [DhcpNameServer] 142.161.2.155 142.161.130.155 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe ()
Startup: C:\Users\Paul\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Paul\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Paul\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 SwitchBoard; "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [517096 2010-02-19] (Adobe Systems Incorporated)
2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [4869488 2010-10-21] (Wacom Technology, Corp.)
2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [416112 2010-10-21] (Wacom Technology, Corp.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 IntcAzAudAddService; C:\Windows\System32\drivers\RtkHDAud.sys [3851264 2005-07-25] (Realtek Semiconductor Corp.)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 Razerlow; C:\Windows\System32\Drivers\Razerlow.sys [13225 2005-04-24] (Razer (Asia-Pacific) Pte Ltd)
1 truecrypt; C:\Windows\System32\drivers\truecrypt.sys [231248 2011-06-08] (TrueCrypt Foundation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 13:52 - 2012-07-10 13:52 - 00000000 ____D C:\FRST
2012-07-10 11:18 - 2012-07-10 11:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-10 11:04 - 2012-07-10 11:05 - 00000000 ____D C:\WINSSLog
2012-07-10 10:27 - 2012-07-10 10:27 - 00000189 ____A C:\Users\Paul\Desktop\register.bat
2012-06-22 12:52 - 2012-06-22 12:52 - 00002438 ____A C:\Users\Paul\Desktop\reign in blood.m3u - Shortcut.lnk
2012-06-22 05:51 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 05:51 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 05:51 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 05:51 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 05:50 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 05:50 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 05:50 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 05:50 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 05:50 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 14:00 - 2012-06-21 14:00 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 10:15 - 2012-06-21 10:15 - 00000877 ____A C:\Users\Paul\Desktop\Project Notes.odt - Shortcut.lnk
2012-06-14 07:50 - 2012-06-14 07:56 - 00000000 ___AD C:\Users\Paul\Desktop\TWILIGHT ZONE RADIO DRAMAS
2012-06-14 00:02 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 00:02 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 00:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 00:02 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 00:02 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 00:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 00:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 00:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 00:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 00:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 00:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 00:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 00:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 00:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 16:17 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 16:17 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 16:17 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 16:17 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 16:17 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 16:17 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 16:17 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 16:17 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 16:17 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 16:17 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 13:37 - 2012-06-13 13:37 - 00000000 ____D C:\Users\Paul\Desktop\Sam Cooke 4cd box set
2012-06-13 11:55 - 2012-07-10 13:10 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Mp3tag
2012-06-13 11:54 - 2012-06-13 11:54 - 00000933 ____A C:\Users\Public\Desktop\Mp3tag.lnk
2012-06-13 11:54 - 2012-06-13 11:54 - 00000000 ____D C:\Program Files\Mp3tag
2012-06-13 10:22 - 2012-06-13 10:22 - 00002898 ____A C:\Users\Paul\Desktop\Thin Lizzy [Discography] - Shortcut.lnk
2012-06-13 10:21 - 2012-06-13 10:21 - 00000000 ____D C:\Users\Paul\AppData\Local\Macromedia
2012-06-13 06:38 - 2012-06-13 06:38 - 00001886 ____A C:\Users\Paul\Desktop\other past task masters - Shortcut.lnk
2012-06-13 06:37 - 2012-06-13 06:37 - 00001869 ____A C:\Users\Paul\Desktop\rb past task masters - Shortcut.lnk
2012-06-13 05:46 - 2012-07-05 11:59 - 00017737 ____A C:\Users\Paul\Desktop\playlist.m3u
2012-06-13 05:38 - 2012-06-13 05:40 - 00000000 ____D C:\Program Files\iTunes
2012-06-13 05:38 - 2012-06-13 05:38 - 00000000 ____D C:\Program Files\iPod
2012-06-11 12:31 - 2012-06-11 12:31 - 00005222 ____A C:\Users\Paul\Desktop\Motorhead - Ace Of Spades (Full 192Kb By TRX850)_ALBW.mp3 - Shortcut.lnk
2012-06-11 12:31 - 2012-06-11 12:31 - 00005219 ____A C:\Users\Paul\Desktop\Full Album Deep Purple Machine Head.mp3 - Shortcut.lnk

============ 3 Months Modified Files ========================

2012-07-10 11:53 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-10 11:53 - 2009-07-13 20:39 - 00037651 ____A C:\Windows\setupact.log
2012-07-10 11:35 - 2011-06-07 09:24 - 01097427 ____A C:\Windows\WindowsUpdate.log
2012-07-10 11:30 - 2009-07-13 20:53 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-10 11:20 - 2011-06-08 07:25 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-66012284-1171713608-530314859-1000UA.job
2012-07-10 11:18 - 2012-04-02 08:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-10 11:18 - 2011-06-08 06:30 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-10 11:18 - 2011-06-07 10:46 - 00787498 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-10 11:15 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 11:15 - 2009-07-13 20:34 - 00013760 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 10:27 - 2012-07-10 10:27 - 00000189 ____A C:\Users\Paul\Desktop\register.bat
2012-07-05 11:59 - 2012-06-13 05:46 - 00017737 ____A C:\Users\Paul\Desktop\playlist.m3u
2012-06-25 11:58 - 2011-11-15 12:40 - 00000008 ____A C:\Users\Paul\Desktop\scratch pad.txt
2012-06-25 05:56 - 2011-06-08 07:25 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-66012284-1171713608-530314859-1000Core.job
2012-06-23 06:18 - 2012-04-02 08:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-23 06:18 - 2011-06-07 11:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 12:52 - 2012-06-22 12:52 - 00002438 ____A C:\Users\Paul\Desktop\reign in blood.m3u - Shortcut.lnk
2012-06-21 10:15 - 2012-06-21 10:15 - 00000877 ____A C:\Users\Paul\Desktop\Project Notes.odt - Shortcut.lnk
2012-06-14 00:33 - 2009-07-13 20:33 - 03976168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 00:07 - 2011-06-07 11:31 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 11:54 - 2012-06-13 11:54 - 00000933 ____A C:\Users\Public\Desktop\Mp3tag.lnk
2012-06-13 10:22 - 2012-06-13 10:22 - 00002898 ____A C:\Users\Paul\Desktop\Thin Lizzy [Discography] - Shortcut.lnk
2012-06-13 06:38 - 2012-06-13 06:38 - 00001886 ____A C:\Users\Paul\Desktop\other past task masters - Shortcut.lnk
2012-06-13 06:37 - 2012-06-13 06:37 - 00001869 ____A C:\Users\Paul\Desktop\rb past task masters - Shortcut.lnk
2012-06-12 12:55 - 2011-06-07 10:50 - 00094752 ____A C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 12:31 - 2012-06-11 12:31 - 00005222 ____A C:\Users\Paul\Desktop\Motorhead - Ace Of Spades (Full 192Kb By TRX850)_ALBW.mp3 - Shortcut.lnk
2012-06-11 12:31 - 2012-06-11 12:31 - 00005219 ____A C:\Users\Paul\Desktop\Full Album Deep Purple Machine Head.mp3 - Shortcut.lnk
2012-06-08 09:04 - 2012-06-08 09:04 - 00069632 ____A C:\Windows\System32\realbap1.dll
2012-06-08 09:04 - 2012-06-08 09:04 - 00045568 ____A C:\Windows\System32\realbsf1.dll
2012-06-05 12:07 - 2012-06-05 12:07 - 00000885 ____A C:\Users\Paul\Desktop\lreit from BLUE external - Shortcut.lnk
2012-06-04 11:45 - 2012-06-04 11:45 - 00000632 ____A C:\Users\Paul\Desktop\paulrenault.ods - Shortcut.lnk
2012-06-04 11:30 - 2012-06-04 11:30 - 00000853 ____A C:\Users\Paul\Desktop\Nib&Tuck website2012 - Shortcut.lnk
2012-06-02 14:19 - 2012-06-22 05:51 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 05:51 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 05:51 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 05:50 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 05:50 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-22 05:51 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-22 05:50 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 05:50 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-22 05:50 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-18 11:55 - 2011-06-08 06:27 - 00024690 ____A C:\Windows\PFRO.log
2012-05-17 15:11 - 2012-06-14 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:05 - 2012-06-13 16:17 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-30 20:44 - 2012-06-13 16:17 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-13 16:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-13 16:17 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-13 16:17 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-13 16:17 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-13 16:17 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-13 16:17 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 16:17 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 17:56 - 2012-04-18 17:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 17:56 - 2012-04-18 17:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-17 10:12 - 2012-04-17 10:12 - 00002223 ____A C:\Users\Paul\Desktop\V.m3u - Shortcut.lnk
2012-04-17 09:31 - 2012-04-17 09:31 - 00002548 ____A C:\Users\Paul\Desktop\Born Too Late.m3u - Shortcut.lnk
2012-04-17 09:30 - 2012-04-17 09:31 - 00002431 ____A C:\Users\Paul\Desktop\Die Healing.m3u - Shortcut.lnk
2012-04-16 12:49 - 2012-04-16 12:49 - 00002237 ____A C:\Users\Paul\Desktop\meantime.m3u - Shortcut.lnk


ZeroAccess:
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\@
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\L
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\n
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\U

ZeroAccess:
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\@
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\L
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\U
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\U\00000001.@
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}\U\80000000.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2030.5 MB
Available physical RAM: 1627.37 MB
Total Pagefile: 2030.5 MB
Available Pagefile: 1629.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.61 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:29.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: (STORE'N'GO) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 9 MB
Disk 1 Online 1967 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1966 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F STORE'N'GO FAT Removable 1966 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-10 06:38

======================= End Of Log ==========================

Edited by gringo_pr, 11 July 2012 - 12:34 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 11 July 2012 - 12:34 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.



Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 July 2012 - 09:27 AM

Farbar Recovery Scan Tool Version: 09-07-2012 01
Ran by SYSTEM at 2012-07-11 09:12:53
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#4 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 July 2012 - 09:57 AM

Is re-installing windows another possible option? Will that solve the problem with this malware? There are no important files on the machine.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 11 July 2012 - 11:58 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00}
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]

Edited by gringo_pr, 11 July 2012 - 08:37 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 11 July 2012 - 01:34 PM

Remember I am running the 32-bit version of windows. Should I still run FRST64.exe ??

Edited by little_anarchist, 11 July 2012 - 01:35 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 11 July 2012 - 08:37 PM

that was a typo and run the one you have been running



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 12 July 2012 - 09:04 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012 01
Ran by SYSTEM at 2012-07-12 09:03:28 Run:1
Running from J:\

==============================================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe not found.
C:\Windows\Installer\{14ba4685-c983-1dc5-9554-0d8ec4568f00} moved successfully.
C:\Users\Paul\AppData\Local\{14ba4685-c983-1dc5-9554-0d8ec4568f00} moved successfully.

==== End of Fixlog ====

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 12 July 2012 - 12:07 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 12 July 2012 - 01:22 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-07-2012 01
Ran by SYSTEM at 2012-07-12 13:20:57 Run:2
Running from J:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 12 July 2012 - 01:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 12 July 2012 - 03:22 PM

- Below is the log from ComboFix
- I didn't have any problems
- So far the computer seems fine. I turned Microsoft Security Essentials back on. I was not able to update the virus and spyware definitions. I am running a full scan now.


ComboFix 12-07-12.02 - Paul 07/12/2012 13:41:36.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2030.1314 [GMT -5:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 18:52 . 2012-07-12 18:54 -------- d-----w- c:\users\Paul\AppData\Local\temp
2012-07-10 21:52 . 2012-07-10 21:52 -------- d-----w- C:\FRST
2012-07-10 19:50 . 2012-07-12 18:53 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7256223-42CD-47A4-A552-DD240DF01403}\offreg.dll
2012-07-10 19:21 . 2012-02-09 19:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9BC0288E-4B79-4B35-8F74-726B0842BA45}\gapaengine.dll
2012-07-10 19:20 . 2012-06-18 08:14 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7256223-42CD-47A4-A552-DD240DF01403}\mpengine.dll
2012-07-10 19:18 . 2012-07-10 19:18 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-10 19:04 . 2012-07-10 19:05 -------- d-----w- C:\WINSSLog
2012-06-22 21:25 . 2012-06-22 21:25 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-22 21:25 . 2012-06-22 21:25 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-22 13:51 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:51 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:51 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:51 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:50 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:50 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:50 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:50 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:50 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 22:00 . 2012-06-21 22:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-14 00:17 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:17 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 00:17 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 00:17 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 00:17 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 00:17 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 00:17 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 00:17 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 00:17 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 00:17 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:55 . 2012-07-10 21:10 -------- d-----w- c:\users\Paul\AppData\Roaming\Mp3tag
2012-06-13 19:54 . 2012-06-13 19:54 -------- d-----w- c:\program files\Mp3tag
2012-06-13 18:21 . 2012-06-13 18:21 -------- d-----w- c:\users\Paul\AppData\Local\Macromedia
2012-06-13 13:38 . 2012-06-13 13:38 -------- d-----w- c:\program files\iPod
2012-06-13 13:38 . 2012-06-13 13:40 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 14:18 . 2012-04-02 16:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 14:18 . 2011-06-07 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-08 17:04 . 2012-06-08 17:04 69632 ----a-w- c:\windows\system32\realbap1.dll
2012-06-08 17:04 . 2012-06-08 17:04 45568 ----a-w- c:\windows\system32\realbsf1.dll
2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-22 21:25 . 2012-04-04 17:19 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Paul\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-25 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-07-25 2806272]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-08-12 444856]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-100000000002}\SC_Acrobat.exe [2011-6-11 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:18]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-66012284-1171713608-530314859-1000Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 15:25]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-66012284-1171713608-530314859-1000UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-08 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 142.161.2.155 142.161.130.155 192.168.1.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\218b7s1r.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-Soft-Central SC-PassUnleash - c:\program files\Soft-Central\SC-PassUnleash\Uninstall
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3996)
c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\system32\taskhost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-12 14:01:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 19:01
.
Pre-Run: 32,073,465,856 bytes free
Post-Run: 33,446,850,560 bytes free
.
- - End Of File - - E3F97D86F0FF7CA9BD5011327208D89F

#13 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 13 July 2012 - 11:35 AM

This morning I checked on the computer. It is still running. The MSE scan had froze. So I restarted the computer. I tried updating the virus definitions and got this error.

Posted Image

Edited by little_anarchist, 13 July 2012 - 11:35 AM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:38 PM

Posted 13 July 2012 - 02:44 PM

Greetings


From my very first post

  • Please do not run any tools unless instructed to do so.
    [list]
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 little_anarchist

little_anarchist
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 13 July 2012 - 02:48 PM

14:47:28.0513 4928 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:47:28.0957 4928 ============================================================
14:47:28.0957 4928 Current date / time: 2012/07/13 14:47:28.0957
14:47:28.0957 4928 SystemInfo:
14:47:28.0957 4928
14:47:28.0958 4928 OS Version: 6.1.7601 ServicePack: 1.0
14:47:28.0958 4928 Product type: Workstation
14:47:28.0958 4928 ComputerName: PAUL-PC
14:47:28.0958 4928 UserName: Paul
14:47:28.0958 4928 Windows directory: C:\Windows
14:47:28.0958 4928 System windows directory: C:\Windows
14:47:28.0958 4928 Processor architecture: Intel x86
14:47:28.0958 4928 Number of processors: 2
14:47:28.0958 4928 Page size: 0x1000
14:47:28.0958 4928 Boot type: Normal boot
14:47:28.0958 4928 ============================================================
14:47:30.0891 4928 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:47:31.0098 4928 Drive \Device\Harddisk5\DR5 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:47:31.0106 4928 ============================================================
14:47:31.0106 4928 \Device\Harddisk0\DR0:
14:47:31.0106 4928 MBR partitions:
14:47:31.0106 4928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
14:47:31.0106 4928 \Device\Harddisk5\DR5:
14:47:31.0107 4928 MBR partitions:
14:47:31.0107 4928 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D77E0
14:47:31.0107 4928 ============================================================
14:47:31.0144 4928 C: <-> \Device\Harddisk0\DR0\Partition0
14:47:31.0182 4928 ============================================================
14:47:31.0182 4928 Initialize success
14:47:31.0182 4928 ============================================================
14:47:44.0531 2036 ============================================================
14:47:44.0532 2036 Scan started
14:47:44.0532 2036 Mode: Manual;
14:47:44.0532 2036 ============================================================
14:47:45.0949 2036 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
14:47:45.0952 2036 1394ohci - ok
14:47:46.0002 2036 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
14:47:46.0006 2036 ACPI - ok
14:47:46.0051 2036 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
14:47:46.0053 2036 AcpiPmi - ok
14:47:46.0150 2036 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
14:47:46.0152 2036 Adobe LM Service - ok
14:47:46.0238 2036 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:47:46.0242 2036 AdobeFlashPlayerUpdateSvc - ok
14:47:46.0353 2036 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:47:46.0361 2036 adp94xx - ok
14:47:46.0386 2036 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:47:46.0393 2036 adpahci - ok
14:47:46.0492 2036 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:47:46.0508 2036 adpu320 - ok
14:47:46.0563 2036 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:47:46.0565 2036 AeLookupSvc - ok
14:47:46.0638 2036 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
14:47:46.0644 2036 AFD - ok
14:47:46.0679 2036 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
14:47:46.0682 2036 agp440 - ok
14:47:46.0734 2036 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:47:46.0736 2036 aic78xx - ok
14:47:46.0772 2036 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:47:46.0774 2036 ALG - ok
14:47:46.0793 2036 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
14:47:46.0796 2036 aliide - ok
14:47:46.0814 2036 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
14:47:46.0816 2036 amdagp - ok
14:47:46.0854 2036 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
14:47:46.0856 2036 amdide - ok
14:47:46.0907 2036 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:47:46.0909 2036 AmdK8 - ok
14:47:46.0924 2036 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:47:46.0926 2036 AmdPPM - ok
14:47:46.0982 2036 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
14:47:46.0984 2036 amdsata - ok
14:47:47.0011 2036 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:47:47.0015 2036 amdsbs - ok
14:47:47.0030 2036 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
14:47:47.0032 2036 amdxata - ok
14:47:47.0083 2036 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
14:47:47.0084 2036 AppID - ok
14:47:47.0127 2036 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:47:47.0129 2036 AppIDSvc - ok
14:47:47.0179 2036 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
14:47:47.0181 2036 Appinfo - ok
14:47:47.0316 2036 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:47:47.0318 2036 Apple Mobile Device - ok
14:47:47.0375 2036 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:47:47.0377 2036 arc - ok
14:47:47.0394 2036 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:47:47.0397 2036 arcsas - ok
14:47:47.0498 2036 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:47:47.0500 2036 aspnet_state - ok
14:47:47.0532 2036 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:47:47.0533 2036 AsyncMac - ok
14:47:47.0563 2036 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
14:47:47.0564 2036 atapi - ok
14:47:47.0768 2036 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys
14:47:47.0865 2036 atikmdag - ok
14:47:48.0022 2036 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:47:48.0030 2036 AudioEndpointBuilder - ok
14:47:48.0041 2036 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
14:47:48.0046 2036 Audiosrv - ok
14:47:48.0115 2036 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
14:47:48.0117 2036 AxInstSV - ok
14:47:48.0228 2036 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:47:48.0236 2036 b06bdrv - ok
14:47:48.0285 2036 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:47:48.0289 2036 b57nd60x - ok
14:47:48.0342 2036 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:47:48.0345 2036 BDESVC - ok
14:47:48.0361 2036 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:47:48.0363 2036 Beep - ok
14:47:48.0437 2036 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
14:47:48.0446 2036 BFE - ok
14:47:48.0464 2036 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:47:48.0466 2036 blbdrive - ok
14:47:48.0586 2036 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:47:48.0593 2036 Bonjour Service - ok
14:47:48.0653 2036 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
14:47:48.0655 2036 bowser - ok
14:47:48.0670 2036 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:47:48.0671 2036 BrFiltLo - ok
14:47:48.0690 2036 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:47:48.0691 2036 BrFiltUp - ok
14:47:48.0711 2036 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:47:48.0713 2036 BridgeMP - ok
14:47:48.0760 2036 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
14:47:48.0763 2036 Browser - ok
14:47:48.0787 2036 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:47:48.0791 2036 Brserid - ok
14:47:48.0807 2036 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:47:48.0809 2036 BrSerWdm - ok
14:47:48.0830 2036 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:47:48.0832 2036 BrUsbMdm - ok
14:47:48.0841 2036 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:47:48.0845 2036 BrUsbSer - ok
14:47:48.0861 2036 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:47:48.0863 2036 BTHMODEM - ok
14:47:48.0920 2036 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:47:48.0923 2036 bthserv - ok
14:47:49.0041 2036 catchme - ok
14:47:49.0087 2036 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:47:49.0089 2036 cdfs - ok
14:47:49.0203 2036 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
14:47:49.0206 2036 cdrom - ok
14:47:49.0254 2036 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:47:49.0256 2036 CertPropSvc - ok
14:47:49.0290 2036 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:47:49.0291 2036 circlass - ok
14:47:49.0340 2036 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:47:49.0345 2036 CLFS - ok
14:47:49.0446 2036 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:47:49.0448 2036 clr_optimization_v2.0.50727_32 - ok
14:47:49.0585 2036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:47:49.0589 2036 clr_optimization_v4.0.30319_32 - ok
14:47:49.0632 2036 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:47:49.0633 2036 CmBatt - ok
14:47:49.0673 2036 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
14:47:49.0675 2036 cmdide - ok
14:47:49.0737 2036 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
14:47:49.0743 2036 CNG - ok
14:47:49.0762 2036 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:47:49.0764 2036 Compbatt - ok
14:47:49.0816 2036 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
14:47:49.0818 2036 CompositeBus - ok
14:47:49.0843 2036 COMSysApp - ok
14:47:49.0875 2036 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:47:49.0876 2036 crcdisk - ok
14:47:49.0930 2036 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
14:47:49.0933 2036 CryptSvc - ok
14:47:49.0996 2036 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:47:50.0004 2036 DcomLaunch - ok
14:47:50.0055 2036 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:47:50.0062 2036 defragsvc - ok
14:47:50.0117 2036 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
14:47:50.0119 2036 DfsC - ok
14:47:50.0192 2036 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
14:47:50.0197 2036 Dhcp - ok
14:47:50.0216 2036 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:47:50.0218 2036 discache - ok
14:47:50.0262 2036 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:47:50.0264 2036 Disk - ok
14:47:50.0313 2036 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
14:47:50.0317 2036 Dnscache - ok
14:47:50.0367 2036 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
14:47:50.0372 2036 dot3svc - ok
14:47:50.0421 2036 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
14:47:50.0425 2036 DPS - ok
14:47:50.0481 2036 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:47:50.0482 2036 drmkaud - ok
14:47:50.0551 2036 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
14:47:50.0564 2036 DXGKrnl - ok
14:47:50.0587 2036 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
14:47:50.0590 2036 E100B - ok
14:47:50.0632 2036 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:47:50.0635 2036 EapHost - ok
14:47:50.0783 2036 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:47:50.0857 2036 ebdrv - ok
14:47:50.0981 2036 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
14:47:50.0984 2036 EFS - ok
14:47:51.0055 2036 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
14:47:51.0065 2036 ehRecvr - ok
14:47:51.0105 2036 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:47:51.0107 2036 ehSched - ok
14:47:51.0213 2036 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:47:51.0221 2036 elxstor - ok
14:47:51.0267 2036 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
14:47:51.0268 2036 ErrDev - ok
14:47:51.0376 2036 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:47:51.0381 2036 EventSystem - ok
14:47:51.0416 2036 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:47:51.0419 2036 exfat - ok
14:47:51.0448 2036 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:47:51.0451 2036 fastfat - ok
14:47:51.0513 2036 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
14:47:51.0523 2036 Fax - ok
14:47:51.0537 2036 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:47:51.0539 2036 fdc - ok
14:47:51.0558 2036 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:47:51.0561 2036 fdPHost - ok
14:47:51.0580 2036 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:47:51.0582 2036 FDResPub - ok
14:47:51.0602 2036 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:47:51.0604 2036 FileInfo - ok
14:47:51.0619 2036 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:47:51.0621 2036 Filetrace - ok
14:47:51.0736 2036 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:47:51.0746 2036 FLEXnet Licensing Service - ok
14:47:51.0766 2036 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:51.0768 2036 flpydisk - ok
14:47:51.0815 2036 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:47:51.0819 2036 FltMgr - ok
14:47:51.0894 2036 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
14:47:51.0909 2036 FontCache - ok
14:47:51.0996 2036 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:47:51.0998 2036 FontCache3.0.0.0 - ok
14:47:52.0016 2036 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:47:52.0018 2036 FsDepends - ok
14:47:52.0054 2036 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
14:47:52.0056 2036 Fs_Rec - ok
14:47:52.0119 2036 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
14:47:52.0123 2036 fvevol - ok
14:47:52.0164 2036 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:52.0166 2036 gagp30kx - ok
14:47:52.0213 2036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:52.0215 2036 GEARAspiWDM - ok
14:47:52.0279 2036 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
14:47:52.0290 2036 gpsvc - ok
14:47:52.0440 2036 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:47:52.0443 2036 gusvc - ok
14:47:52.0457 2036 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:47:52.0458 2036 hcw85cir - ok
14:47:52.0520 2036 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
14:47:52.0526 2036 HdAudAddService - ok
14:47:52.0594 2036 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
14:47:52.0597 2036 HDAudBus - ok
14:47:52.0622 2036 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:52.0624 2036 HidBatt - ok
14:47:52.0662 2036 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:47:52.0665 2036 HidBth - ok
14:47:52.0690 2036 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:47:52.0692 2036 HidIr - ok
14:47:52.0732 2036 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:47:52.0734 2036 hidserv - ok
14:47:52.0778 2036 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
14:47:52.0780 2036 HidUsb - ok
14:47:52.0825 2036 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
14:47:52.0830 2036 hkmsvc - ok
14:47:52.0879 2036 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
14:47:52.0885 2036 HomeGroupListener - ok
14:47:52.0943 2036 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
14:47:52.0949 2036 HomeGroupProvider - ok
14:47:52.0989 2036 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
14:47:52.0991 2036 HpSAMD - ok
14:47:53.0059 2036 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
14:47:53.0068 2036 HTTP - ok
14:47:53.0114 2036 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
14:47:53.0115 2036 hwpolicy - ok
14:47:53.0171 2036 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
14:47:53.0174 2036 i8042prt - ok
14:47:53.0234 2036 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
14:47:53.0239 2036 iaStorV - ok
14:47:53.0360 2036 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:47:53.0375 2036 idsvc - ok
14:47:53.0412 2036 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:47:53.0414 2036 iirsp - ok
14:47:53.0482 2036 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
14:47:53.0494 2036 IKEEXT - ok
14:47:53.0700 2036 IntcAzAudAddService (1265393299a72ada509f5973040bb93f) C:\Windows\system32\drivers\RtkHDAud.sys
14:47:53.0790 2036 IntcAzAudAddService - ok
14:47:53.0923 2036 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
14:47:53.0925 2036 intelide - ok
14:47:53.0986 2036 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:47:53.0988 2036 intelppm - ok
14:47:54.0043 2036 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:47:54.0047 2036 IPBusEnum - ok
14:47:54.0068 2036 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:54.0070 2036 IpFilterDriver - ok
14:47:54.0143 2036 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
14:47:54.0152 2036 iphlpsvc - ok
14:47:54.0199 2036 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
14:47:54.0202 2036 IPMIDRV - ok
14:47:54.0226 2036 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:47:54.0230 2036 IPNAT - ok
14:47:54.0344 2036 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
14:47:54.0357 2036 iPod Service - ok
14:47:54.0402 2036 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:47:54.0403 2036 IRENUM - ok
14:47:54.0424 2036 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
14:47:54.0426 2036 isapnp - ok
14:47:54.0454 2036 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
14:47:54.0458 2036 iScsiPrt - ok
14:47:54.0502 2036 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
14:47:54.0504 2036 kbdclass - ok
14:47:54.0545 2036 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
14:47:54.0546 2036 kbdhid - ok
14:47:54.0588 2036 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:47:54.0590 2036 KeyIso - ok
14:47:54.0641 2036 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
14:47:54.0643 2036 KSecDD - ok
14:47:54.0689 2036 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
14:47:54.0692 2036 KSecPkg - ok
14:47:54.0741 2036 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:47:54.0749 2036 KtmRm - ok
14:47:54.0800 2036 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
14:47:54.0806 2036 LanmanServer - ok
14:47:54.0847 2036 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
14:47:54.0853 2036 LanmanWorkstation - ok
14:47:54.0911 2036 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:47:54.0913 2036 lltdio - ok
14:47:54.0956 2036 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:47:54.0961 2036 lltdsvc - ok
14:47:54.0984 2036 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:47:54.0987 2036 lmhosts - ok
14:47:55.0039 2036 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:47:55.0041 2036 LSI_FC - ok
14:47:55.0061 2036 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:47:55.0064 2036 LSI_SAS - ok
14:47:55.0083 2036 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:47:55.0084 2036 LSI_SAS2 - ok
14:47:55.0117 2036 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:47:55.0119 2036 LSI_SCSI - ok
14:47:55.0157 2036 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:47:55.0159 2036 luafv - ok
14:47:55.0203 2036 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
14:47:55.0206 2036 Mcx2Svc - ok
14:47:55.0223 2036 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:47:55.0224 2036 megasas - ok
14:47:55.0257 2036 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:47:55.0261 2036 MegaSR - ok
14:47:55.0309 2036 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:47:55.0313 2036 MMCSS - ok
14:47:55.0330 2036 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:47:55.0332 2036 Modem - ok
14:47:55.0376 2036 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:47:55.0377 2036 monitor - ok
14:47:55.0414 2036 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:47:55.0416 2036 mouclass - ok
14:47:55.0452 2036 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:47:55.0454 2036 mouhid - ok
14:47:55.0504 2036 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
14:47:55.0506 2036 mountmgr - ok
14:47:55.0603 2036 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:47:55.0605 2036 MozillaMaintenance - ok
14:47:55.0676 2036 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
14:47:55.0680 2036 MpFilter - ok
14:47:55.0725 2036 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
14:47:55.0728 2036 mpio - ok
14:47:55.0857 2036 MpKsl15e9244d (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2EB0E7D3-7DA7-4BF1-B4B8-FCE77EE9282B}\MpKsl15e9244d.sys
14:47:55.0859 2036 MpKsl15e9244d - ok
14:47:55.0881 2036 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:47:55.0883 2036 mpsdrv - ok
14:47:55.0958 2036 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
14:47:55.0969 2036 MpsSvc - ok
14:47:56.0013 2036 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
14:47:56.0015 2036 MRxDAV - ok
14:47:56.0070 2036 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:47:56.0073 2036 mrxsmb - ok
14:47:56.0110 2036 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:47:56.0116 2036 mrxsmb10 - ok
14:47:56.0148 2036 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:47:56.0152 2036 mrxsmb20 - ok
14:47:56.0201 2036 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
14:47:56.0202 2036 msahci - ok
14:47:56.0250 2036 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
14:47:56.0253 2036 msdsm - ok
14:47:56.0297 2036 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:47:56.0302 2036 MSDTC - ok
14:47:56.0356 2036 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:47:56.0357 2036 Msfs - ok
14:47:56.0380 2036 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:47:56.0381 2036 mshidkmdf - ok
14:47:56.0408 2036 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
14:47:56.0410 2036 msisadrv - ok
14:47:56.0463 2036 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:47:56.0467 2036 MSiSCSI - ok
14:47:56.0476 2036 msiserver - ok
14:47:56.0534 2036 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:47:56.0537 2036 MSKSSRV - ok
14:47:56.0625 2036 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:47:56.0625 2036 MsMpSvc - ok
14:47:56.0646 2036 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:47:56.0648 2036 MSPCLOCK - ok
14:47:56.0673 2036 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:47:56.0674 2036 MSPQM - ok
14:47:56.0703 2036 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:47:56.0707 2036 MsRPC - ok
14:47:56.0757 2036 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
14:47:56.0758 2036 mssmbios - ok
14:47:56.0772 2036 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:47:56.0773 2036 MSTEE - ok
14:47:56.0783 2036 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:47:56.0785 2036 MTConfig - ok
14:47:56.0808 2036 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:47:56.0810 2036 Mup - ok
14:47:56.0867 2036 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
14:47:56.0876 2036 napagent - ok
14:47:56.0929 2036 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:47:56.0935 2036 NativeWifiP - ok
14:47:56.0987 2036 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
14:47:56.0998 2036 NDIS - ok
14:47:57.0045 2036 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:47:57.0047 2036 NdisCap - ok
14:47:57.0087 2036 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:47:57.0089 2036 NdisTapi - ok
14:47:57.0136 2036 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
14:47:57.0138 2036 Ndisuio - ok
14:47:57.0184 2036 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
14:47:57.0187 2036 NdisWan - ok
14:47:57.0226 2036 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
14:47:57.0228 2036 NDProxy - ok
14:47:57.0246 2036 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:47:57.0264 2036 NetBIOS - ok
14:47:57.0333 2036 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
14:47:57.0336 2036 NetBT - ok
14:47:57.0379 2036 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:47:57.0381 2036 Netlogon - ok
14:47:57.0468 2036 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:47:57.0476 2036 Netman - ok
14:47:57.0583 2036 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:57.0586 2036 NetMsmqActivator - ok
14:47:57.0593 2036 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:57.0596 2036 NetPipeActivator - ok
14:47:57.0632 2036 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:47:57.0643 2036 netprofm - ok
14:47:57.0651 2036 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:57.0653 2036 NetTcpActivator - ok
14:47:57.0664 2036 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:47:57.0666 2036 NetTcpPortSharing - ok
14:47:57.0713 2036 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:47:57.0715 2036 nfrd960 - ok
14:47:57.0764 2036 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:47:57.0766 2036 NisDrv - ok
14:47:57.0848 2036 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:47:57.0852 2036 NisSrv - ok
14:47:57.0909 2036 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
14:47:57.0915 2036 NlaSvc - ok
14:47:57.0934 2036 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:47:57.0937 2036 Npfs - ok
14:47:57.0956 2036 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:47:57.0960 2036 nsi - ok
14:47:57.0979 2036 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:47:57.0981 2036 nsiproxy - ok
14:47:58.0073 2036 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
14:47:58.0102 2036 Ntfs - ok
14:47:58.0119 2036 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:47:58.0121 2036 Null - ok
14:47:58.0166 2036 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
14:47:58.0169 2036 nvraid - ok
14:47:58.0198 2036 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
14:47:58.0203 2036 nvstor - ok
14:47:58.0258 2036 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
14:47:58.0261 2036 nv_agp - ok
14:47:58.0302 2036 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
14:47:58.0304 2036 ohci1394 - ok
14:47:58.0359 2036 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:47:58.0368 2036 p2pimsvc - ok
14:47:58.0421 2036 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:47:58.0430 2036 p2psvc - ok
14:47:58.0489 2036 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:47:58.0491 2036 Parport - ok
14:47:58.0533 2036 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
14:47:58.0535 2036 partmgr - ok
14:47:58.0547 2036 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:47:58.0549 2036 Parvdm - ok
14:47:58.0569 2036 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:47:58.0574 2036 PcaSvc - ok
14:47:58.0594 2036 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
14:47:58.0598 2036 pci - ok
14:47:58.0620 2036 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
14:47:58.0623 2036 pciide - ok
14:47:58.0648 2036 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:47:58.0653 2036 pcmcia - ok
14:47:58.0679 2036 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:47:58.0681 2036 pcw - ok
14:47:58.0743 2036 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:47:58.0752 2036 PEAUTH - ok
14:47:58.0862 2036 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
14:47:58.0901 2036 pla - ok
14:47:59.0031 2036 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
14:47:59.0039 2036 PlugPlay - ok
14:47:59.0083 2036 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:47:59.0087 2036 PNRPAutoReg - ok
14:47:59.0120 2036 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:47:59.0128 2036 PNRPsvc - ok
14:47:59.0167 2036 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
14:47:59.0174 2036 PolicyAgent - ok
14:47:59.0224 2036 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
14:47:59.0231 2036 Power - ok
14:47:59.0317 2036 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:47:59.0320 2036 PptpMiniport - ok
14:47:59.0338 2036 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:47:59.0340 2036 Processor - ok
14:47:59.0394 2036 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
14:47:59.0399 2036 ProfSvc - ok
14:47:59.0445 2036 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:47:59.0448 2036 ProtectedStorage - ok
14:47:59.0490 2036 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:47:59.0493 2036 Psched - ok
14:47:59.0566 2036 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:47:59.0601 2036 ql2300 - ok
14:47:59.0701 2036 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:47:59.0703 2036 ql40xx - ok
14:47:59.0752 2036 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:47:59.0759 2036 QWAVE - ok
14:47:59.0775 2036 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:47:59.0777 2036 QWAVEdrv - ok
14:47:59.0795 2036 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:47:59.0797 2036 RasAcd - ok
14:47:59.0839 2036 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:47:59.0841 2036 RasAgileVpn - ok
14:47:59.0862 2036 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:47:59.0868 2036 RasAuto - ok
14:47:59.0891 2036 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:47:59.0894 2036 Rasl2tp - ok
14:47:59.0951 2036 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
14:47:59.0958 2036 RasMan - ok
14:48:00.0000 2036 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:48:00.0002 2036 RasPppoe - ok
14:48:00.0054 2036 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:48:00.0057 2036 RasSstp - ok
14:48:00.0101 2036 Razerlow (116c340acf37602d12cac6de6b8107cd) C:\Windows\system32\Drivers\Razerlow.sys
14:48:00.0105 2036 Razerlow - ok
14:48:00.0156 2036 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
14:48:00.0161 2036 rdbss - ok
14:48:00.0183 2036 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:48:00.0184 2036 rdpbus - ok
14:48:00.0227 2036 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:48:00.0229 2036 RDPCDD - ok
14:48:00.0279 2036 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:48:00.0281 2036 RDPENCDD - ok
14:48:00.0297 2036 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:48:00.0299 2036 RDPREFMP - ok
14:48:00.0346 2036 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
14:48:00.0350 2036 RDPWD - ok
14:48:00.0382 2036 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
14:48:00.0386 2036 rdyboost - ok
14:48:00.0428 2036 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:48:00.0432 2036 RemoteAccess - ok
14:48:00.0483 2036 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:48:00.0489 2036 RemoteRegistry - ok
14:48:00.0535 2036 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:48:00.0540 2036 RpcEptMapper - ok
14:48:00.0580 2036 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:48:00.0583 2036 RpcLocator - ok
14:48:00.0644 2036 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
14:48:00.0651 2036 RpcSs - ok
14:48:00.0666 2036 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:48:00.0669 2036 rspndr - ok
14:48:00.0711 2036 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:48:00.0714 2036 SamSs - ok
14:48:00.0758 2036 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
14:48:00.0761 2036 sbp2port - ok
14:48:00.0785 2036 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:48:00.0791 2036 SCardSvr - ok
14:48:00.0833 2036 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
14:48:00.0835 2036 scfilter - ok
14:48:00.0910 2036 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
14:48:00.0924 2036 Schedule - ok
14:48:00.0975 2036 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
14:48:00.0976 2036 SCPolicySvc - ok
14:48:01.0020 2036 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
14:48:01.0026 2036 SDRSVC - ok
14:48:01.0066 2036 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:48:01.0068 2036 secdrv - ok
14:48:01.0114 2036 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:48:01.0118 2036 seclogon - ok
14:48:01.0165 2036 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:48:01.0168 2036 SENS - ok
14:48:01.0210 2036 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:48:01.0215 2036 SensrSvc - ok
14:48:01.0253 2036 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:48:01.0255 2036 Serenum - ok
14:48:01.0298 2036 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:48:01.0301 2036 Serial - ok
14:48:01.0344 2036 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:48:01.0346 2036 sermouse - ok
14:48:01.0415 2036 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
14:48:01.0421 2036 SessionEnv - ok
14:48:01.0466 2036 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
14:48:01.0467 2036 sffdisk - ok
14:48:01.0480 2036 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
14:48:01.0483 2036 sffp_mmc - ok
14:48:01.0505 2036 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
14:48:01.0508 2036 sffp_sd - ok
14:48:01.0553 2036 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:48:01.0555 2036 sfloppy - ok
14:48:01.0620 2036 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:48:01.0627 2036 SharedAccess - ok
14:48:01.0695 2036 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
14:48:01.0704 2036 ShellHWDetection - ok
14:48:01.0751 2036 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
14:48:01.0753 2036 sisagp - ok
14:48:01.0791 2036 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:48:01.0793 2036 SiSRaid2 - ok
14:48:01.0814 2036 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:48:01.0817 2036 SiSRaid4 - ok
14:48:01.0857 2036 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:48:01.0859 2036 Smb - ok
14:48:01.0920 2036 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:48:01.0925 2036 SNMPTRAP - ok
14:48:01.0935 2036 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:48:01.0938 2036 spldr - ok
14:48:02.0004 2036 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
14:48:02.0012 2036 Spooler - ok
14:48:02.0185 2036 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
14:48:02.0263 2036 sppsvc - ok
14:48:02.0639 2036 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
14:48:02.0644 2036 sppuinotify - ok
14:48:02.0688 2036 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
14:48:02.0693 2036 srv - ok
14:48:02.0716 2036 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
14:48:02.0721 2036 srv2 - ok
14:48:02.0742 2036 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
14:48:02.0746 2036 srvnet - ok
14:48:02.0789 2036 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:48:02.0794 2036 SSDPSRV - ok
14:48:02.0812 2036 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:48:02.0817 2036 SstpSvc - ok
14:48:02.0858 2036 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:48:02.0860 2036 stexstor - ok
14:48:02.0921 2036 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
14:48:02.0932 2036 StiSvc - ok
14:48:02.0973 2036 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
14:48:02.0975 2036 swenum - ok
14:48:03.0159 2036 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:48:03.0169 2036 SwitchBoard - ok
14:48:03.0205 2036 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:48:03.0212 2036 swprv - ok
14:48:03.0293 2036 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
14:48:03.0324 2036 SysMain - ok
14:48:03.0372 2036 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
14:48:03.0376 2036 TabletInputService - ok
14:48:03.0616 2036 TabletServicePen (c9d5fa17200768ef92538f1f95735a2e) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
14:48:03.0734 2036 TabletServicePen - ok
14:48:03.0860 2036 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
14:48:03.0867 2036 TapiSrv - ok
14:48:03.0917 2036 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:48:03.0922 2036 TBS - ok
14:48:04.0061 2036 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
14:48:04.0096 2036 Tcpip - ok
14:48:04.0140 2036 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
14:48:04.0151 2036 TCPIP6 - ok
14:48:04.0204 2036 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
14:48:04.0206 2036 tcpipreg - ok
14:48:04.0258 2036 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
14:48:04.0260 2036 TDPIPE - ok
14:48:04.0304 2036 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
14:48:04.0306 2036 TDTCP - ok
14:48:04.0354 2036 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
14:48:04.0356 2036 tdx - ok
14:48:04.0399 2036 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
14:48:04.0401 2036 TermDD - ok
14:48:04.0462 2036 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
14:48:04.0474 2036 TermService - ok
14:48:04.0512 2036 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:48:04.0517 2036 Themes - ok
14:48:04.0564 2036 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:48:04.0567 2036 THREADORDER - ok
14:48:04.0678 2036 TouchServicePen (8d83c60de67c2db212452d8ebe7ca196) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
14:48:04.0685 2036 TouchServicePen - ok
14:48:04.0705 2036 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:48:04.0709 2036 TrkWks - ok
14:48:04.0780 2036 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
14:48:04.0785 2036 truecrypt - ok
14:48:04.0860 2036 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
14:48:04.0864 2036 TrustedInstaller - ok
14:48:04.0883 2036 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:48:04.0885 2036 tssecsrv - ok
14:48:04.0945 2036 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
14:48:04.0947 2036 TsUsbFlt - ok
14:48:05.0004 2036 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
14:48:05.0008 2036 tunnel - ok
14:48:05.0052 2036 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:48:05.0054 2036 uagp35 - ok
14:48:05.0107 2036 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
14:48:05.0112 2036 udfs - ok
14:48:05.0143 2036 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:48:05.0149 2036 UI0Detect - ok
14:48:05.0189 2036 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
14:48:05.0191 2036 uliagpkx - ok
14:48:05.0245 2036 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
14:48:05.0247 2036 umbus - ok
14:48:05.0287 2036 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:48:05.0289 2036 UmPass - ok
14:48:05.0314 2036 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:48:05.0322 2036 upnphost - ok
14:48:05.0368 2036 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:48:05.0370 2036 USBAAPL - ok
14:48:05.0415 2036 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
14:48:05.0417 2036 usbccgp - ok
14:48:05.0456 2036 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
14:48:05.0458 2036 usbcir - ok
14:48:05.0475 2036 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
14:48:05.0478 2036 usbehci - ok
14:48:05.0526 2036 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
14:48:05.0531 2036 usbhub - ok
14:48:05.0546 2036 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
14:48:05.0548 2036 usbohci - ok
14:48:05.0569 2036 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:48:05.0571 2036 usbprint - ok
14:48:05.0594 2036 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:48:05.0597 2036 USBSTOR - ok
14:48:05.0613 2036 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
14:48:05.0614 2036 usbuhci - ok
14:48:05.0654 2036 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:48:05.0659 2036 UxSms - ok
14:48:05.0701 2036 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
14:48:05.0704 2036 VaultSvc - ok
14:48:05.0751 2036 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
14:48:05.0754 2036 vdrvroot - ok
14:48:05.0813 2036 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
14:48:05.0825 2036 vds - ok
14:48:05.0867 2036 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:48:05.0870 2036 vga - ok
14:48:05.0887 2036 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:48:05.0889 2036 VgaSave - ok
14:48:05.0933 2036 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
14:48:05.0936 2036 vhdmp - ok
14:48:05.0977 2036 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
14:48:05.0980 2036 viaagp - ok
14:48:05.0999 2036 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:48:06.0000 2036 ViaC7 - ok
14:48:06.0017 2036 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
14:48:06.0019 2036 viaide - ok
14:48:06.0042 2036 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
14:48:06.0045 2036 volmgr - ok
14:48:06.0068 2036 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:48:06.0074 2036 volmgrx - ok
14:48:06.0102 2036 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
14:48:06.0107 2036 volsnap - ok
14:48:06.0156 2036 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:48:06.0160 2036 vsmraid - ok
14:48:06.0248 2036 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
14:48:06.0280 2036 VSS - ok
14:48:06.0296 2036 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:48:06.0298 2036 vwifibus - ok
14:48:06.0348 2036 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:48:06.0356 2036 W32Time - ok
14:48:06.0391 2036 wacmoumonitor (f24ee97511fb901189e11cbbd51605ba) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:48:06.0393 2036 wacmoumonitor - ok
14:48:06.0403 2036 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:48:06.0405 2036 wacommousefilter - ok
14:48:06.0431 2036 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:48:06.0433 2036 WacomPen - ok
14:48:06.0478 2036 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\Windows\system32\DRIVERS\wacomvhid.sys
14:48:06.0480 2036 wacomvhid - ok
14:48:06.0537 2036 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:06.0540 2036 WANARP - ok
14:48:06.0545 2036 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
14:48:06.0547 2036 Wanarpv6 - ok
14:48:06.0692 2036 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:48:06.0726 2036 WatAdminSvc - ok
14:48:06.0809 2036 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
14:48:06.0844 2036 wbengine - ok
14:48:06.0874 2036 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:48:06.0880 2036 WbioSrvc - ok
14:48:06.0929 2036 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
14:48:06.0937 2036 wcncsvc - ok
14:48:06.0953 2036 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:48:06.0962 2036 WcsPlugInService - ok
14:48:07.0027 2036 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:48:07.0030 2036 Wd - ok
14:48:07.0066 2036 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:48:07.0074 2036 Wdf01000 - ok
14:48:07.0101 2036 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:48:07.0107 2036 WdiServiceHost - ok
14:48:07.0114 2036 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:48:07.0122 2036 WdiSystemHost - ok
14:48:07.0174 2036 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
14:48:07.0184 2036 WebClient - ok
14:48:07.0213 2036 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:48:07.0223 2036 Wecsvc - ok
14:48:07.0245 2036 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:48:07.0250 2036 wercplsupport - ok
14:48:07.0296 2036 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:48:07.0301 2036 WerSvc - ok
14:48:07.0345 2036 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:48:07.0347 2036 WfpLwf - ok
14:48:07.0366 2036 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:48:07.0368 2036 WIMMount - ok
14:48:07.0472 2036 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:48:07.0485 2036 WinDefend - ok
14:48:07.0508 2036 WinHttpAutoProxySvc - ok
14:48:07.0625 2036 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:48:07.0641 2036 Winmgmt - ok
14:48:07.0727 2036 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
14:48:07.0764 2036 WinRM - ok
14:48:07.0863 2036 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
14:48:07.0865 2036 WinUsb - ok
14:48:07.0941 2036 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:48:07.0958 2036 Wlansvc - ok
14:48:08.0117 2036 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:48:08.0153 2036 wlidsvc - ok
14:48:08.0281 2036 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
14:48:08.0283 2036 WmiAcpi - ok
14:48:08.0350 2036 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:48:08.0354 2036 wmiApSrv - ok
14:48:08.0454 2036 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:48:08.0481 2036 WMPNetworkSvc - ok
14:48:08.0512 2036 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:48:08.0520 2036 WPCSvc - ok
14:48:08.0558 2036 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
14:48:08.0564 2036 WPDBusEnum - ok
14:48:08.0615 2036 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:48:08.0617 2036 ws2ifsl - ok
14:48:08.0665 2036 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
14:48:08.0671 2036 wscsvc - ok
14:48:08.0726 2036 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:48:08.0728 2036 WSDPrintDevice - ok
14:48:08.0737 2036 WSearch - ok
14:48:08.0864 2036 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
14:48:08.0915 2036 wuauserv - ok
14:48:09.0027 2036 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
14:48:09.0030 2036 WudfPf - ok
14:48:09.0090 2036 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:48:09.0097 2036 WUDFRd - ok
14:48:09.0152 2036 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
14:48:09.0157 2036 wudfsvc - ok
14:48:09.0203 2036 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:48:09.0210 2036 WwanSvc - ok
14:48:09.0260 2036 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:48:09.0427 2036 \Device\Harddisk0\DR0 - ok
14:48:09.0440 2036 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk5\DR5
14:48:13.0543 2036 \Device\Harddisk5\DR5 - ok
14:48:13.0559 2036 Boot (0x1200) (b7adb6a2a0db5ce2b1655052afcb2bad) \Device\Harddisk0\DR0\Partition0
14:48:13.0561 2036 \Device\Harddisk0\DR0\Partition0 - ok
14:48:13.0569 2036 Boot (0x1200) (5d9547f85f6d1d1edd24e2a69df84a5e) \Device\Harddisk5\DR5\Partition0
14:48:13.0572 2036 \Device\Harddisk5\DR5\Partition0 - ok
14:48:13.0573 2036 ============================================================
14:48:13.0573 2036 Scan finished
14:48:13.0573 2036 ============================================================
14:48:13.0598 4720 Detected object count: 0
14:48:13.0598 4720 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users