Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef Virus and a restarting computer


  • This topic is locked This topic is locked
34 replies to this topic

#1 Spike1361

Spike1361

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 14 August 2012 - 06:10 PM

Hey guys, I've got a Dell XPS running Vista SP2 that has the Sirefef virus. Any attempt where I try to clean the computer gives me a "Windows has encountered a critical problem and will restart automatically in one minute." warning.

The following items are detected with Microsoft Security Essentials: Trojan:Win32/Sirefef.AO, AN, AG, AB, AH, and Virus:Win32/Sirefef.R.

I also downloaded Malwarebytes but have had no luck. Can anyone please help me out?

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:19 PM

Posted 15 August 2012 - 10:15 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 16 August 2012 - 08:14 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0
Run by Bill at 20:03:11 on 2012-08-16
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\Explorer.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\DELL\E-Center\EULALauncher.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Dell PC Fax\fm3032.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe
C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bill\Desktop\dds.com
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080708
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [AdobeBridge]
uRun: [aductndi] c:\users\bill\appdata\local\akjnnfgcm\dlkbytgtssd.exe
uRun: [Facebook Update] "c:\users\bill\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Google Update] "c:\users\bill\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Eltoveap] c:\users\bill\appdata\roaming\coybum\ylope.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [FaxCenterServer] "c:\program files\dell pc fax\fm3032.exe" /s
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{217A5D69-807C-47F3-B61E-68E4ABCBEA66} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{99D3EEB5-AF4B-4CC2-AE95-16BAD7A7D3DB} : DhcpNameServer = 10.1.1.25 10.1.1.13
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bill\appdata\roaming\mozilla\firefox\profiles\t3awtp55.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\bill\appdata\roaming\mozilla\firefox\profiles\t3awtp55.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\bill\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\bill\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\bill\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? AVGIDSDriver;AVGIDSDriver
R? AVGIDSFilter;AVGIDSFilter
R? AVGIDSHX;AVGIDSHX
R? AVGIDSShim;AVGIDSShim
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service
R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? HTCAND32;HTC Device Driver
R? htcnprot;HTC NDIS Protocol Driver
R? iaNvStor;Intel® Turbo Memory Controller
R? IUNS;Intel® Management Services
R? MozillaMaintenance;Mozilla Maintenance Service
R? MpNWMon;Microsoft Malware Protection Network Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AESTFilters;Andrea ST Filters Service
S? BNPagent;Bradford Persistent Agent Service
S? dlcx_device;dlcx_device
S? FontCache;Windows Font Cache Service
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? MemeoBackgroundService;MemeoBackgroundService
S? MpFilter;Microsoft Malware Protection Driver
S? PassThru Service;Internet Pass-Through Service
S? t3;SB Xtreme Audio Notebook
.
=============== Created Last 30 ================
.
2012-08-17 00:02:16 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{fca9e002-f35b-458d-95bd-a463db15a7b5}\offreg.dll
2012-08-16 23:57:00 -------- d-----w- C:\026736f853659d96a22eff
2012-08-14 23:05:49 252928 ----a-w- c:\windows\system32\svc2dll.exe
2012-08-14 21:15:26 44544 ----a-w- c:\windows\system32\agremove.exe
2012-08-13 23:20:08 43480 ----a-w- c:\windows\system32\drivers\fiwppcag.sys
2012-07-25 22:21:40 4024320 ----a-w- c:\program files\GUTB664.tmp
2012-07-25 22:21:40 -------- d-----w- c:\program files\GUMB653.tmp
2012-07-25 20:57:54 -------- d-----w- C:\9dc3de6b7631f0032523cf0b1645
.
==================== Find3M ====================
.
2012-07-25 22:46:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-25 22:46:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 08:20:37 279552 ----a-w- c:\windows\system32\services.exe
2012-07-09 02:30:22 0 ----a-w- c:\windows\system32\mbam.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 12:54:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-06-25 12:54:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-17 14:18:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-06-17 14:18:04 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-17 14:18:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-17 14:18:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-17 14:18:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-17 14:18:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-06-17 14:18:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-17 14:18:01 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-06-17 14:18:01 367104 ----a-w- c:\windows\system32\html.iec
2012-06-17 14:18:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-17 14:18:00 152064 ----a-w- c:\windows\system32\wextract.exe
2012-06-17 14:18:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-17 14:17:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-06-17 14:17:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-06-17 14:17:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 14:17:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-17 14:17:58 11776 ----a-w- c:\windows\system32\mshta.exe
2012-06-17 14:17:57 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-06-17 14:17:57 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-17 14:17:57 101888 ----a-w- c:\windows\system32\admparse.dll
2012-06-17 14:17:56 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-05 02:29:08 772552 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-05 02:29:08 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-01 19:45:52 34304 ----a-w- c:\windows\system32\instd32.exe
.
============= FINISH: 20:13:03.18 ===============

.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
ACD/Labs Software in C:\Program Files\ACDFREE12\
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
Bonjour
Bradford Persistent Agent
Browser Address Error Redirector
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Consumer Service Agreement
Connect
Copy
Coupon Printer for Windows
Creative ALchemy (X-Fi Edition)
Creative Audio Control Panel
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties
Creative System Information
Creative WaveStudio 7
Dell DataSafe Online
Dell Getting Started Guide
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
DellSupport
Destinations
DeviceDiscovery
DJ_AIO_06_F4500_SW_MIN
Download Updater (AOL LLC)
EDocs
F4500
Facebook Video Calling 1.0.0.8953
Facebook Video Calling 1.1.0.13
Facebook Video Calling 1.1.1.1
Facebook Video Calling 1.2.0.159
ffdshow [rev 2527] [2008-12-19]
Fingerprint Reader Suite 5.6
GeoGebra
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Host OpenAL
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
HTC BMP USB Driver
HTC Driver Installer
iCloud
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java SE Development Kit 7 Update 4
Java™ 7 Update 4
K-Lite Codec Pack 5.2.0 (Full)
kuler
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MediaDirect
Memeo AutoSync
Memeo Instant Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Move Media Player
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Music, Photos & Videos Launcher
Network
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OutlookAddinSetup
PDF Settings CS4
Photoshop Camera Raw
Product Documentation Launcher
QualXServ Service Agreement
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
SigmaTel Audio
Skype Toolbars
SmartWebPrinting
SolutionCenter
Sound Blaster X-Fi
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
Suite Shared Configuration CS4
System Requirements Lab
System Requirements Lab CYRI
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon V CAST Media Manager
WebReg
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Player Firefox Plugin
WModem Driver Installer
.
==== End Of File ===========================

#4 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 16 August 2012 - 08:17 PM

Now for the Gmer scans I had trouble. While running them in normal mode, I would get the blue screen of death, saying something like Page Fault in NonPaged Area or something. That happened twice and I tried running in safemode. The scans will not finish due to the virus forcing a restart however. This is what I managed to save:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-16 21:04:23
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\Bill\AppData\Local\Temp\pxldqpod.sys


---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[584] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: mswsock.dllunknown module: MSWSOCK.dll
.text C:\Windows\system32\svchost.exe[1016] kernel32.dll!WriteFile 7784ABE1 5 Bytes JMP 0005000C
.text C:\Windows\system32\svchost.exe[1016] ole32.dll!CoCreateInstance 77709F3E 5 Bytes JMP 004C000A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\fastfat \Fat 90060A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0@001e8d9e6dfe 0x7A 0xDA 0x8C 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0@38e7d825ade1 0x68 0x97 0x24 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00241c6796f5 0xDB 0x0C 0x8A 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00234de8f2d8 0x14 0x08 0xBC 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1df87e0@68092745af25 0xFA 0xD0 0x6E 0x6C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0@001e8d9e6dfe 0x7A 0xDA 0x8C 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0@38e7d825ade1 0x68 0x97 0x24 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00241c6796f5 0xDB 0x0C 0x8A 0x1B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00234de8f2d8 0x14 0x08 0xBC 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df87e0@68092745af25 0xFA 0xD0 0x6E 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0@001e8d9e6dfe 0x7A 0xDA 0x8C 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0@38e7d825ade1 0x68 0x97 0x24 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00241c6796f5 0xDB 0x0C 0x8A 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0@00234de8f2d8 0x14 0x08 0xBC 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df87e0@68092745af25 0xFA 0xD0 0x6E 0x6C ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\026736f853659d96a22eff\C6E3B3C5-66AF-460D-BDF3-367401738EFDmpasbase.vdm (size mismatch) 14630912/0 bytes executable

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 18 August 2012 - 12:47 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 20 August 2012 - 04:14 PM

When I try running ComboFix I am getting a blue screen after a while. I've tried running it in safemode and safemode with networking as well but also get blue screens. How can I avoid this?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 21 August 2012 - 07:05 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 21 August 2012 - 05:15 PM

From TDSSKiller, I have a report from the scan after curing to files and a report after the reboot in which no infected files were found. I'm having trouble downloading aswMBR.exe, I've tried from the link provided and also from bleepingcomputer.com/downloads.

First:

18:01:33.0948 2008 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:01:34.0388 2008 ============================================================
18:01:34.0388 2008 Current date / time: 2012/08/21 18:01:34.0388
18:01:34.0388 2008 SystemInfo:
18:01:34.0389 2008
18:01:34.0389 2008 OS Version: 6.0.6002 ServicePack: 2.0
18:01:34.0389 2008 Product type: Workstation
18:01:34.0389 2008 ComputerName: BILL-PC
18:01:34.0389 2008 UserName: Bill
18:01:34.0389 2008 Windows directory: C:\Windows
18:01:34.0389 2008 System windows directory: C:\Windows
18:01:34.0390 2008 Processor architecture: Intel x86
18:01:34.0390 2008 Number of processors: 2
18:01:34.0390 2008 Page size: 0x1000
18:01:34.0390 2008 Boot type: Normal boot
18:01:34.0390 2008 ============================================================
18:01:38.0191 2008 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:01:38.0298 2008 ============================================================
18:01:38.0298 2008 \Device\Harddisk0\DR0:
18:01:38.0346 2008 MBR partitions:
18:01:38.0346 2008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
18:01:38.0346 2008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
18:01:38.0408 2008 ============================================================
18:01:38.0560 2008 C: <-> \Device\Harddisk0\DR0\Partition2
18:01:38.0701 2008 D: <-> \Device\Harddisk0\DR0\Partition1
18:01:38.0701 2008 ============================================================
18:01:38.0702 2008 Initialize success
18:01:38.0702 2008 ============================================================
18:01:41.0514 5232 ============================================================
18:01:41.0514 5232 Scan started
18:01:41.0514 5232 Mode: Manual;
18:01:41.0514 5232 ============================================================
18:01:43.0466 5232 ================ Scan system memory ========================
18:01:43.0466 5232 System memory - ok
18:01:43.0467 5232 ================ Scan services =============================
18:01:43.0961 5232 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:01:43.0969 5232 ACPI - ok
18:01:44.0004 5232 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
18:01:44.0006 5232 adfs - ok
18:01:44.0391 5232 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:01:44.0492 5232 AdobeFlashPlayerUpdateSvc - ok
18:01:45.0108 5232 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:01:45.0632 5232 adp94xx - ok
18:01:45.0831 5232 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:01:46.0298 5232 adpahci - ok
18:01:46.0439 5232 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:01:46.0443 5232 adpu160m - ok
18:01:46.0550 5232 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:01:46.0829 5232 adpu320 - ok
18:01:46.0959 5232 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:01:46.0974 5232 AeLookupSvc - ok
18:01:46.0991 5232 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
18:01:46.0991 5232 AESTFilters - ok
18:01:47.0127 5232 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:01:47.0135 5232 AFD - ok
18:01:47.0250 5232 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:01:47.0287 5232 agp440 - ok
18:01:47.0645 5232 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:01:47.0890 5232 aic78xx - ok
18:01:48.0014 5232 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:01:48.0014 5232 ALG - ok
18:01:48.0210 5232 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:01:48.0333 5232 aliide - ok
18:01:48.0561 5232 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:01:48.0795 5232 amdagp - ok
18:01:49.0095 5232 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:01:49.0097 5232 amdide - ok
18:01:49.0191 5232 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:01:49.0193 5232 AmdK7 - ok
18:01:49.0413 5232 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:01:49.0416 5232 AmdK8 - ok
18:01:49.0660 5232 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:01:49.0662 5232 ApfiltrService - ok
18:01:49.0719 5232 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:01:51.0665 5232 Appinfo - ok
18:01:53.0419 5232 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:01:53.0423 5232 Apple Mobile Device - ok
18:01:53.0742 5232 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:01:53.0746 5232 arc - ok
18:01:53.0804 5232 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:01:53.0807 5232 arcsas - ok
18:01:54.0714 5232 [ EB7319DA35FFF406C2AFD912F8268F4C ] AresChatServer C:\Program Files\Ares\chatServer.exe
18:01:54.0724 5232 AresChatServer - ok
18:01:54.0980 5232 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:54.0981 5232 AsyncMac - ok
18:01:55.0041 5232 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:01:55.0042 5232 atapi - ok
18:01:55.0136 5232 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:01:55.0155 5232 AudioEndpointBuilder - ok
18:01:55.0344 5232 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:01:55.0349 5232 Audiosrv - ok
18:01:55.0385 5232 AVGIDSDriver - ok
18:01:55.0401 5232 AVGIDSFilter - ok
18:01:55.0416 5232 AVGIDSHX - ok
18:01:55.0417 5232 AVGIDSShim - ok
18:01:55.0431 5232 BCM42RLY - ok
18:01:55.0552 5232 [ CDF7F28FFD693B1B4137845DD1EF1CCC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
18:01:55.0567 5232 BCM43XX - ok
18:01:55.0647 5232 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:01:55.0648 5232 Beep - ok
18:01:55.0985 5232 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:01:56.0040 5232 BFE - ok
18:01:56.0118 5232 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:01:56.0120 5232 blbdrive - ok
18:01:57.0995 5232 [ EB4DBD440B3B7138A5F16808D9DEE638 ] BNPagent C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
18:01:58.0672 5232 BNPagent - ok
18:01:59.0904 5232 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:02:00.0171 5232 Bonjour Service - ok
18:02:00.0315 5232 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:02:00.0319 5232 bowser - ok
18:02:00.0598 5232 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:02:01.0321 5232 BrFiltLo - ok
18:02:01.0430 5232 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:02:01.0432 5232 BrFiltUp - ok
18:02:01.0495 5232 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:02:01.0542 5232 Browser - ok
18:02:01.0666 5232 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:02:02.0134 5232 Brserid - ok
18:02:02.0528 5232 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:02:02.0806 5232 BrSerWdm - ok
18:02:02.0899 5232 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:02:02.0901 5232 BrUsbMdm - ok
18:02:03.0069 5232 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:02:03.0236 5232 BrUsbSer - ok
18:02:03.0598 5232 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:02:03.0601 5232 BthEnum - ok
18:02:03.0651 5232 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:02:03.0653 5232 BTHMODEM - ok
18:02:03.0739 5232 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:02:03.0743 5232 BthPan - ok
18:02:03.0829 5232 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:02:03.0861 5232 BTHPORT - ok
18:02:04.0200 5232 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:02:04.0202 5232 BthServ - ok
18:02:04.0330 5232 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:02:04.0332 5232 BTHUSB - ok
18:02:04.0623 5232 [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:02:04.0627 5232 btwaudio - ok
18:02:04.0720 5232 [ 5FFDE57253D665067B0886612817EB11 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:02:04.0724 5232 btwavdt - ok
18:02:04.0810 5232 [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:02:04.0812 5232 btwrchid - ok
18:02:04.0989 5232 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
18:02:05.0801 5232 BVRPMPR5 - ok
18:02:06.0112 5232 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:02:06.0114 5232 cdfs - ok
18:02:06.0330 5232 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:02:06.0333 5232 cdrom - ok
18:02:06.0503 5232 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:02:08.0292 5232 CertPropSvc - ok
18:02:08.0356 5232 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:02:08.0358 5232 circlass - ok
18:02:08.0882 5232 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:02:09.0044 5232 CLFS - ok
18:02:09.0303 5232 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:09.0365 5232 clr_optimization_v2.0.50727_32 - ok
18:02:09.0429 5232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:09.0497 5232 clr_optimization_v4.0.30319_32 - ok
18:02:09.0604 5232 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:09.0606 5232 CmBatt - ok
18:02:09.0734 5232 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:02:09.0736 5232 cmdide - ok
18:02:09.0796 5232 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:02:09.0797 5232 Compbatt - ok
18:02:09.0808 5232 COMSysApp - ok
18:02:09.0821 5232 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:02:09.0822 5232 crcdisk - ok
18:02:10.0115 5232 [ 86A591677C54FF0C12290B3292202530 ] Creative ALchemy AL1 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
18:02:10.0357 5232 Creative ALchemy AL1 Licensing Service - ok
18:02:10.0381 5232 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:02:10.0384 5232 Creative Audio Engine Licensing Service - ok
18:02:10.0523 5232 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:02:10.0525 5232 Crusoe - ok
18:02:10.0686 5232 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:02:10.0691 5232 CryptSvc - ok
18:02:10.0877 5232 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
18:02:10.0886 5232 CTAudSvcService - ok
18:02:10.0968 5232 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:02:10.0990 5232 DcomLaunch - ok
18:02:11.0193 5232 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:02:11.0193 5232 DfsC - ok
18:02:11.0440 5232 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:02:11.0574 5232 DFSR - ok
18:02:11.0618 5232 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:02:11.0625 5232 Dhcp - ok
18:02:12.0350 5232 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:02:12.0353 5232 disk - ok
18:02:12.0368 5232 dlcx_device - ok
18:02:12.0457 5232 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:02:12.0461 5232 Dnscache - ok
18:02:12.0579 5232 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:02:12.0586 5232 dot3svc - ok
18:02:12.0733 5232 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:02:13.0287 5232 Dot4 - ok
18:02:13.0607 5232 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:02:13.0610 5232 Dot4Print - ok
18:02:13.0724 5232 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:02:14.0025 5232 dot4usb - ok
18:02:14.0373 5232 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:02:14.0395 5232 DPS - ok
18:02:14.0620 5232 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:02:14.0622 5232 drmkaud - ok
18:02:14.0881 5232 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
18:02:15.0270 5232 DSBrokerService - ok
18:02:15.0765 5232 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:02:15.0843 5232 DSproct - ok
18:02:15.0967 5232 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
18:02:16.0057 5232 dsunidrv - ok
18:02:16.0152 5232 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:02:16.0163 5232 DXGKrnl - ok
18:02:16.0437 5232 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
18:02:16.0636 5232 e1express - ok
18:02:16.0673 5232 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:02:16.0678 5232 E1G60 - ok
18:02:16.0742 5232 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:02:16.0745 5232 EapHost - ok
18:02:17.0081 5232 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:02:17.0093 5232 Ecache - ok
18:02:17.0739 5232 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:02:18.0005 5232 ehRecvr - ok
18:02:18.0371 5232 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:02:18.0375 5232 ehSched - ok
18:02:18.0441 5232 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:02:18.0442 5232 ehstart - ok
18:02:18.0700 5232 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:02:18.0835 5232 elxstor - ok
18:02:18.0911 5232 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:02:19.0300 5232 EMDMgmt - ok
18:02:19.0362 5232 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:02:19.0386 5232 ErrDev - ok
18:02:19.0636 5232 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:02:20.0035 5232 EventSystem - ok
18:02:20.0283 5232 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:02:20.0288 5232 exfat - ok
18:02:20.0453 5232 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:02:20.0457 5232 fastfat - ok
18:02:20.0530 5232 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:02:20.0532 5232 fdc - ok
18:02:20.0698 5232 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:02:20.0701 5232 fdPHost - ok
18:02:20.0753 5232 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:02:20.0756 5232 FDResPub - ok
18:02:20.0959 5232 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:02:20.0993 5232 FileInfo - ok
18:02:21.0153 5232 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:02:21.0155 5232 Filetrace - ok
18:02:22.0707 5232 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:02:24.0341 5232 FLEXnet Licensing Service - ok
18:02:24.0777 5232 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:24.0945 5232 flpydisk - ok
18:02:25.0338 5232 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:02:25.0343 5232 FltMgr - ok
18:02:25.0418 5232 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:02:25.0727 5232 FontCache - ok
18:02:25.0942 5232 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:02:26.0187 5232 FontCache3.0.0.0 - ok
18:02:26.0387 5232 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:02:26.0389 5232 Fs_Rec - ok
18:02:26.0616 5232 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:02:26.0749 5232 gagp30kx - ok
18:02:26.0843 5232 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:02:26.0844 5232 GEARAspiWDM - ok
18:02:26.0967 5232 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:02:26.0982 5232 gpsvc - ok
18:02:27.0172 5232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:27.0350 5232 gupdate - ok
18:02:27.0472 5232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:02:27.0475 5232 gupdatem - ok
18:02:27.0648 5232 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:02:27.0655 5232 gusvc - ok
18:02:27.0811 5232 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:02:27.0819 5232 HdAudAddService - ok
18:02:28.0131 5232 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:02:28.0155 5232 HDAudBus - ok
18:02:28.0594 5232 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:02:28.0728 5232 HidBth - ok
18:02:28.0917 5232 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:02:28.0919 5232 HidIr - ok
18:02:28.0981 5232 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:02:28.0984 5232 hidserv - ok
18:02:29.0046 5232 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:02:29.0100 5232 HidUsb - ok
18:02:29.0156 5232 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:02:29.0203 5232 hkmsvc - ok
18:02:29.0290 5232 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:02:29.0292 5232 HpCISSs - ok
18:02:29.0679 5232 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:02:29.0685 5232 hpqcxs08 - ok
18:02:29.0723 5232 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:02:29.0726 5232 hpqddsvc - ok
18:02:29.0779 5232 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:02:29.0833 5232 HPSLPSVC - ok
18:02:30.0152 5232 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:02:30.0363 5232 HTCAND32 - ok
18:02:30.0790 5232 [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
18:02:30.0792 5232 htcnprot - ok
18:02:30.0978 5232 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:02:30.0990 5232 HTTP - ok
18:02:31.0354 5232 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:02:31.0499 5232 i2omp - ok
18:02:31.0592 5232 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:02:31.0594 5232 i8042prt - ok
18:02:32.0365 5232 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:02:32.0389 5232 IAANTMON - ok
18:02:32.0450 5232 [ 92B37E0A61CD710A0C66DC3567A8BF3C ] iaNvStor C:\Windows\system32\drivers\ianvstor.sys
18:02:32.0456 5232 iaNvStor - ok
18:02:32.0905 5232 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
18:02:32.0910 5232 iaStor - ok
18:02:32.0962 5232 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:02:32.0969 5232 iaStorV - ok
18:02:33.0564 5232 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:02:34.0662 5232 IDriverT - ok
18:02:35.0718 5232 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:02:36.0564 5232 idsvc - ok
18:02:36.0695 5232 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:02:36.0697 5232 iirsp - ok
18:02:36.0783 5232 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:02:36.0793 5232 IKEEXT - ok
18:02:36.0839 5232 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:02:36.0840 5232 intelide - ok
18:02:36.0880 5232 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:02:36.0881 5232 intelppm - ok
18:02:36.0978 5232 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:02:36.0982 5232 IPBusEnum - ok
18:02:37.0025 5232 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:37.0027 5232 IpFilterDriver - ok
18:02:37.0243 5232 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:02:37.0288 5232 iphlpsvc - ok
18:02:37.0295 5232 IpInIp - ok
18:02:37.0380 5232 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:02:37.0382 5232 IPMIDRV - ok
18:02:37.0489 5232 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:02:38.0001 5232 IPNAT - ok
18:02:40.0364 5232 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:02:41.0152 5232 iPod Service - ok
18:02:41.0290 5232 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:02:41.0292 5232 IRENUM - ok
18:02:41.0346 5232 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:02:41.0348 5232 isapnp - ok
18:02:41.0380 5232 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:02:41.0384 5232 iScsiPrt - ok
18:02:41.0414 5232 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:02:41.0416 5232 iteatapi - ok
18:02:41.0639 5232 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:02:41.0639 5232 iteraid - ok
18:02:41.0700 5232 IUNS - ok
18:02:41.0827 5232 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:41.0828 5232 kbdclass - ok
18:02:41.0907 5232 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:41.0909 5232 kbdhid - ok
18:02:42.0106 5232 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
18:02:42.0108 5232 KeyIso - ok
18:02:42.0349 5232 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:02:42.0437 5232 KSecDD - ok
18:02:42.0487 5232 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:02:42.0496 5232 KtmRm - ok
18:02:42.0822 5232 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:02:42.0828 5232 LanmanServer - ok
18:02:43.0192 5232 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:02:43.0199 5232 LanmanWorkstation - ok
18:02:43.0263 5232 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:02:43.0264 5232 lltdio - ok
18:02:43.0342 5232 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:02:43.0348 5232 lltdsvc - ok
18:02:43.0384 5232 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:02:43.0387 5232 lmhosts - ok
18:02:43.0621 5232 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:02:43.0714 5232 LSI_FC - ok
18:02:43.0789 5232 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:02:43.0792 5232 LSI_SAS - ok
18:02:43.0895 5232 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:02:43.0897 5232 LSI_SCSI - ok
18:02:43.0942 5232 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:02:43.0944 5232 luafv - ok
18:02:43.0998 5232 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
18:02:43.0999 5232 LUsbFilt - ok
18:02:44.0083 5232 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:02:44.0084 5232 MBAMProtector - ok
18:02:44.0471 5232 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:02:44.0493 5232 MBAMService - ok
18:02:44.0759 5232 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:02:44.0794 5232 Mcx2Svc - ok
18:02:44.0972 5232 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:02:45.0014 5232 megasas - ok
18:02:45.0060 5232 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:02:45.0068 5232 MegaSR - ok
18:02:45.0461 5232 [ 671A03CA9CD0259CCBB7B78A9CE234EC ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
18:02:45.0462 5232 MemeoBackgroundService - ok
18:02:45.0641 5232 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:02:45.0645 5232 MMCSS - ok
18:02:45.0766 5232 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:02:45.0767 5232 Modem - ok
18:02:45.0898 5232 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:02:45.0900 5232 monitor - ok
18:02:45.0930 5232 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:02:45.0931 5232 mouclass - ok
18:02:45.0961 5232 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:02:45.0963 5232 mouhid - ok
18:02:45.0977 5232 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:02:45.0979 5232 MountMgr - ok
18:02:46.0492 5232 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:02:47.0004 5232 MozillaMaintenance - ok
18:02:47.0841 5232 [ DFA1CD670EA50A21C87C92C727C50950 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:02:47.0843 5232 MpFilter - ok
18:02:48.0006 5232 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:02:48.0318 5232 mpio - ok
18:02:48.0903 5232 [ 77075A384A94B83E19D78EFBCF8A832E ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
18:02:48.0905 5232 MpNWMon - ok
18:02:49.0068 5232 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:02:49.0071 5232 mpsdrv - ok
18:02:49.0505 5232 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:02:49.0507 5232 Mraid35x - ok
18:02:49.0906 5232 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:02:49.0910 5232 MRxDAV - ok
18:02:49.0954 5232 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:49.0957 5232 mrxsmb - ok
18:02:50.0063 5232 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:50.0063 5232 mrxsmb10 - ok
18:02:50.0120 5232 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:50.0124 5232 mrxsmb20 - ok
18:02:50.0182 5232 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:02:50.0185 5232 msahci - ok
18:02:50.0376 5232 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:02:50.0380 5232 msdsm - ok
18:02:50.0446 5232 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:02:50.0452 5232 MSDTC - ok
18:02:50.0794 5232 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:02:50.0796 5232 Msfs - ok
18:02:50.0836 5232 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:02:50.0838 5232 msisadrv - ok
18:02:50.0879 5232 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:02:50.0886 5232 MSiSCSI - ok
18:02:50.0897 5232 msiserver - ok
18:02:50.0958 5232 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:02:51.0036 5232 MSKSSRV - ok
18:02:51.0209 5232 [ FBE736AF381983A1D4ADBBF1FACF6976 ] MsMpSvc c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
18:02:51.0210 5232 MsMpSvc - ok
18:02:51.0403 5232 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:51.0405 5232 MSPCLOCK - ok
18:02:51.0471 5232 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:02:51.0473 5232 MSPQM - ok
18:02:51.0859 5232 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:02:51.0863 5232 MsRPC - ok
18:02:51.0913 5232 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:02:51.0915 5232 mssmbios - ok
18:02:51.0951 5232 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:02:52.0024 5232 MSTEE - ok
18:02:52.0137 5232 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:02:52.0137 5232 Mup - ok
18:02:52.0366 5232 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:02:52.0555 5232 napagent - ok
18:02:52.0710 5232 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:02:52.0713 5232 NativeWifiP - ok
18:02:52.0775 5232 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:02:52.0830 5232 NDIS - ok
18:02:52.0934 5232 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:52.0935 5232 NdisTapi - ok
18:02:52.0998 5232 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:52.0999 5232 Ndisuio - ok
18:02:53.0061 5232 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:53.0064 5232 NdisWan - ok
18:02:53.0289 5232 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:02:53.0292 5232 NDProxy - ok
18:02:53.0336 5232 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:02:53.0340 5232 Net Driver HPZ12 - ok
18:02:53.0380 5232 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:02:53.0845 5232 NetBIOS - ok
18:02:53.0932 5232 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:02:54.0274 5232 netbt - ok
18:02:54.0312 5232 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
18:02:54.0386 5232 Netlogon - ok
18:02:54.0479 5232 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:02:54.0490 5232 Netman - ok
18:02:54.0611 5232 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:02:54.0620 5232 netprofm - ok
18:02:54.0868 5232 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:02:54.0873 5232 NetTcpPortSharing - ok
18:02:55.0174 5232 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:02:55.0176 5232 nfrd960 - ok
18:02:55.0239 5232 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:02:55.0239 5232 NlaSvc - ok
18:02:55.0465 5232 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:02:55.0467 5232 Npfs - ok
18:02:55.0796 5232 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:02:55.0801 5232 nsi - ok
18:02:55.0993 5232 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:02:55.0995 5232 nsiproxy - ok
18:02:56.0116 5232 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:02:56.0311 5232 Ntfs - ok
18:02:56.0536 5232 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:02:56.0538 5232 ntrigdigi - ok
18:02:56.0736 5232 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:02:56.0737 5232 Null - ok
18:02:58.0080 5232 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:02:58.0191 5232 nvlddmkm - ok
18:02:58.0338 5232 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:02:58.0379 5232 nvraid - ok
18:02:58.0495 5232 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:02:58.0523 5232 nvstor - ok
18:02:58.0710 5232 [ DED8F2C0070478F13C37F7BD849B83FA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:02:58.0717 5232 nvsvc - ok
18:02:59.0292 5232 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:02:59.0336 5232 nv_agp - ok
18:02:59.0342 5232 NwlnkFlt - ok
18:02:59.0351 5232 NwlnkFwd - ok
18:03:00.0566 5232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:03:01.0335 5232 odserv - ok
18:03:01.0479 5232 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
18:03:01.0484 5232 OEM02Dev - ok
18:03:01.0555 5232 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
18:03:01.0555 5232 OEM02Vfx - ok
18:03:01.0738 5232 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:03:01.0739 5232 ohci1394 - ok
18:03:02.0491 5232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:03:02.0975 5232 ose - ok
18:03:03.0348 5232 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:03:03.0482 5232 p2pimsvc - ok
18:03:03.0548 5232 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:03:03.0563 5232 p2psvc - ok
18:03:03.0632 5232 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:03:03.0632 5232 Parport - ok
18:03:03.0809 5232 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:03:03.0810 5232 partmgr - ok
18:03:03.0869 5232 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:03:03.0872 5232 Parvdm - ok
18:03:03.0955 5232 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
18:03:03.0958 5232 PassThru Service - ok
18:03:04.0027 5232 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:03:04.0032 5232 PcaSvc - ok
18:03:04.0287 5232 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:03:04.0292 5232 pci - ok
18:03:04.0447 5232 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:03:04.0448 5232 pciide - ok
18:03:04.0530 5232 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:03:04.0536 5232 pcmcia - ok
18:03:04.0755 5232 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:03:04.0789 5232 PEAUTH - ok
18:03:04.0889 5232 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:03:04.0966 5232 pla - ok
18:03:05.0106 5232 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:03:05.0114 5232 PlugPlay - ok
18:03:05.0196 5232 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:03:05.0198 5232 Pml Driver HPZ12 - ok
18:03:05.0291 5232 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:03:05.0300 5232 PNRPAutoReg - ok
18:03:05.0347 5232 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:03:05.0355 5232 PNRPsvc - ok
18:03:05.0431 5232 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:03:05.0440 5232 PolicyAgent - ok
18:03:05.0539 5232 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:03:05.0541 5232 PptpMiniport - ok
18:03:05.0605 5232 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:03:05.0608 5232 Processor - ok
18:03:05.0732 5232 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:03:05.0737 5232 ProfSvc - ok
18:03:05.0831 5232 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:03:05.0834 5232 ProtectedStorage - ok
18:03:05.0870 5232 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:03:05.0872 5232 PSched - ok
18:03:05.0935 5232 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:03:05.0936 5232 PxHelp20 - ok
18:03:06.0055 5232 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:03:06.0100 5232 ql2300 - ok
18:03:06.0418 5232 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:03:06.0421 5232 ql40xx - ok
18:03:06.0464 5232 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:03:06.0472 5232 QWAVE - ok
18:03:06.0511 5232 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:03:06.0512 5232 QWAVEdrv - ok
18:03:06.0933 5232 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:03:07.0101 5232 R300 - ok
18:03:07.0219 5232 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:03:07.0220 5232 RasAcd - ok
18:03:07.0304 5232 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:03:07.0309 5232 RasAuto - ok
18:03:07.0419 5232 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:03:07.0421 5232 Rasl2tp - ok
18:03:07.0523 5232 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:03:07.0531 5232 RasMan - ok
18:03:07.0583 5232 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:03:07.0585 5232 RasPppoe - ok
18:03:07.0674 5232 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:03:07.0696 5232 RasSstp - ok
18:03:07.0809 5232 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:03:07.0809 5232 rdbss - ok
18:03:07.0902 5232 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:03:07.0903 5232 RDPCDD - ok
18:03:07.0933 5232 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:03:07.0939 5232 rdpdr - ok
18:03:07.0991 5232 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:03:07.0992 5232 RDPENCDD - ok
18:03:08.0366 5232 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:03:08.0746 5232 RDPWD - ok
18:03:08.0976 5232 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:03:08.0981 5232 RemoteAccess - ok
18:03:09.0025 5232 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:03:09.0032 5232 RemoteRegistry - ok
18:03:09.0088 5232 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:03:09.0093 5232 RFCOMM - ok
18:03:09.0144 5232 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:03:09.0146 5232 rimmptsk - ok
18:03:09.0325 5232 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:03:09.0328 5232 rimsptsk - ok
18:03:09.0389 5232 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:03:09.0392 5232 rismxdp - ok
18:03:09.0655 5232 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:03:09.0767 5232 RpcLocator - ok
18:03:09.0968 5232 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:03:09.0981 5232 RpcSs - ok
18:03:10.0050 5232 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:03:10.0052 5232 rspndr - ok
18:03:10.0089 5232 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
18:03:10.0092 5232 SamSs - ok
18:03:10.0431 5232 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:03:10.0914 5232 sbp2port - ok
18:03:11.0110 5232 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:03:11.0117 5232 SCardSvr - ok
18:03:11.0789 5232 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:03:11.0809 5232 Schedule - ok
18:03:11.0851 5232 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:03:11.0852 5232 SCPolicySvc - ok
18:03:11.0896 5232 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:03:11.0898 5232 sdbus - ok
18:03:11.0977 5232 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:03:11.0993 5232 SDRSVC - ok
18:03:12.0110 5232 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:03:12.0112 5232 secdrv - ok
18:03:12.0275 5232 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:03:12.0453 5232 seclogon - ok
18:03:12.0644 5232 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:03:12.0647 5232 SENS - ok
18:03:12.0675 5232 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:03:12.0690 5232 Serenum - ok
18:03:12.0831 5232 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:03:12.0858 5232 Serial - ok
18:03:12.0966 5232 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:03:13.0024 5232 sermouse - ok
18:03:13.0050 5232 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:03:13.0055 5232 SessionEnv - ok
18:03:13.0073 5232 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:03:13.0075 5232 sffdisk - ok
18:03:13.0187 5232 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:03:13.0189 5232 sffp_mmc - ok
18:03:13.0216 5232 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:03:13.0327 5232 sffp_sd - ok
18:03:13.0389 5232 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:03:13.0634 5232 sfloppy - ok
18:03:13.0784 5232 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:03:13.0792 5232 ShellHWDetection - ok
18:03:14.0074 5232 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:03:14.0075 5232 sisagp - ok
18:03:14.0153 5232 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:03:14.0180 5232 SiSRaid2 - ok
18:03:14.0208 5232 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:03:14.0211 5232 SiSRaid4 - ok
18:03:14.0661 5232 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:03:14.0817 5232 slsvc - ok
18:03:15.0008 5232 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:03:15.0033 5232 SLUINotify - ok
18:03:15.0355 5232 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:03:15.0478 5232 Smb - ok
18:03:15.0932 5232 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:03:16.0077 5232 SNMPTRAP - ok
18:03:16.0567 5232 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:03:16.0569 5232 spldr - ok
18:03:16.0950 5232 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:03:16.0957 5232 Spooler - ok
18:03:17.0288 5232 sprtsvc_dellsupportcenter - ok
18:03:17.0700 5232 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:03:17.0890 5232 srv - ok
18:03:17.0921 5232 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:03:17.0925 5232 srv2 - ok
18:03:18.0002 5232 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:03:18.0005 5232 srvnet - ok
18:03:18.0077 5232 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:03:18.0083 5232 SSDPSRV - ok
18:03:18.0196 5232 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:03:18.0202 5232 SstpSvc - ok
18:03:18.0265 5232 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
18:03:18.0317 5232 STacSV - ok
18:03:18.0530 5232 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
18:03:18.0538 5232 STHDA - ok
18:03:18.0606 5232 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:03:18.0608 5232 StillCam - ok
18:03:18.0670 5232 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:03:18.0772 5232 stisvc - ok
18:03:18.0955 5232 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:03:19.0144 5232 stllssvr - ok
18:03:19.0205 5232 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:03:19.0206 5232 swenum - ok
18:03:19.0379 5232 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:03:19.0468 5232 swprv - ok
18:03:19.0529 5232 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:03:19.0532 5232 Symc8xx - ok
18:03:19.0557 5232 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:03:19.0560 5232 Sym_hi - ok
18:03:19.0695 5232 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:03:19.0784 5232 Sym_u3 - ok
18:03:19.0865 5232 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:03:19.0879 5232 SysMain - ok
18:03:19.0927 5232 [ 5F5D2CA8D3E15B183E6BDF59C370B39A ] t3 C:\Windows\system32\drivers\t3.sys
18:03:19.0932 5232 t3 - ok
18:03:19.0983 5232 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:03:19.0990 5232 TabletInputService - ok
18:03:20.0073 5232 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:03:20.0082 5232 TapiSrv - ok
18:03:20.0155 5232 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:03:20.0160 5232 TBS - ok
18:03:20.0451 5232 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:03:20.0465 5232 Tcpip - ok
18:03:20.0563 5232 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:03:20.0576 5232 Tcpip6 - ok
18:03:20.0722 5232 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:03:20.0724 5232 tcpipreg - ok
18:03:20.0774 5232 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
18:03:20.0776 5232 TcUsb - ok
18:03:20.0895 5232 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:03:20.0898 5232 TDPIPE - ok
18:03:20.0929 5232 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:03:20.0931 5232 TDTCP - ok
18:03:20.0990 5232 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:03:20.0992 5232 tdx - ok
18:03:21.0009 5232 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:03:21.0010 5232 TermDD - ok
18:03:21.0072 5232 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:03:21.0095 5232 TermService - ok
18:03:21.0169 5232 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:03:21.0178 5232 Themes - ok
18:03:21.0376 5232 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:03:21.0380 5232 THREADORDER - ok
18:03:21.0451 5232 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:03:21.0467 5232 TrkWks - ok
18:03:21.0580 5232 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:03:21.0582 5232 TrustedInstaller - ok
18:03:21.0761 5232 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:03:21.0764 5232 tssecsrv - ok
18:03:21.0835 5232 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:03:21.0837 5232 tunmp - ok
18:03:21.0887 5232 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:03:21.0889 5232 tunnel - ok
18:03:21.0934 5232 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:03:21.0938 5232 uagp35 - ok
18:03:22.0176 5232 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:03:22.0205 5232 udfs - ok
18:03:22.0330 5232 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:03:22.0375 5232 UI0Detect - ok
18:03:22.0637 5232 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:03:22.0693 5232 uliagpkx - ok
18:03:22.0747 5232 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:03:22.0755 5232 uliahci - ok
18:03:22.0830 5232 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:03:22.0835 5232 UlSata - ok
18:03:22.0947 5232 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:03:22.0952 5232 ulsata2 - ok
18:03:22.0983 5232 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:03:22.0986 5232 umbus - ok
18:03:23.0045 5232 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:03:23.0055 5232 upnphost - ok
18:03:23.0206 5232 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:03:23.0210 5232 USBAAPL - ok
18:03:23.0434 5232 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:03:23.0550 5232 usbaudio - ok
18:03:23.0575 5232 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:03:23.0579 5232 usbccgp - ok
18:03:23.0633 5232 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:03:23.0637 5232 usbcir - ok
18:03:23.0682 5232 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:03:23.0699 5232 usbehci - ok
18:03:23.0747 5232 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:03:23.0756 5232 usbhub - ok
18:03:23.0836 5232 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:03:23.0838 5232 usbohci - ok
18:03:23.0952 5232 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:03:24.0063 5232 usbprint - ok
18:03:24.0181 5232 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:03:24.0515 5232 usbscan - ok
18:03:24.0625 5232 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:24.0625 5232 USBSTOR - ok
18:03:24.0764 5232 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:03:24.0766 5232 usbuhci - ok
18:03:24.0861 5232 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:03:24.0866 5232 usbvideo - ok
18:03:24.0936 5232 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:03:24.0944 5232 UxSms - ok
18:03:24.0980 5232 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:03:24.0991 5232 vds - ok
18:03:25.0084 5232 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:25.0087 5232 vga - ok
18:03:25.0149 5232 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:03:25.0151 5232 VgaSave - ok
18:03:25.0224 5232 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:03:25.0227 5232 viaagp - ok
18:03:25.0259 5232 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:03:25.0370 5232 ViaC7 - ok
18:03:25.0443 5232 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:03:25.0445 5232 viaide - ok
18:03:25.0492 5232 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:03:25.0493 5232 volmgr - ok
18:03:25.0578 5232 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:03:25.0584 5232 volmgrx - ok
18:03:25.0680 5232 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:03:25.0712 5232 volsnap - ok
18:03:25.0772 5232 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:03:25.0776 5232 vsmraid - ok
18:03:25.0926 5232 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:03:26.0042 5232 VSS - ok
18:03:26.0182 5232 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:03:26.0205 5232 W32Time - ok
18:03:26.0270 5232 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:03:26.0404 5232 WacomPen - ok
18:03:26.0508 5232 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:03:26.0511 5232 Wanarp - ok
18:03:26.0519 5232 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:03:26.0521 5232 Wanarpv6 - ok
18:03:26.0624 5232 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:03:26.0698 5232 wcncsvc - ok
18:03:26.0769 5232 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:03:26.0776 5232 WcsPlugInService - ok
18:03:26.0810 5232 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:03:26.0812 5232 Wd - ok
18:03:26.0917 5232 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:03:26.0941 5232 Wdf01000 - ok
18:03:26.0981 5232 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:03:26.0989 5232 WdiServiceHost - ok
18:03:26.0996 5232 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:03:27.0005 5232 WdiSystemHost - ok
18:03:27.0074 5232 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:03:27.0085 5232 WebClient - ok
18:03:27.0145 5232 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:03:27.0152 5232 Wecsvc - ok
18:03:27.0183 5232 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:03:27.0188 5232 wercplsupport - ok
18:03:27.0260 5232 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:03:27.0267 5232 WerSvc - ok
18:03:27.0441 5232 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:03:27.0447 5232 WinDefend - ok
18:03:27.0510 5232 WinHttpAutoProxySvc - ok
18:03:27.0838 5232 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:03:27.0842 5232 Winmgmt - ok
18:03:27.0909 5232 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:03:27.0965 5232 WinRM - ok
18:03:28.0075 5232 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:03:28.0141 5232 Wlansvc - ok
18:03:28.0337 5232 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:03:28.0615 5232 WLSetupSvc - ok
18:03:28.0624 5232 wltrysvc - ok
18:03:28.0693 5232 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:03:28.0695 5232 WmiAcpi - ok
18:03:28.0862 5232 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:03:28.0867 5232 wmiApSrv - ok
18:03:28.0987 5232 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:03:29.0021 5232 WMPNetworkSvc - ok
18:03:29.0155 5232 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:03:29.0166 5232 WPCSvc - ok
18:03:29.0206 5232 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:03:29.0217 5232 WPDBusEnum - ok
18:03:29.0315 5232 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:03:29.0415 5232 WpdUsb - ok
18:03:29.0755 5232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:03:29.0834 5232 WPFFontCache_v0400 - ok
18:03:29.0872 5232 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:03:29.0874 5232 ws2ifsl - ok
18:03:29.0955 5232 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:03:29.0964 5232 wscsvc - ok
18:03:29.0973 5232 WSearch - ok
18:03:30.0122 5232 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:30.0127 5232 WUDFRd - ok
18:03:30.0253 5232 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:03:30.0262 5232 wudfsvc - ok
18:03:30.0411 5232 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:03:30.0445 5232 yukonwlh - ok
18:03:30.0496 5232 ================ Scan global ===============================
18:03:30.0935 5232 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:03:30.0973 5232 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
18:03:31.0036 5232 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
18:03:31.0151 5232 [ 8737764F4FD36D6808EE80578409C843 ] C:\Windows\system32\services.exe
18:03:31.0160 5232 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - infected
18:03:31.0160 5232 C:\Windows\system32\services.exe - detected Virus.Win32.ZAccess.m (0)
18:03:31.0160 5232 ================ Scan MBR ==================================
18:03:31.0193 5232 [ 4BF077B4DF3F4F5483A79D4CE511C7F3 ] \Device\Harddisk0\DR0
18:03:31.0225 5232 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:03:31.0441 5232 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:03:31.0442 5232 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:03:31.0442 5232 ================ Scan VBR ==================================
18:03:31.0551 5232 [ 64549E90AEF6E4817ACA0FCA51A738FD ] \Device\Harddisk0\DR0\Partition1
18:03:31.0553 5232 \Device\Harddisk0\DR0\Partition1 - ok
18:03:31.0560 5232 [ 4CCD079EA77729AA5A96A67E12ECCF8A ] \Device\Harddisk0\DR0\Partition2
18:03:31.0564 5232 \Device\Harddisk0\DR0\Partition2 - ok
18:03:31.0567 5232 ============================================================
18:03:31.0567 5232 Scan finished
18:03:31.0567 5232 ============================================================
18:03:31.0689 5212 Detected object count: 2
18:03:31.0689 5212 Actual detected object count: 2
18:03:55.0480 5212 C:\Windows\system32\services.exe - copied to quarantine
18:04:02.0796 5212 C:\Windows\assembly\GAC\desktop.ini - copied to quarantine
18:04:03.0107 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\@ - copied to quarantine
18:04:03.0142 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\00000004.@ - copied to quarantine
18:04:03.0275 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\1afb2d56 - copied to quarantine
18:04:03.0366 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\201d3dde - copied to quarantine
18:04:03.0482 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\n - copied to quarantine
18:04:03.0484 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\00000004.@ - copied to quarantine
18:04:03.0487 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\00000008.@ - copied to quarantine
18:04:03.0491 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\000000cb.@ - copied to quarantine
18:04:03.0494 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\80000000.@ - copied to quarantine
18:04:03.0546 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\80000032.@ - copied to quarantine
18:04:48.0407 5212 Backup copy found, using it..
18:04:48.0675 5212 C:\Windows\assembly\GAC\desktop.ini - will be deleted on reboot
18:04:48.0805 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\@ - will be deleted on reboot
18:04:48.0839 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\n - will be deleted on reboot
18:04:48.0840 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\00000004.@ - will be deleted on reboot
18:04:48.0841 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\00000008.@ - will be deleted on reboot
18:04:48.0841 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\000000cb.@ - will be deleted on reboot
18:04:48.0841 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\80000000.@ - will be deleted on reboot
18:04:48.0842 5212 C:\Windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U\80000032.@ - will be deleted on reboot
18:04:48.0861 5212 C:\Windows\system32\services.exe - will be cured on reboot
18:04:48.0861 5212 C:\Windows\system32\services.exe ( Virus.Win32.ZAccess.m ) - User select action: Cure
18:04:52.0844 5212 \Device\Harddisk0\DR0\# - copied to quarantine
18:04:52.0889 5212 \Device\Harddisk0\DR0 - copied to quarantine
18:04:53.0063 5212 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:04:53.0065 5212 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:04:53.0080 5212 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:04:53.0083 5212 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:04:53.0086 5212 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:04:53.0089 5212 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:04:53.0112 5212 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:04:53.0119 5212 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
18:04:54.0011 5212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:04:54.0175 5212 \Device\Harddisk0\DR0 - ok
18:04:54.0186 5212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:04:57.0235 5744 Deinitialize success


_______________________________________________________________________________________________
Second:

18:07:41.0453 4044 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
18:07:41.0936 4044 ============================================================
18:07:41.0936 4044 Current date / time: 2012/08/21 18:07:41.0936
18:07:41.0936 4044 SystemInfo:
18:07:41.0936 4044
18:07:41.0936 4044 OS Version: 6.0.6002 ServicePack: 2.0
18:07:41.0936 4044 Product type: Workstation
18:07:41.0936 4044 ComputerName: BILL-PC
18:07:41.0952 4044 UserName: Bill
18:07:41.0952 4044 Windows directory: C:\Windows
18:07:41.0952 4044 System windows directory: C:\Windows
18:07:41.0952 4044 Processor architecture: Intel x86
18:07:41.0952 4044 Number of processors: 2
18:07:41.0952 4044 Page size: 0x1000
18:07:41.0952 4044 Boot type: Normal boot
18:07:41.0952 4044 ============================================================
18:07:44.0540 4044 BG loaded
18:07:45.0754 4044 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:07:45.0769 4044 ============================================================
18:07:45.0769 4044 \Device\Harddisk0\DR0:
18:07:45.0769 4044 MBR partitions:
18:07:45.0769 4044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
18:07:45.0769 4044 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
18:07:45.0785 4044 ============================================================
18:07:45.0925 4044 C: <-> \Device\Harddisk0\DR0\Partition2
18:07:46.0003 4044 D: <-> \Device\Harddisk0\DR0\Partition1
18:07:46.0003 4044 ============================================================
18:07:46.0003 4044 Initialize success
18:07:46.0003 4044 ============================================================
18:07:48.0640 1164 ============================================================
18:07:48.0640 1164 Scan started
18:07:48.0640 1164 Mode: Manual;
18:07:48.0640 1164 ============================================================
18:07:51.0073 1164 ================ Scan system memory ========================
18:07:51.0073 1164 System memory - ok
18:07:51.0073 1164 ================ Scan services =============================
18:07:51.0900 1164 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:07:51.0900 1164 ACPI - ok
18:07:51.0931 1164 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\Windows\system32\drivers\adfs.sys
18:07:51.0947 1164 adfs - ok
18:07:52.0150 1164 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:56.0065 1164 AdobeFlashPlayerUpdateSvc - ok
18:07:56.0674 1164 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:07:56.0830 1164 adp94xx - ok
18:07:57.0001 1164 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:07:57.0095 1164 adpahci - ok
18:07:57.0376 1164 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:07:57.0703 1164 adpu160m - ok
18:07:58.0031 1164 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:07:58.0078 1164 adpu320 - ok
18:07:58.0109 1164 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:07:58.0109 1164 AeLookupSvc - ok
18:07:58.0265 1164 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
18:07:58.0280 1164 AESTFilters - ok
18:07:58.0421 1164 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:07:58.0421 1164 AFD - ok
18:07:58.0483 1164 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:07:58.0483 1164 agp440 - ok
18:07:59.0076 1164 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:07:59.0201 1164 aic78xx - ok
18:07:59.0310 1164 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:07:59.0310 1164 ALG - ok
18:07:59.0950 1164 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:07:59.0965 1164 aliide - ok
18:08:00.0745 1164 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:08:01.0198 1164 amdagp - ok
18:08:01.0229 1164 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:08:01.0229 1164 amdide - ok
18:08:01.0369 1164 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:08:02.0102 1164 AmdK7 - ok
18:08:02.0290 1164 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:08:02.0414 1164 AmdK8 - ok
18:08:02.0586 1164 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
18:08:02.0586 1164 ApfiltrService - ok
18:08:02.0664 1164 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:08:02.0664 1164 Appinfo - ok
18:08:03.0896 1164 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:08:03.0896 1164 Apple Mobile Device - ok
18:08:04.0349 1164 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:08:05.0176 1164 arc - ok
18:08:05.0191 1164 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:08:05.0207 1164 arcsas - ok
18:08:06.0112 1164 [ EB7319DA35FFF406C2AFD912F8268F4C ] AresChatServer C:\Program Files\Ares\chatServer.exe
18:08:06.0158 1164 AresChatServer - ok
18:08:06.0424 1164 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:08:06.0424 1164 AsyncMac - ok
18:08:06.0486 1164 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:08:06.0486 1164 atapi - ok
18:08:06.0720 1164 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:08:18.0560 1164 AudioEndpointBuilder - ok
18:08:18.0654 1164 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:08:18.0670 1164 Audiosrv - ok
18:08:18.0670 1164 AVGIDSDriver - ok
18:08:18.0701 1164 AVGIDSFilter - ok
18:08:18.0997 1164 AVGIDSHX - ok
18:08:18.0997 1164 AVGIDSShim - ok
18:08:19.0028 1164 BCM42RLY - ok
18:08:19.0216 1164 [ CDF7F28FFD693B1B4137845DD1EF1CCC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
18:08:19.0684 1164 BCM43XX - ok
18:08:19.0855 1164 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:08:20.0152 1164 Beep - ok
18:08:20.0635 1164 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:08:20.0963 1164 BFE - ok
18:08:21.0181 1164 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:08:21.0868 1164 blbdrive - ok
18:08:22.0445 1164 [ EB4DBD440B3B7138A5F16808D9DEE638 ] BNPagent C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
18:08:22.0460 1164 BNPagent - ok
18:08:22.0616 1164 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:08:22.0616 1164 Bonjour Service - ok
18:08:22.0679 1164 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:08:22.0679 1164 bowser - ok
18:08:22.0726 1164 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:08:23.0303 1164 BrFiltLo - ok
18:08:23.0537 1164 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:08:23.0599 1164 BrFiltUp - ok
18:08:23.0802 1164 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:08:23.0802 1164 Browser - ok
18:08:23.0942 1164 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:08:24.0005 1164 Brserid - ok
18:08:24.0130 1164 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:08:24.0176 1164 BrSerWdm - ok
18:08:24.0301 1164 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:08:24.0301 1164 BrUsbMdm - ok
18:08:24.0348 1164 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:08:24.0348 1164 BrUsbSer - ok
18:08:24.0410 1164 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:08:24.0410 1164 BthEnum - ok
18:08:24.0488 1164 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:08:24.0488 1164 BTHMODEM - ok
18:08:24.0520 1164 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:08:24.0520 1164 BthPan - ok
18:08:24.0582 1164 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:08:24.0613 1164 BTHPORT - ok
18:08:24.0707 1164 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:08:24.0707 1164 BthServ - ok
18:08:24.0800 1164 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:08:24.0800 1164 BTHUSB - ok
18:08:24.0832 1164 [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:08:24.0832 1164 btwaudio - ok
18:08:24.0847 1164 [ 5FFDE57253D665067B0886612817EB11 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:08:24.0847 1164 btwavdt - ok
18:08:24.0878 1164 [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:08:24.0894 1164 btwrchid - ok
18:08:24.0972 1164 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
18:08:24.0972 1164 BVRPMPR5 - ok
18:08:25.0003 1164 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:08:25.0019 1164 cdfs - ok
18:08:25.0050 1164 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:08:25.0050 1164 cdrom - ok
18:08:25.0128 1164 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:08:25.0128 1164 CertPropSvc - ok
18:08:25.0159 1164 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
18:08:25.0159 1164 circlass - ok
18:08:25.0253 1164 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:08:25.0253 1164 CLFS - ok
18:08:25.0346 1164 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:08:25.0346 1164 clr_optimization_v2.0.50727_32 - ok
18:08:25.0424 1164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:08:25.0627 1164 clr_optimization_v4.0.30319_32 - ok
18:08:25.0674 1164 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:08:25.0674 1164 CmBatt - ok
18:08:25.0721 1164 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:08:25.0721 1164 cmdide - ok
18:08:25.0752 1164 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:08:25.0768 1164 Compbatt - ok
18:08:25.0768 1164 COMSysApp - ok
18:08:25.0799 1164 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:08:25.0799 1164 crcdisk - ok
18:08:25.0955 1164 [ 86A591677C54FF0C12290B3292202530 ] Creative ALchemy AL1 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
18:08:25.0955 1164 Creative ALchemy AL1 Licensing Service - ok
18:08:26.0017 1164 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:08:26.0017 1164 Creative Audio Engine Licensing Service - ok
18:08:26.0064 1164 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:08:26.0064 1164 Crusoe - ok
18:08:26.0111 1164 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:08:26.0111 1164 CryptSvc - ok
18:08:26.0189 1164 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
18:08:26.0189 1164 CTAudSvcService - ok
18:08:26.0282 1164 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:08:26.0298 1164 DcomLaunch - ok
18:08:26.0392 1164 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:08:26.0392 1164 DfsC - ok
18:08:26.0501 1164 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:08:26.0657 1164 DFSR - ok
18:08:26.0797 1164 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:08:26.0797 1164 Dhcp - ok
18:08:26.0953 1164 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:08:26.0953 1164 disk - ok
18:08:26.0969 1164 dlcx_device - ok
18:08:27.0016 1164 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:08:27.0016 1164 Dnscache - ok
18:08:27.0047 1164 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:08:27.0047 1164 dot3svc - ok
18:08:27.0125 1164 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:08:27.0125 1164 Dot4 - ok
18:08:27.0156 1164 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:08:27.0156 1164 Dot4Print - ok
18:08:27.0218 1164 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:08:27.0218 1164 dot4usb - ok
18:08:27.0281 1164 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:08:27.0281 1164 DPS - ok
18:08:27.0312 1164 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:08:27.0312 1164 drmkaud - ok
18:08:27.0359 1164 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
18:08:27.0515 1164 DSBrokerService - ok
18:08:27.0624 1164 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
18:08:27.0967 1164 DSproct - ok
18:08:28.0030 1164 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
18:08:28.0030 1164 dsunidrv - ok
18:08:28.0264 1164 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:08:28.0264 1164 DXGKrnl - ok
18:08:28.0404 1164 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
18:08:28.0404 1164 e1express - ok
18:08:28.0451 1164 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:08:28.0451 1164 E1G60 - ok
18:08:28.0591 1164 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:08:28.0591 1164 EapHost - ok
18:08:28.0685 1164 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:08:28.0685 1164 Ecache - ok
18:08:28.0841 1164 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:08:28.0841 1164 ehRecvr - ok
18:08:28.0919 1164 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:08:28.0919 1164 ehSched - ok
18:08:28.0966 1164 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:08:28.0966 1164 ehstart - ok
18:08:29.0075 1164 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:08:29.0090 1164 elxstor - ok
18:08:29.0215 1164 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:08:29.0231 1164 EMDMgmt - ok
18:08:29.0262 1164 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:08:29.0262 1164 ErrDev - ok
18:08:29.0387 1164 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:08:29.0387 1164 EventSystem - ok
18:08:29.0496 1164 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:08:29.0496 1164 exfat - ok
18:08:29.0574 1164 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:08:29.0574 1164 fastfat - ok
18:08:29.0683 1164 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:08:29.0683 1164 fdc - ok
18:08:29.0730 1164 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:08:29.0730 1164 fdPHost - ok
18:08:29.0808 1164 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:08:29.0808 1164 FDResPub - ok
18:08:29.0886 1164 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:08:29.0886 1164 FileInfo - ok
18:08:29.0933 1164 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:08:29.0933 1164 Filetrace - ok
18:08:30.0042 1164 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:08:30.0073 1164 FLEXnet Licensing Service - ok
18:08:30.0416 1164 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:08:30.0432 1164 flpydisk - ok
18:08:30.0526 1164 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:08:30.0541 1164 FltMgr - ok
18:08:30.0697 1164 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:08:30.0853 1164 FontCache - ok
18:08:31.0009 1164 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:08:31.0009 1164 FontCache3.0.0.0 - ok
18:08:31.0103 1164 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:08:31.0103 1164 Fs_Rec - ok
18:08:31.0212 1164 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:08:31.0212 1164 gagp30kx - ok
18:08:31.0462 1164 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:08:31.0477 1164 GEARAspiWDM - ok
18:08:31.0571 1164 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:08:32.0647 1164 gpsvc - ok
18:08:33.0178 1164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:08:33.0178 1164 gupdate - ok
18:08:33.0287 1164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:08:33.0287 1164 gupdatem - ok
18:08:33.0334 1164 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:08:33.0380 1164 gusvc - ok
18:08:33.0427 1164 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:08:33.0427 1164 HdAudAddService - ok
18:08:33.0630 1164 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:08:33.0630 1164 HDAudBus - ok
18:08:33.0973 1164 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:08:34.0036 1164 HidBth - ok
18:08:34.0129 1164 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:08:34.0145 1164 HidIr - ok
18:08:34.0270 1164 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
18:08:34.0270 1164 hidserv - ok
18:08:34.0316 1164 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:08:34.0316 1164 HidUsb - ok
18:08:34.0394 1164 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:08:34.0394 1164 hkmsvc - ok
18:08:34.0457 1164 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:08:34.0457 1164 HpCISSs - ok
18:08:34.0644 1164 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:08:34.0660 1164 hpqcxs08 - ok
18:08:34.0675 1164 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:08:34.0691 1164 hpqddsvc - ok
18:08:34.0753 1164 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:08:34.0769 1164 HPSLPSVC - ok
18:08:34.0847 1164 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:08:34.0847 1164 HTCAND32 - ok
18:08:34.0894 1164 [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
18:08:34.0894 1164 htcnprot - ok
18:08:34.0987 1164 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:08:35.0003 1164 HTTP - ok
18:08:35.0081 1164 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:08:35.0923 1164 i2omp - ok
18:08:36.0017 1164 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:08:36.0017 1164 i8042prt - ok
18:08:36.0533 1164 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
18:08:36.0533 1164 IAANTMON - ok
18:08:36.0626 1164 [ 92B37E0A61CD710A0C66DC3567A8BF3C ] iaNvStor C:\Windows\system32\drivers\ianvstor.sys
18:08:37.0219 1164 iaNvStor - ok
18:08:37.0391 1164 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
18:08:37.0391 1164 iaStor - ok
18:08:37.0422 1164 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:08:37.0422 1164 iaStorV - ok
18:08:37.0765 1164 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:08:38.0015 1164 IDriverT - ok
18:08:38.0108 1164 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:08:38.0139 1164 idsvc - ok
18:08:38.0202 1164 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:08:38.0202 1164 iirsp - ok
18:08:38.0264 1164 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:08:38.0483 1164 IKEEXT - ok
18:08:38.0592 1164 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:08:38.0592 1164 intelide - ok
18:08:38.0607 1164 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:08:38.0623 1164 intelppm - ok
18:08:38.0717 1164 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:08:38.0717 1164 IPBusEnum - ok
18:08:38.0810 1164 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:08:38.0810 1164 IpFilterDriver - ok
18:08:38.0841 1164 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:08:38.0919 1164 iphlpsvc - ok
18:08:38.0935 1164 IpInIp - ok
18:08:39.0013 1164 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:08:39.0013 1164 IPMIDRV - ok
18:08:39.0107 1164 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:08:39.0107 1164 IPNAT - ok
18:08:39.0169 1164 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:08:39.0185 1164 iPod Service - ok
18:08:39.0216 1164 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:08:39.0216 1164 IRENUM - ok
18:08:39.0263 1164 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:08:39.0263 1164 isapnp - ok
18:08:39.0387 1164 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:08:39.0387 1164 iScsiPrt - ok
18:08:39.0434 1164 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:08:39.0434 1164 iteatapi - ok
18:08:39.0497 1164 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:08:39.0497 1164 iteraid - ok
18:08:39.0528 1164 IUNS - ok
18:08:39.0590 1164 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:08:39.0590 1164 kbdclass - ok
18:08:39.0637 1164 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:08:39.0637 1164 kbdhid - ok
18:08:39.0746 1164 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
18:08:39.0777 1164 KeyIso - ok
18:08:39.0809 1164 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:08:39.0855 1164 KSecDD - ok
18:08:39.0949 1164 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:08:39.0965 1164 KtmRm - ok
18:08:40.0027 1164 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
18:08:40.0027 1164 LanmanServer - ok
18:08:40.0121 1164 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:08:40.0121 1164 LanmanWorkstation - ok
18:08:40.0214 1164 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:08:40.0214 1164 lltdio - ok
18:08:40.0292 1164 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:08:40.0292 1164 lltdsvc - ok
18:08:40.0323 1164 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:08:40.0339 1164 lmhosts - ok
18:08:40.0604 1164 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:08:40.0635 1164 LSI_FC - ok
18:08:40.0698 1164 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:08:40.0698 1164 LSI_SAS - ok
18:08:40.0854 1164 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:08:40.0869 1164 LSI_SCSI - ok
18:08:40.0932 1164 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:08:40.0932 1164 luafv - ok
18:08:41.0010 1164 [ 144011D14BD35F4E36136AE057B1AADD ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
18:08:41.0010 1164 LUsbFilt - ok
18:08:41.0057 1164 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:08:41.0057 1164 MBAMProtector - ok
18:08:41.0259 1164 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:08:41.0275 1164 MBAMService - ok
18:08:41.0322 1164 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:08:41.0322 1164 Mcx2Svc - ok
18:08:41.0665 1164 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:08:41.0696 1164 megasas - ok
18:08:41.0743 1164 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:08:41.0759 1164 MegaSR - ok
18:08:42.0008 1164 [ 671A03CA9CD0259CCBB7B78A9CE234EC ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
18:08:42.0008 1164 MemeoBackgroundService - ok
18:08:42.0024 1164 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:08:42.0039 1164 MMCSS - ok
18:08:42.0149 1164 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:08:42.0149 1164 Modem - ok
18:08:42.0195 1164 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:08:42.0195 1164 monitor - ok
18:08:42.0258 1164 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:08:42.0258 1164 mouclass - ok
18:08:42.0492 1164 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:08:42.0492 1164 mouhid - ok
18:08:42.0882 1164 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:08:42.0897 1164 MountMgr - ok
18:08:43.0568 1164 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:08:43.0631 1164 MozillaMaintenance - ok
18:08:43.0911 1164 [ DFA1CD670EA50A21C87C92C727C50950 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:08:43.0911 1164 MpFilter - ok
18:08:44.0208 1164 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:08:44.0255 1164 mpio - ok
18:08:44.0301 1164 [ 77075A384A94B83E19D78EFBCF8A832E ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys
18:08:44.0301 1164 MpNWMon - ok
18:08:44.0379 1164 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:08:44.0379 1164 mpsdrv - ok
18:08:44.0442 1164 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:08:44.0442 1164 Mraid35x - ok
18:08:44.0489 1164 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:08:44.0489 1164 MRxDAV - ok
18:08:44.0535 1164 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:08:44.0535 1164 mrxsmb - ok
18:08:44.0691 1164 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:08:44.0691 1164 mrxsmb10 - ok
18:08:44.0801 1164 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:08:44.0816 1164 mrxsmb20 - ok
18:08:44.0863 1164 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:08:44.0863 1164 msahci - ok
18:08:45.0003 1164 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:08:45.0003 1164 msdsm - ok
18:08:45.0066 1164 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:08:45.0066 1164 MSDTC - ok
18:08:45.0144 1164 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:08:45.0144 1164 Msfs - ok
18:08:45.0284 1164 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:08:45.0284 1164 msisadrv - ok
18:08:45.0440 1164 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:08:45.0627 1164 MSiSCSI - ok
18:08:45.0643 1164 msiserver - ok
18:08:45.0705 1164 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:08:45.0705 1164 MSKSSRV - ok
18:08:45.0799 1164 [ FBE736AF381983A1D4ADBBF1FACF6976 ] MsMpSvc c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
18:08:45.0815 1164 MsMpSvc - ok
18:08:46.0080 1164 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:08:46.0080 1164 MSPCLOCK - ok
18:08:46.0142 1164 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:08:46.0142 1164 MSPQM - ok
18:08:46.0173 1164 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:08:46.0189 1164 MsRPC - ok
18:08:46.0236 1164 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:08:46.0236 1164 mssmbios - ok
18:08:46.0267 1164 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:08:46.0267 1164 MSTEE - ok
18:08:46.0298 1164 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:08:46.0298 1164 Mup - ok
18:08:46.0454 1164 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:08:46.0454 1164 napagent - ok
18:08:46.0610 1164 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:08:46.0610 1164 NativeWifiP - ok
18:08:46.0766 1164 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:08:46.0813 1164 NDIS - ok
18:08:46.0860 1164 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:08:46.0860 1164 NdisTapi - ok
18:08:46.0891 1164 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:08:46.0891 1164 Ndisuio - ok
18:08:46.0953 1164 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:08:46.0953 1164 NdisWan - ok
18:08:47.0000 1164 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:08:47.0000 1164 NDProxy - ok
18:08:47.0031 1164 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:08:47.0031 1164 Net Driver HPZ12 - ok
18:08:47.0250 1164 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:08:47.0250 1164 NetBIOS - ok
18:08:47.0375 1164 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:08:47.0375 1164 netbt - ok
18:08:47.0406 1164 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
18:08:47.0406 1164 Netlogon - ok
18:08:47.0437 1164 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:08:47.0453 1164 Netman - ok
18:08:47.0484 1164 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:08:47.0484 1164 netprofm - ok
18:08:47.0593 1164 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:08:47.0593 1164 NetTcpPortSharing - ok
18:08:47.0780 1164 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:08:47.0780 1164 nfrd960 - ok
18:08:47.0967 1164 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:08:48.0061 1164 NlaSvc - ok
18:08:48.0170 1164 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:08:48.0170 1164 Npfs - ok
18:08:48.0217 1164 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:08:48.0435 1164 nsi - ok
18:08:48.0498 1164 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:08:48.0498 1164 nsiproxy - ok
18:08:48.0576 1164 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:08:48.0607 1164 Ntfs - ok
18:08:48.0716 1164 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:08:48.0716 1164 ntrigdigi - ok
18:08:48.0935 1164 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:08:48.0935 1164 Null - ok
18:08:49.0356 1164 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:08:49.0434 1164 nvlddmkm - ok
18:08:49.0481 1164 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:08:49.0481 1164 nvraid - ok
18:08:49.0574 1164 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:08:49.0590 1164 nvstor - ok
18:08:49.0621 1164 [ DED8F2C0070478F13C37F7BD849B83FA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:08:49.0637 1164 nvsvc - ok
18:08:49.0715 1164 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:08:49.0715 1164 nv_agp - ok
18:08:49.0715 1164 NwlnkFlt - ok
18:08:49.0730 1164 NwlnkFwd - ok
18:08:49.0917 1164 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:08:49.0933 1164 odserv - ok
18:08:49.0980 1164 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
18:08:50.0183 1164 OEM02Dev - ok
18:08:50.0261 1164 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
18:08:50.0261 1164 OEM02Vfx - ok
18:08:50.0323 1164 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:08:50.0323 1164 ohci1394 - ok
18:08:50.0448 1164 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:50.0791 1164 ose - ok
18:08:50.0947 1164 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:08:51.0165 1164 p2pimsvc - ok
18:08:51.0321 1164 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:08:51.0337 1164 p2psvc - ok
18:08:51.0415 1164 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:08:51.0415 1164 Parport - ok
18:08:51.0618 1164 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:08:51.0789 1164 partmgr - ok
18:08:51.0836 1164 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:08:51.0852 1164 Parvdm - ok
18:08:51.0914 1164 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
18:08:51.0914 1164 PassThru Service - ok
18:08:51.0977 1164 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:08:52.0117 1164 PcaSvc - ok
18:08:52.0289 1164 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:08:52.0304 1164 pci - ok
18:08:52.0335 1164 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:08:52.0351 1164 pciide - ok
18:08:52.0554 1164 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:08:52.0803 1164 pcmcia - ok
18:08:52.0913 1164 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:08:52.0928 1164 PEAUTH - ok
18:08:53.0069 1164 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:08:53.0131 1164 pla - ok
18:08:53.0318 1164 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:08:53.0318 1164 PlugPlay - ok
18:08:53.0381 1164 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:08:53.0381 1164 Pml Driver HPZ12 - ok
18:08:53.0474 1164 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:08:53.0490 1164 PNRPAutoReg - ok
18:08:53.0505 1164 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:08:53.0739 1164 PNRPsvc - ok
18:08:53.0942 1164 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:08:54.0207 1164 PolicyAgent - ok
18:08:54.0285 1164 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:08:54.0441 1164 PptpMiniport - ok
18:08:54.0519 1164 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:08:54.0519 1164 Processor - ok
18:08:54.0551 1164 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:08:54.0551 1164 ProfSvc - ok
18:08:54.0566 1164 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
18:08:54.0566 1164 ProtectedStorage - ok
18:08:54.0644 1164 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:08:54.0644 1164 PSched - ok
18:08:54.0691 1164 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:08:54.0707 1164 PxHelp20 - ok
18:08:54.0941 1164 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:08:55.0440 1164 ql2300 - ok
18:08:55.0518 1164 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:08:55.0518 1164 ql40xx - ok
18:08:55.0814 1164 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:08:55.0814 1164 QWAVE - ok
18:08:55.0861 1164 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:08:55.0861 1164 QWAVEdrv - ok
18:08:56.0813 1164 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:08:56.0984 1164 R300 - ok
18:08:57.0031 1164 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:08:57.0031 1164 RasAcd - ok
18:08:57.0078 1164 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:08:57.0078 1164 RasAuto - ok
18:08:57.0125 1164 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:57.0125 1164 Rasl2tp - ok
18:08:57.0203 1164 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:08:57.0203 1164 RasMan - ok
18:08:57.0249 1164 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:57.0249 1164 RasPppoe - ok
18:08:57.0296 1164 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:08:57.0296 1164 RasSstp - ok
18:08:57.0359 1164 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:08:57.0359 1164 rdbss - ok
18:08:57.0468 1164 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:57.0468 1164 RDPCDD - ok
18:08:57.0499 1164 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:08:57.0499 1164 rdpdr - ok
18:08:57.0546 1164 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:08:57.0546 1164 RDPENCDD - ok
18:08:57.0655 1164 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:08:57.0655 1164 RDPWD - ok
18:08:57.0717 1164 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:08:57.0717 1164 RemoteAccess - ok
18:08:57.0827 1164 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:08:57.0827 1164 RemoteRegistry - ok
18:08:57.0873 1164 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:08:57.0873 1164 RFCOMM - ok
18:08:57.0905 1164 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:08:57.0905 1164 rimmptsk - ok
18:08:57.0936 1164 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:08:57.0936 1164 rimsptsk - ok
18:08:58.0014 1164 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:08:58.0014 1164 rismxdp - ok
18:08:58.0029 1164 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:08:58.0029 1164 RpcLocator - ok
18:08:58.0092 1164 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:08:58.0107 1164 RpcSs - ok
18:08:58.0170 1164 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:08:58.0170 1164 rspndr - ok
18:08:58.0185 1164 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
18:08:58.0185 1164 SamSs - ok
18:08:58.0232 1164 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:08:58.0232 1164 sbp2port - ok
18:08:58.0295 1164 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:08:58.0295 1164 SCardSvr - ok
18:08:58.0466 1164 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:08:58.0482 1164 Schedule - ok
18:08:58.0529 1164 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:08:58.0529 1164 SCPolicySvc - ok
18:08:58.0575 1164 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:08:58.0575 1164 sdbus - ok
18:08:58.0638 1164 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:08:58.0653 1164 SDRSVC - ok
18:08:58.0731 1164 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:08:58.0731 1164 secdrv - ok
18:08:59.0028 1164 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:08:59.0028 1164 seclogon - ok
18:08:59.0184 1164 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:08:59.0184 1164 SENS - ok
18:08:59.0199 1164 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:08:59.0199 1164 Serenum - ok
18:08:59.0371 1164 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:08:59.0402 1164 Serial - ok
18:08:59.0496 1164 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:08:59.0543 1164 sermouse - ok
18:08:59.0605 1164 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:08:59.0621 1164 SessionEnv - ok
18:08:59.0792 1164 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
18:08:59.0792 1164 sffdisk - ok
18:08:59.0933 1164 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:08:59.0948 1164 sffp_mmc - ok
18:08:59.0979 1164 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
18:08:59.0979 1164 sffp_sd - ok
18:09:00.0011 1164 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:09:00.0026 1164 sfloppy - ok
18:09:00.0135 1164 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:09:00.0135 1164 ShellHWDetection - ok
18:09:00.0182 1164 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:09:00.0182 1164 sisagp - ok
18:09:00.0229 1164 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:09:00.0229 1164 SiSRaid2 - ok
18:09:00.0245 1164 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:09:00.0245 1164 SiSRaid4 - ok
18:09:00.0385 1164 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:09:00.0432 1164 slsvc - ok
18:09:00.0525 1164 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:09:00.0525 1164 SLUINotify - ok
18:09:00.0588 1164 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:09:00.0588 1164 Smb - ok
18:09:00.0697 1164 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:09:00.0713 1164 SNMPTRAP - ok
18:09:00.0744 1164 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:09:00.0744 1164 spldr - ok
18:09:00.0791 1164 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:09:00.0806 1164 Spooler - ok
18:09:00.0837 1164 sprtsvc_dellsupportcenter - ok
18:09:00.0962 1164 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:09:00.0962 1164 srv - ok
18:09:01.0040 1164 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:09:01.0056 1164 srv2 - ok
18:09:01.0134 1164 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:09:01.0134 1164 srvnet - ok
18:09:01.0196 1164 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:09:01.0212 1164 SSDPSRV - ok
18:09:01.0227 1164 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:09:01.0227 1164 SstpSvc - ok
18:09:01.0305 1164 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
18:09:01.0305 1164 STacSV - ok
18:09:01.0383 1164 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
18:09:01.0383 1164 STHDA - ok
18:09:01.0711 1164 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:09:01.0711 1164 StillCam - ok
18:09:01.0773 1164 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:09:01.0789 1164 stisvc - ok
18:09:02.0444 1164 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:09:02.0631 1164 stllssvr - ok
18:09:02.0678 1164 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:09:02.0678 1164 swenum - ok
18:09:02.0709 1164 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:09:02.0725 1164 swprv - ok
18:09:02.0772 1164 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:09:02.0772 1164 Symc8xx - ok
18:09:02.0803 1164 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:09:02.0803 1164 Sym_hi - ok
18:09:02.0959 1164 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:09:02.0959 1164 Sym_u3 - ok
18:09:03.0084 1164 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:09:03.0099 1164 SysMain - ok
18:09:03.0224 1164 [ 5F5D2CA8D3E15B183E6BDF59C370B39A ] t3 C:\Windows\system32\drivers\t3.sys
18:09:03.0240 1164 t3 - ok
18:09:03.0302 1164 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:09:03.0302 1164 TabletInputService - ok
18:09:03.0505 1164 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:09:03.0505 1164 TapiSrv - ok
18:09:03.0552 1164 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:09:03.0567 1164 TBS - ok
18:09:03.0770 1164 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:09:03.0786 1164 Tcpip - ok
18:09:03.0895 1164 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:09:03.0895 1164 Tcpip6 - ok
18:09:04.0004 1164 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:09:04.0004 1164 tcpipreg - ok
18:09:04.0129 1164 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
18:09:04.0129 1164 TcUsb - ok
18:09:04.0347 1164 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:09:04.0347 1164 TDPIPE - ok
18:09:04.0394 1164 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:09:04.0394 1164 TDTCP - ok
18:09:04.0472 1164 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:09:04.0472 1164 tdx - ok
18:09:04.0503 1164 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:09:04.0503 1164 TermDD - ok
18:09:04.0581 1164 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:09:04.0597 1164 TermService - ok
18:09:04.0644 1164 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:09:04.0659 1164 Themes - ok
18:09:04.0784 1164 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:09:04.0800 1164 THREADORDER - ok
18:09:04.0893 1164 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:09:04.0893 1164 TrkWks - ok
18:09:05.0159 1164 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:09:05.0159 1164 TrustedInstaller - ok
18:09:05.0221 1164 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:05.0221 1164 tssecsrv - ok
18:09:05.0268 1164 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:09:05.0268 1164 tunmp - ok
18:09:05.0642 1164 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:09:05.0642 1164 tunnel - ok
18:09:05.0861 1164 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:09:05.0876 1164 uagp35 - ok
18:09:06.0235 1164 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:09:06.0266 1164 udfs - ok
18:09:06.0485 1164 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:09:06.0485 1164 UI0Detect - ok
18:09:06.0547 1164 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:09:06.0547 1164 uliagpkx - ok
18:09:06.0609 1164 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:09:06.0609 1164 uliahci - ok
18:09:06.0812 1164 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:09:06.0843 1164 UlSata - ok
18:09:06.0999 1164 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:09:07.0046 1164 ulsata2 - ok
18:09:07.0140 1164 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:09:07.0140 1164 umbus - ok
18:09:07.0202 1164 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:09:07.0218 1164 upnphost - ok
18:09:07.0405 1164 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:09:08.0154 1164 USBAAPL - ok
18:09:08.0310 1164 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:09:08.0466 1164 usbaudio - ok
18:09:08.0606 1164 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:08.0606 1164 usbccgp - ok
18:09:08.0700 1164 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:09:08.0700 1164 usbcir - ok
18:09:08.0793 1164 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:09:08.0793 1164 usbehci - ok
18:09:08.0856 1164 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:09:08.0871 1164 usbhub - ok
18:09:08.0949 1164 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:09:08.0949 1164 usbohci - ok
18:09:08.0996 1164 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:09:08.0996 1164 usbprint - ok
18:09:09.0168 1164 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:09:09.0371 1164 usbscan - ok
18:09:09.0558 1164 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:09:09.0558 1164 USBSTOR - ok
18:09:09.0651 1164 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:09:09.0651 1164 usbuhci - ok
18:09:09.0729 1164 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:09:09.0729 1164 usbvideo - ok
18:09:09.0839 1164 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:09:09.0839 1164 UxSms - ok
18:09:09.0901 1164 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:09:09.0917 1164 vds - ok
18:09:09.0963 1164 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:09.0963 1164 vga - ok
18:09:10.0026 1164 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:09:10.0026 1164 VgaSave - ok
18:09:10.0088 1164 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:09:10.0088 1164 viaagp - ok
18:09:10.0166 1164 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:09:10.0197 1164 ViaC7 - ok
18:09:10.0260 1164 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:09:10.0260 1164 viaide - ok
18:09:10.0322 1164 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:09:10.0322 1164 volmgr - ok
18:09:10.0416 1164 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:09:10.0431 1164 volmgrx - ok
18:09:10.0509 1164 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:09:10.0509 1164 volsnap - ok
18:09:10.0572 1164 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:09:10.0587 1164 vsmraid - ok
18:09:10.0650 1164 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:09:10.0665 1164 VSS - ok
18:09:10.0728 1164 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:09:10.0743 1164 W32Time - ok
18:09:10.0775 1164 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:09:10.0775 1164 WacomPen - ok
18:09:10.0837 1164 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:09:10.0837 1164 Wanarp - ok
18:09:10.0837 1164 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:09:10.0853 1164 Wanarpv6 - ok
18:09:10.0899 1164 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:09:10.0915 1164 wcncsvc - ok
18:09:10.0993 1164 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:09:10.0993 1164 WcsPlugInService - ok
18:09:11.0055 1164 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:09:11.0055 1164 Wd - ok
18:09:11.0243 1164 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:09:11.0258 1164 Wdf01000 - ok
18:09:11.0336 1164 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:09:11.0352 1164 WdiServiceHost - ok
18:09:11.0352 1164 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:09:11.0367 1164 WdiSystemHost - ok
18:09:11.0430 1164 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:09:11.0445 1164 WebClient - ok
18:09:11.0523 1164 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:09:11.0523 1164 Wecsvc - ok
18:09:11.0570 1164 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:09:11.0586 1164 wercplsupport - ok
18:09:11.0726 1164 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:09:11.0726 1164 WerSvc - ok
18:09:11.0820 1164 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:09:11.0835 1164 WinDefend - ok
18:09:11.0960 1164 WinHttpAutoProxySvc - ok
18:09:12.0038 1164 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:09:12.0038 1164 Winmgmt - ok
18:09:12.0101 1164 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:09:12.0428 1164 WinRM - ok
18:09:12.0647 1164 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:09:12.0647 1164 Wlansvc - ok
18:09:12.0990 1164 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
18:09:13.0115 1164 WLSetupSvc - ok
18:09:13.0115 1164 wltrysvc - ok
18:09:13.0193 1164 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:09:13.0193 1164 WmiAcpi - ok
18:09:13.0286 1164 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:09:13.0286 1164 wmiApSrv - ok
18:09:13.0411 1164 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:09:13.0427 1164 WMPNetworkSvc - ok
18:09:13.0551 1164 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:09:13.0551 1164 WPCSvc - ok
18:09:13.0661 1164 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:09:13.0676 1164 WPDBusEnum - ok
18:09:13.0770 1164 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:09:13.0973 1164 WpdUsb - ok
18:09:14.0144 1164 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:09:14.0144 1164 WPFFontCache_v0400 - ok
18:09:14.0300 1164 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:09:14.0300 1164 ws2ifsl - ok
18:09:14.0363 1164 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
18:09:14.0378 1164 wscsvc - ok
18:09:14.0394 1164 WSearch - ok
18:09:14.0487 1164 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:14.0487 1164 WUDFRd - ok
18:09:14.0581 1164 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:09:14.0581 1164 wudfsvc - ok
18:09:14.0893 1164 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
18:09:14.0893 1164 yukonwlh - ok
18:09:14.0955 1164 ================ Scan global ===============================
18:09:15.0158 1164 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:09:15.0689 1164 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
18:09:15.0720 1164 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
18:09:16.0219 1164 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:09:16.0219 1164 [Global] - ok
18:09:16.0219 1164 ================ Scan MBR ==================================
18:09:16.0281 1164 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:09:16.0781 1164 \Device\Harddisk0\DR0 - ok
18:09:16.0781 1164 ================ Scan VBR ==================================
18:09:16.0859 1164 [ 64549E90AEF6E4817ACA0FCA51A738FD ] \Device\Harddisk0\DR0\Partition1
18:09:16.0874 1164 \Device\Harddisk0\DR0\Partition1 - ok
18:09:16.0905 1164 [ 4CCD079EA77729AA5A96A67E12ECCF8A ] \Device\Harddisk0\DR0\Partition2
18:09:16.0921 1164 \Device\Harddisk0\DR0\Partition2 - ok
18:09:16.0921 1164 ============================================================
18:09:16.0921 1164 Scan finished
18:09:16.0921 1164 ============================================================
18:09:16.0937 1840 Detected object count: 0
18:09:16.0937 1840 Actual detected object count: 0
18:09:27.0264 3936 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 21 August 2012 - 05:43 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 21 August 2012 - 09:04 PM

So I downloaded this version and tried to activate the "Repair Your Computer" option after restarting. I keep getting a log in screen that prompts for "other user". So I instead opened command prompt safe mode and ran the file (I had to redownload the 32 bit version). I received a few error messages like:

"The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility."
as well as

"The file or directory C:\Windows\System32\confix\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0DV0V8L is corrupt and unreadable. Please run the Chkdsk utility."
and also

"The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility."

and some others. Here is the first scan FRST


========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3581.14 MB
Available physical RAM: 3080.75 MB
Total Pagefile: 7347.23 MB
Available Pagefile: 7074.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.82 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:285.5 GB) (Free:132.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.78 GB) NTFS
4 Drive f: () (Removable) (Total:7.45 GB) (Free:5.89 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7634 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 94 MB 32 KB
Partition 2 Primary 10 GB 95 MB
Partition 3 Primary 285 GB 10 GB
Partition 0 Extended 2560 MB 296 GB
Partition 4 Logical 2559 MB 296 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 285 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 4
Type : DD
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7633 MB Healthy

==================================================================================

Last Boot: 2012-08-21 21:33

======================= End Of Log ==========================

Here is my Search log:

Farbar Recovery Scan Tool Version: 21-08-2012 02
Ran by Bill at 2012-08-21 21:44:22
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-08-18 22:41] - [2009-04-11 02:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 22:24] - [2008-01-20 22:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe
[2009-08-18 22:41] - [2012-08-21 18:05] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 22 August 2012 - 05:31 AM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 22 August 2012 - 03:11 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Bill [Admin rights]
Mode: Scan -- Date: 08/22/2012 16:09:14

Bad processes: 0

Registry Entries: 78
[SUSP PATH] HKCU\[...]\Run : aductndi (C:\Users\Bill\AppData\Local\akjnnfgcm\dlkbytgtssd.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Eltoveap (C:\Users\Bill\AppData\Roaming\Coybum\ylope.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2873411838-2776441509-2877129692-1000[...]\Run : aductndi (C:\Users\Bill\AppData\Local\akjnnfgcm\dlkbytgtssd.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2873411838-2776441509-2877129692-1000[...]\Run : Eltoveap (C:\Users\Bill\AppData\Roaming\Coybum\ylope.exe) -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At1.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At10.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At11.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At12.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At13.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At14.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At15.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At16.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At17.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At18.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At19.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At2.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At20.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At21.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At22.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At23.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At24.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At25.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At26.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At27.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At28.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At29.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At3.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At30.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At31.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At32.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At33.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At34.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At35.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At36.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At37.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At38.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At39.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At4.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At40.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At41.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At43.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At45.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At47.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At48.job @ : C:\ProgramData\p616k8Y1.exe_ -> FOUND
[SUSP PATH] At5.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At6.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At7.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At8.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[SUSP PATH] At9.job @ : C:\ProgramData\p616k8Y1.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L --> FOUND
[ZeroAccess][FILE] @ : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\@ --> FOUND
[ZeroAccess][FILE] n : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\n --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L --> FOUND

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
94.63.147.17 www.bing.com


MBR Check:

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++
--- User ---
[MBR] 960202ab621b8cc7cb3774dec242f37b
[BSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21166080 | Size: 292348 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 22 August 2012 - 03:42 PM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Spike1361

Spike1361
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 22 August 2012 - 04:10 PM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Bill [Admin rights]
Mode: Remove -- Date: 08/22/2012 17:08:29

Bad processes: 0

Registry Entries: 52
[SUSP PATH] HKCU\[...]\Run : aductndi (C:\Users\Bill\AppData\Local\akjnnfgcm\dlkbytgtssd.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Eltoveap (C:\Users\Bill\AppData\Roaming\Coybum\ylope.exe) -> DELETED
[SUSP PATH] At33.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At32.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At31.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At30.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At29.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At28.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At27.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At26.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At25.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At43.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At42.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At41.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At40.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At39.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At38.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At37.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At36.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At35.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At34.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At48.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At47.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At46.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At45.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At44.job @ : C:\ProgramData\p616k8Y1.exe_ -> DELETED
[SUSP PATH] At1.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At10.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At11.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At12.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At13.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At14.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At15.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At16.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At17.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At18.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At19.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At2.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At20.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At21.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At22.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At23.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At24.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At3.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At4.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At5.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At6.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At7.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At8.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[SUSP PATH] At9.job @ : C:\ProgramData\p616k8Y1.exe -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 1afb2d56 : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\1afb2d56 --> REMOVED
[Del.Parent][FILE] 201d3dde : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\@ --> REMOVED
[ZeroAccess][FILE] n : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\n --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\system32\config\systemprofile\local settings\application data\{2113e773-1f7d-fff2-dc59-ecfce965072a}\L --> REMOVED

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
94.63.147.17 www.bing.com


MBR Check:

+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++
--- User ---
[MBR] 960202ab621b8cc7cb3774dec242f37b
[BSP] 15aa431f21a280c81d2601e5a5773708 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21166080 | Size: 292348 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:19 PM

Posted 22 August 2012 - 07:39 PM

try and run combofix now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users