Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Zero Access


  • Please log in to reply
8 replies to this topic

#1 tfwise

tfwise

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 30 August 2012 - 03:53 PM

I am infected with Zero Access. I need help removing it. Based on another post, here are log I have so far:

Results of screen317's Security Check version 0.99.49
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee® Security-as-a-Service
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee Virus and Spyware Protection Service
SUPERAntiSpyware
McAfee SiteAdvisor Enterprise Plus
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.4.402.265
Mozilla Firefox (15.0)
Google Chrome 16.0.912.75
Google Chrome 16.0.912.77
````````Process Check: objlist.exe by Laurent````````
McAfee Managed VirusScan Agent myAgtSvc.exe
McAfee Managed VirusScan DesktopUI XTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 06-08-2012
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 13:56] - [2012-03-30 06:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-13 17:00] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-08 19:36] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 21:00] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox by Farbar Version: 23-07-2012
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com

========================= IP Configuration: ================================

Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : 11145-PC
Primary Dns Suffix . . . . . . . : nva.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nva.local
nva

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 1C-65-9D-19-6C-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : nva
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : F0-4D-A2-90-33-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::415a:18ca:a143:b6b2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.151(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, August 30, 2012 3:42:54 PM
Lease Expires . . . . . . . . . . : Thursday, September 06, 2012 2:21:55 PM
Default Gateway . . . . . . . . . : 192.168.1.2
DHCP Server . . . . . . . . . . . : 192.168.1.2
DHCPv6 IAID . . . . . . . . . . . : 250629538
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-23-40-FE-F0-4D-A2-90-33-5B
DNS Servers . . . . . . . . . . . : 192.168.1.3
8.8.8.8
97.64.180.150
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.nva:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.137.138] with 32 bytes of data:
Reply from 74.125.137.138: bytes=32 time=16ms TTL=46
Reply from 74.125.137.138: bytes=32 time=16ms TTL=46

Ping statistics for 74.125.137.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 16ms, Maximum = 16ms, Average = 16ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=364ms TTL=49
Reply from 72.30.38.140: bytes=32 time=608ms TTL=49

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 364ms, Maximum = 608ms, Average = 486ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...1c 65 9d 19 6c 80 ......DW1501 Wireless-N WLAN Half-Mini Card
11...f0 4d a2 90 33 5b ......Broadcom NetXtreme 57xx Gigabit Controller
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.151 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.151 266
192.168.1.151 255.255.255.255 On-link 192.168.1.151 266
192.168.1.255 255.255.255.255 On-link 192.168.1.151 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.151 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.151 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 fe80::/64 On-link
11 266 fe80::415a:18ca:a143:b6b2/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 04:02:42 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.59.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 149c

Start Time: 01cd86ea17db72ff

Termination Time: 0

Application Path: C:\Users\twisenbaker\Desktop\OTL.exe

Report Id:

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:35:42 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))


System errors:
=============
Error: (08/30/2012 03:43:00 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (08/30/2012 03:43:00 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (08/30/2012 03:42:57 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (08/30/2012 03:42:56 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (08/30/2012 03:38:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/30/2012 03:38:19 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/30/2012 03:38:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\System32\bcmihvsrv.dll
Error Code: 21

Error: (08/30/2012 03:38:15 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/30/2012 03:38:08 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/30/2012 03:37:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ctxusbm
discache
SASDIFSV
SASKUTIL
spldr
sptd
Wanarpv6


Microsoft Office Sessions:
=========================
Error: (08/30/2012 04:02:42 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.59.1149c01cd86ea17db72ff0C:\Users\twisenbaker\Desktop\OTL.exe

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/30/2012 02:36:00 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (08/30/2012 02:35:44 PM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
1100

Error: (08/30/2012 02:35:42 PM) (Source: Windows Search Service)(User: )
Description: Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))


=========================== Installed Programs ============================

Able2Extract Professional v6.0
AccelerometerP11 (Version: 2.00.00.12)
Acronis True Image Home 2011 (Version: 14.0.5105)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
AM-DeadLink 4.4 (Version: 4.4)
AnswerWorks 5.0 English Runtime (Version: 5.0.7)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Audiogalaxy
AuthenTec Fingerprint Software (Version: 8.4.4.20)
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.55.04)
Canon DR-2580C Driver (Version: 1.8.10911.16001)
CapturePerfect 3.0 (Version: 3.0.9109.903)
CCleaner (Version: 3.22)
Checkpoint Tools for PPC (Version: 1.1.31)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix online plug-in - web (Version: 11.2.0.31560)
Citrix online plug-in (DV) (Version: 11.2.0.31560)
Citrix online plug-in (HDX) (Version: 11.2.0.31560)
Citrix online plug-in (USB) (Version: 11.2.0.31560)
Citrix online plug-in (Web) (Version: 11.2.0.31560)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Cool MP3 Splitter 2.02
Creative Solutions Accounting
Creative Solutions Accounting - Workstation
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Defraggler (Version: 2.09)
Dell Control Point (Version: 1.6.468.86)
Dell ControlPoint Security Manager (Version: 1.6.468.86)
Dell ControlPoint System Manager (Version: 1.4.00001)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002)
Dell Security Device Driver Pack (Version: 1.4.055)
Dell Touchpad (Version: 7.1007.101.210)
Document Manager Lite (Version: 06.09.00.159)
DR-2580C Job Tool (Version: 1.00.000)
DW WLAN Card Utility (Version: 5.60.48.35)
e-Form RS (Version: 11.0.0.2)
EMBASSY Security Center (Version: 04.00.00.101)
EMBASSY Security Setup (Version: 04.00.00.090)
eReg (Version: 1.20.138.34)
ESC Home Page Plugin (Version: 04.00.00.018)
FileCabinet CS Print Driver (Version: 11.1.0)
FlashFXP v4.0 (Version: 4.0.0.1470)
G6 Utilities (remove only)
Garmin Communicator Plugin (Version: 2.9.3)
Garmin USB Drivers (Version: 2.3.0.0)
Garmin WebUpdater (Version: 2.4.2)
Gemalto (Version: 01.01.00.0000)
Google Chrome (Version: 16.0.912.77)
Google Earth (Version: 6.2.2.6613)
Google Update Helper (Version: 1.3.21.115)
HandBrake 0.9.6 (Version: 0.9.6)
iCloud (Version: 1.1.0.40)
Infragisticsv62Install 2009 (Version: 09.1.0)
Infragisticsv62Install 2010 (Version: 10.1.0)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 33 (Version: 6.0.330)
Jing (Version: 2.4.10231)
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
Logitech SetPoint 6.20 (Version: 6.20.64)
LogMeIn (Version: 4.1.1558)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
McAfee Browser Protection Service (Version: 5.4.0.148)
McAfee SiteAdvisor Enterprise Plus (Version: 3.0.0.638)
McAfee Virus and Spyware Protection Service (Version: 5.4.0.148)
MediaMonkey 4.0 (Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0)
Microsoft Office 2010 Primary Interop Assemblies (Version: 14.0.4763.1150)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (TOCTTARGPPC05) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31119)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.31124)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Motorola Phone Tools (Version: 4.30)
MozBackup 1.4.10
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Maintenance Service (Version: 15.0)
MP3 Splitter Joiner Pro v4.1 build 2568
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewsLeecher v5.0 Beta 3
NirSoft BulletsPassView
Notepad++ (Version: 5.9.2)
NTRU TCG Software Stack (Version: 2.1.29)
O2Micro OZ776 SCR Driver (Version: 1.1.4.209GS)
plist Editor for Windows 1.0.0 (Version: 1.0.0)
PowerDVD DX (Version: 8.3.6029)
PPC Engagement Letter Generator (8-10) (Version: 2010.8.6)
PPC Engagement Letter Generator (8-11) (Version: 2011.8.2)
PPC Practice Aids Audits of Employee Benefit Plans (2-10) (Version: 2010.2.7)
PPC Practice Aids Audits of Employee Benefit Plans (2-11) (Version: 2011.2.6)
PPC Practice Aids Audits of Financial Institutions (11-11) (Version: 2011.11.8)
PPC Practice Aids Audits of Financial Institutions (5-10) (Version: 2010.5.6)
PPC Practice Aids Audits of Financial Institutions (5-11) (Version: 2011.5.5)
PPC Practice Aids Audits of Local Governments (11-11) (Version: 2011.11.16)
PPC Practice Aids Audits of Local Governments (2-10) (Version: 2010.2.36)
PPC Practice Aids Audits of Local Governments (2-11) (Version: 2011.2.9)
PPC Practice Aids Audits of Local Governments (2-12) (Version: 2012.2.8)
PPC Practice Aids Audits of Nonprofit Organizations (11-11) (Version: 2011.11.7)
PPC Practice Aids Audits of Nonprofit Organizations (2-10) (Version: 2010.2.21)
PPC Practice Aids Audits of Nonprofit Organizations (2-11) (Version: 2011.2.9)
PPC Practice Aids Audits of Nonprofit Organizations (3-12) (Version: 2012.3.5)
PPC Practice Aids Audits of Nonpublic Companies (2-10) (Version: 2010.2.29)
PPC Practice Aids Construction Contractors (11-11) (Version: 2011.11.7)
PPC Practice Aids Construction Contractors (6-10) (Version: 2010.6.20)
PPC Practice Aids Construction Contractors (6-11) (Version: 2011.6.5)
PPC Practice Aids Limited-Scope Audits of Standard 401(k) Plans (2-10) (Version: 2010.2.11)
PPC Practice Aids Limited-Scope Audits of Standard 401(k) Plans (2-11) (Version: 2011.2.4)
PPC Practice Aids Limited-Scope Audits of Standard 401(k) Plans (3-12) (Version: 2012.3.4)
PPC Practice Aids Single Audits (5-11) (Version: 2011.5.4)
PPC Practice Aids Single Audits (6-10) (Version: 2010.6.14)
PPC SMART Practice Aids - Risk Assessment (Version: 7.2.53)
PPC SMART Practice Aids - Single Audit (Version: 2.1.13)
PPCWebMultiSelect (Version: 1.4.9)
Practice CS (Version: 112.4.1042)
Preboot Manager (Version: 03.00.00.154)
Private Information Manager (Version: 06.04.00.065)
Quicken 2012 (Version: 21.1.7.18)
QuickPar 0.9 (Version: 0.9)
QuickTime (Version: 7.72.80.56)
RIA-Speedlink (Version: 4.10.0000)
Security Wizards (Version: 01.07.00.026)
SUPERAntiSpyware (Version: 4.45.1000)
swMSM (Version: 12.0.0.1)
Trillian
Trusted Drive Manager (Version: 3.3.3.104)
UltraMon (Version: 3.2.0)
UltraTax Font Installer (Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
Visual C++ 8.0 x86 Runtime Setup Package (Version: 1.0.0.0)
Vuze (Version: 4.7)
Wave Infrastructure Installer (Version: 07.01.31.0000)
Wave Support Software (Version: 05.10.00.073)
WebEx
WIDCOMM Bluetooth Software (Version: 6.3.0.3102)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/13/2009 8.4.2.0) (Version: 05/13/2009 8.4.2.0)
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WinSCP 4.3.1 beta (Version: 4.3.1 beta)
Wonderburg 1.0.0.0

========================= Devices: ================================

Name: Dell Wireless 375 Bluetooth Module with AMP
Description: Dell Wireless 375 Bluetooth Module with AMP
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3509.85 MB
Available physical RAM: 2213.21 MB
Total Pagefile: 7017.98 MB
Available Pagefile: 5363.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.63 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:137.61 GB) NTFS
3 Drive e: (Media Drive) (Fixed) (Total:931.51 GB) (Free:308.93 GB) NTFS
5 Drive g: (KINGSTON) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32
6 Drive x: () (Network) (Total:232.69 GB) (Free:54.86 GB) NTFS

========================= Users: ========================================

User accounts for \\11145-PC

11145 Administrator Guest
LogMeInRemoteUser McAfeeMVSUser


**** End of log ****


eMalwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.05

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421

8/30/2012 4:20:59 PM
mbam-log-2012-08-30 (16-20-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309360
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 16:29:06
-----------------------------
16:29:06.979 OS Version: Windows 6.1.7600
16:29:06.979 Number of processors: 4 586 0x2505
16:29:06.979 ComputerName: UserName:
16:29:08.086 Initialize success
16:30:23.171 AVAST engine defs: 12083001
16:30:26.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:30:26.541 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 305245MB BusType: 3
16:30:26.619 Disk 0 MBR read successfully
16:30:26.634 Disk 0 MBR scan
16:30:26.728 Disk 0 Windows VISTA default MBR code
16:30:26.775 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
16:30:26.821 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
16:30:26.837 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
16:30:26.868 Disk 0 scanning sectors +625140400
16:30:26.962 Disk 0 scanning C:\Windows\system32\drivers
16:31:05.107 Service scanning
16:31:48.978 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:32:03.675 Modules scanning
16:32:15.796 Disk 0 trace - called modules:
16:32:15.828 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdfltn.sys ACPI.sys halmacpi.dll iaStor.sys spyn.sys >>UNKNOWN [0x85a60938]<<
16:32:15.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x883f8030]
16:32:15.859 3 CLASSPNP.SYS[8d0bf59e] -> nt!IofCallDriver -> [0x883f23e8]
16:32:15.859 5 stdfltn.sys[8cf0570c] -> nt!IofCallDriver -> [0x8684f928]
16:32:15.874 7 ACPI.sys[8c3aa3b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x867e9028]
16:32:16.982 AVAST engine scan C:\Windows
16:32:22.396 AVAST engine scan C:\Windows\system32
16:35:42.157 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:38:49.219 AVAST engine scan C:\Windows\system32\drivers
16:39:29.091 AVAST engine scan C:\Users\
16:51:20.358 AVAST engine scan C:\ProgramData
16:53:26.588 Scan finished successfully
16:53:31.991 Disk 0 MBR has been saved successfully to
16:53:32.003 The log file has been saved successfully to


Thanks in advance for the help.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:24 PM

Posted 30 August 2012 - 03:56 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results


Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 tfwise

tfwise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 30 August 2012 - 04:08 PM

17:05:11.0910 5828 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:05:12.0175 5828 ============================================================
17:05:12.0175 5828 Current date / time: 2012/08/30 17:05:12.0175
17:05:12.0175 5828 SystemInfo:
17:05:12.0175 5828
17:05:12.0175 5828 OS Version: 6.1.7600 ServicePack: 0.0
17:05:12.0175 5828 Product type: Workstation
17:05:12.0175 5828 ComputerName:
17:05:12.0175 5828 UserName:
17:05:12.0175 5828 Windows directory: C:\Windows
17:05:12.0175 5828 System windows directory: C:\Windows
17:05:12.0175 5828 Processor architecture: Intel x86
17:05:12.0175 5828 Number of processors: 4
17:05:12.0175 5828 Page size: 0x1000
17:05:12.0175 5828 Boot type: Normal boot
17:05:12.0175 5828 ============================================================
17:05:12.0627 5828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:05:12.0643 5828 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:05:12.0674 5828 Drive \Device\Harddisk2\DR2 - Size: 0x1DDBF8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:05:12.0674 5828 ============================================================
17:05:12.0674 5828 \Device\Harddisk0\DR0:
17:05:12.0674 5828 MBR partitions:
17:05:12.0674 5828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
17:05:12.0674 5828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
17:05:12.0674 5828 \Device\Harddisk1\DR1:
17:05:12.0674 5828 MBR partitions:
17:05:12.0674 5828 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747057C1
17:05:12.0674 5828 \Device\Harddisk2\DR2:
17:05:12.0674 5828 MBR partitions:
17:05:12.0674 5828 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEDD21
17:05:12.0674 5828 ============================================================
17:05:12.0705 5828 C: <-> \Device\Harddisk0\DR0\Partition2
17:05:12.0737 5828 E: <-> \Device\Harddisk1\DR1\Partition1
17:05:12.0737 5828 ============================================================
17:05:12.0737 5828 Initialize success
17:05:12.0737 5828 ============================================================
17:05:34.0594 2856 ============================================================
17:05:34.0594 2856 Scan started
17:05:34.0594 2856 Mode: Manual; TDLFS;
17:05:34.0594 2856 ============================================================
17:05:35.0140 2856 ================ Scan system memory ========================
17:05:35.0140 2856 System memory - ok
17:05:35.0140 2856 ================ Scan services =============================
17:05:35.0249 2856 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:05:35.0249 2856 !SASCORE - ok
17:05:36.0840 2856 [ BF02F806C873ABB04B197161E8E5A316 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:05:36.0840 2856 1394ohci - ok
17:05:36.0887 2856 [ AF1F178B0218B44876E63BF0B019E96B ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
17:05:36.0887 2856 Acceler - ok
17:05:36.0934 2856 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:05:36.0934 2856 ACPI - ok
17:05:36.0965 2856 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:05:36.0965 2856 AcpiPmi - ok
17:05:37.0059 2856 [ 75A130CED608509B1249244E0C891525 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
17:05:37.0074 2856 AcrSch2Svc - ok
17:05:37.0090 2856 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:05:37.0105 2856 adp94xx - ok
17:05:37.0121 2856 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:05:37.0121 2856 adpahci - ok
17:05:37.0137 2856 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:05:37.0137 2856 adpu320 - ok
17:05:37.0168 2856 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:05:37.0168 2856 AeLookupSvc - ok
17:05:37.0230 2856 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
17:05:37.0230 2856 AESTFilters - ok
17:05:37.0261 2856 [ A27DEEEBF1B17A053AEA3E2F1D6F9295 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
17:05:37.0261 2856 afcdp - ok
17:05:37.0371 2856 [ 149E8CA66CEADE0D17AC4028A567499F ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
17:05:37.0417 2856 afcdpsrv - ok
17:05:37.0464 2856 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
17:05:37.0464 2856 AFD - ok
17:05:37.0480 2856 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:05:37.0495 2856 agp440 - ok
17:05:37.0542 2856 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:05:37.0542 2856 aic78xx - ok
17:05:37.0558 2856 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:05:37.0558 2856 ALG - ok
17:05:37.0605 2856 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:05:37.0605 2856 aliide - ok
17:05:37.0683 2856 ALSysIO - ok
17:05:37.0714 2856 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
17:05:37.0714 2856 amdagp - ok
17:05:37.0745 2856 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:05:37.0745 2856 amdide - ok
17:05:37.0776 2856 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:05:37.0776 2856 AmdK8 - ok
17:05:37.0792 2856 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:05:37.0792 2856 AmdPPM - ok
17:05:37.0839 2856 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:05:37.0839 2856 amdsata - ok
17:05:37.0854 2856 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:05:37.0870 2856 amdsbs - ok
17:05:37.0885 2856 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:05:37.0885 2856 amdxata - ok
17:05:37.0932 2856 [ E8A8E6072CB7E2032E85E7735DAA511F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:05:37.0932 2856 ApfiltrService - ok
17:05:37.0963 2856 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
17:05:37.0963 2856 AppID - ok
17:05:37.0995 2856 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:05:37.0995 2856 AppIDSvc - ok
17:05:38.0026 2856 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
17:05:38.0026 2856 Appinfo - ok
17:05:38.0119 2856 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:05:38.0135 2856 Apple Mobile Device - ok
17:05:38.0166 2856 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:05:38.0166 2856 AppMgmt - ok
17:05:38.0198 2856 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:05:38.0198 2856 arc - ok
17:05:38.0213 2856 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:05:38.0213 2856 arcsas - ok
17:05:38.0338 2856 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:05:38.0338 2856 aspnet_state - ok
17:05:38.0354 2856 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:05:38.0354 2856 AsyncMac - ok
17:05:38.0385 2856 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:05:38.0400 2856 atapi - ok
17:05:38.0494 2856 [ FF270313C14FC180B6C49BB0B302E0FB ] ATService C:\Program Files\Fingerprint Sensor\AtService.exe
17:05:38.0525 2856 ATService - ok
17:05:38.0572 2856 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:05:38.0572 2856 AudioEndpointBuilder - ok
17:05:38.0572 2856 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:05:38.0588 2856 Audiosrv - ok
17:05:38.0603 2856 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:05:38.0603 2856 AxInstSV - ok
17:05:38.0650 2856 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:05:38.0650 2856 b06bdrv - ok
17:05:38.0681 2856 [ FD49555C8235ABE2C6F22AF62EDB694E ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:05:38.0697 2856 b57nd60x - ok
17:05:38.0728 2856 [ 94F2DC372163D520D7B1DAD78AE40B5E ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:05:38.0728 2856 BCM42RLY - ok
17:05:38.0822 2856 [ F689C5965CEFAD780A2948546703BD5D ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
17:05:38.0853 2856 BCM43XX - ok
17:05:38.0868 2856 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:05:38.0868 2856 BDESVC - ok
17:05:38.0884 2856 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:05:38.0900 2856 Beep - ok
17:05:38.0931 2856 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
17:05:38.0931 2856 BFE - ok
17:05:38.0978 2856 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:05:38.0978 2856 blbdrive - ok
17:05:39.0009 2856 [ 8B9F91DEF5DBFB4F9B700DB51E0D00CC ] Blfp C:\Windows\system32\DRIVERS\basp.sys
17:05:39.0009 2856 Blfp - ok
17:05:39.0118 2856 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:05:39.0134 2856 Bonjour Service - ok
17:05:39.0149 2856 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:05:39.0149 2856 bowser - ok
17:05:39.0196 2856 [ 72331EB16A3D59386F600D12CF40D6A0 ] BrcmMgmtAgent C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
17:05:39.0196 2856 BrcmMgmtAgent - ok
17:05:39.0227 2856 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:05:39.0227 2856 BrFiltLo - ok
17:05:39.0243 2856 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:05:39.0258 2856 BrFiltUp - ok
17:05:39.0274 2856 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:05:39.0274 2856 BridgeMP - ok
17:05:39.0305 2856 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\Windows\System32\browser.dll
17:05:39.0305 2856 Browser - ok
17:05:39.0336 2856 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:05:39.0336 2856 Brserid - ok
17:05:39.0352 2856 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:05:39.0352 2856 BrSerWdm - ok
17:05:39.0368 2856 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:05:39.0368 2856 BrUsbMdm - ok
17:05:39.0383 2856 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:05:39.0383 2856 BrUsbSer - ok
17:05:39.0414 2856 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:05:39.0414 2856 BthEnum - ok
17:05:39.0430 2856 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:05:39.0430 2856 BTHMODEM - ok
17:05:39.0477 2856 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:05:39.0477 2856 BthPan - ok
17:05:39.0524 2856 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:05:39.0524 2856 BTHPORT - ok
17:05:39.0570 2856 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:05:39.0570 2856 bthserv - ok
17:05:39.0602 2856 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:05:39.0602 2856 BTHUSB - ok
17:05:39.0633 2856 [ F73511FDEF84BDCCC1BCEC4B0CDDF03C ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
17:05:39.0633 2856 btwampfl - ok
17:05:39.0680 2856 [ 81ECE570471E0589BF488E4B11E6357B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
17:05:39.0680 2856 btwaudio - ok
17:05:39.0695 2856 [ C770311B74599378990228E6D732C718 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
17:05:39.0695 2856 btwavdt - ok
17:05:39.0789 2856 [ 8E90A8C46B0EE7CE62304DF4D4ABDA1C ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:05:39.0804 2856 btwdins - ok
17:05:39.0804 2856 [ 4DDBB2A4D11EBE70DA3DB4F98E1A0344 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
17:05:39.0820 2856 btwl2cap - ok
17:05:39.0820 2856 [ 0634F4B7E3F4507C0C49A512CE4D93FF ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
17:05:39.0820 2856 btwrchid - ok
17:05:39.0882 2856 [ D9846A19208E76604E1074BB30228AC8 ] buttonsvc32 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
17:05:39.0882 2856 buttonsvc32 - ok
17:05:39.0929 2856 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:05:39.0929 2856 cdfs - ok
17:05:40.0038 2856 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:05:40.0054 2856 cdrom - ok
17:05:40.0085 2856 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
17:05:40.0085 2856 CertPropSvc - ok
17:05:40.0116 2856 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:05:40.0116 2856 circlass - ok
17:05:40.0132 2856 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:05:40.0148 2856 CLFS - ok
17:05:40.0210 2856 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:05:40.0210 2856 clr_optimization_v2.0.50727_32 - ok
17:05:40.0288 2856 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:05:40.0288 2856 clr_optimization_v4.0.30319_32 - ok
17:05:40.0304 2856 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:05:40.0319 2856 CmBatt - ok
17:05:40.0319 2856 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:05:40.0319 2856 cmdide - ok
17:05:40.0350 2856 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\Windows\system32\Drivers\cng.sys
17:05:40.0350 2856 CNG - ok
17:05:40.0366 2856 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:05:40.0366 2856 Compbatt - ok
17:05:40.0397 2856 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:05:40.0397 2856 CompositeBus - ok
17:05:40.0397 2856 COMSysApp - ok
17:05:40.0413 2856 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:05:40.0413 2856 crcdisk - ok
17:05:40.0491 2856 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:05:40.0506 2856 CryptSvc - ok
17:05:40.0553 2856 [ DFA60FF101EB2341D7D0D5B883C31DF3 ] CSAPrintService C:\Windows\csasvc.exe
17:05:40.0553 2856 CSAPrintService - ok
17:05:40.0600 2856 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
17:05:40.0600 2856 CSC - ok
17:05:40.0631 2856 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
17:05:40.0647 2856 CscService - ok
17:05:40.0694 2856 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
17:05:40.0694 2856 ctxusbm - ok
17:05:40.0740 2856 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:05:40.0740 2856 dc3d - ok
17:05:40.0803 2856 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
17:05:40.0818 2856 DcomLaunch - ok
17:05:40.0865 2856 [ 55AFBB8E560018221911E9FF9F5CF637 ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
17:05:40.0865 2856 dcpsysmgrsvc - ok
17:05:40.0912 2856 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:05:40.0912 2856 defragsvc - ok
17:05:40.0943 2856 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:05:40.0943 2856 DfsC - ok
17:05:40.0990 2856 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:05:40.0990 2856 Dhcp - ok
17:05:41.0021 2856 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:05:41.0021 2856 discache - ok
17:05:41.0052 2856 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:05:41.0052 2856 Disk - ok
17:05:41.0084 2856 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:05:41.0084 2856 Dnscache - ok
17:05:41.0130 2856 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
17:05:41.0130 2856 dot3svc - ok
17:05:41.0146 2856 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
17:05:41.0162 2856 DPS - ok
17:05:41.0193 2856 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:05:41.0208 2856 drmkaud - ok
17:05:41.0271 2856 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:05:41.0287 2856 DXGKrnl - ok
17:05:41.0318 2856 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:05:41.0318 2856 EapHost - ok
17:05:41.0380 2856 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:05:41.0411 2856 ebdrv - ok
17:05:41.0443 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
17:05:41.0443 2856 EFS - ok
17:05:41.0521 2856 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:05:41.0536 2856 ehRecvr - ok
17:05:41.0583 2856 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:05:41.0583 2856 ehSched - ok
17:05:41.0614 2856 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:05:41.0614 2856 elxstor - ok
17:05:41.0630 2856 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:05:41.0630 2856 ErrDev - ok
17:05:41.0677 2856 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:05:41.0677 2856 EventSystem - ok
17:05:41.0692 2856 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:05:41.0692 2856 exfat - ok
17:05:41.0708 2856 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:05:41.0723 2856 fastfat - ok
17:05:41.0770 2856 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
17:05:41.0786 2856 Fax - ok
17:05:41.0833 2856 [ 314B80572F19F1DAB26BA0EA9A76BA85 ] FCPrintService C:\Windows\csifcsvc.exe
17:05:41.0833 2856 FCPrintService - ok
17:05:41.0864 2856 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:05:41.0864 2856 fdc - ok
17:05:41.0879 2856 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:05:41.0879 2856 fdPHost - ok
17:05:41.0895 2856 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:05:41.0895 2856 FDResPub - ok
17:05:41.0911 2856 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:05:41.0911 2856 FileInfo - ok
17:05:41.0926 2856 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:05:41.0926 2856 Filetrace - ok
17:05:41.0942 2856 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:05:41.0942 2856 flpydisk - ok
17:05:41.0957 2856 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:05:41.0973 2856 FltMgr - ok
17:05:42.0035 2856 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
17:05:42.0051 2856 FontCache - ok
17:05:42.0145 2856 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:05:42.0145 2856 FontCache3.0.0.0 - ok
17:05:42.0160 2856 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:05:42.0160 2856 FsDepends - ok
17:05:42.0207 2856 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:05:42.0207 2856 Fs_Rec - ok
17:05:42.0238 2856 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:05:42.0238 2856 fvevol - ok
17:05:42.0269 2856 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:05:42.0269 2856 gagp30kx - ok
17:05:42.0301 2856 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:05:42.0301 2856 GEARAspiWDM - ok
17:05:42.0332 2856 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
17:05:42.0347 2856 gpsvc - ok
17:05:42.0441 2856 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:05:42.0441 2856 gupdate - ok
17:05:42.0441 2856 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:05:42.0441 2856 gupdatem - ok
17:05:42.0472 2856 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:05:42.0472 2856 hcw85cir - ok
17:05:42.0503 2856 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:05:42.0503 2856 HDAudBus - ok
17:05:42.0550 2856 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
17:05:42.0550 2856 HECI - ok
17:05:42.0566 2856 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:05:42.0566 2856 HidBatt - ok
17:05:42.0581 2856 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:05:42.0581 2856 HidBth - ok
17:05:42.0597 2856 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:05:42.0597 2856 HidIr - ok
17:05:42.0644 2856 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
17:05:42.0644 2856 hidserv - ok
17:05:42.0691 2856 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:05:42.0691 2856 HidUsb - ok
17:05:42.0722 2856 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:05:42.0737 2856 hkmsvc - ok
17:05:42.0753 2856 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:05:42.0753 2856 HomeGroupListener - ok
17:05:42.0800 2856 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:05:42.0800 2856 HomeGroupProvider - ok
17:05:42.0878 2856 [ C5F00D15AA15CB7F55A027FF75E44BB7 ] HP Port Resolver C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
17:05:42.0893 2856 HP Port Resolver - ok
17:05:42.0909 2856 [ C5A288E4CEEF5A26D105117BAA3763AB ] HP Status Server C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
17:05:42.0909 2856 HP Status Server - ok
17:05:42.0940 2856 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:05:42.0940 2856 HpSAMD - ok
17:05:42.0956 2856 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:05:42.0971 2856 HTTP - ok
17:05:42.0987 2856 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:05:42.0987 2856 hwpolicy - ok
17:05:43.0018 2856 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:05:43.0018 2856 i8042prt - ok
17:05:43.0049 2856 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:05:43.0049 2856 iaStor - ok
17:05:43.0096 2856 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:05:43.0112 2856 iaStorV - ok
17:05:43.0174 2856 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:05:43.0174 2856 IDriverT - ok
17:05:43.0237 2856 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:05:43.0252 2856 idsvc - ok
17:05:43.0455 2856 [ 0DAB2D553BE272359BCCE55C3449937E ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:05:43.0564 2856 igfx - ok
17:05:43.0595 2856 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:05:43.0595 2856 iirsp - ok
17:05:43.0642 2856 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
17:05:43.0658 2856 IKEEXT - ok
17:05:43.0689 2856 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:05:43.0689 2856 Impcd - ok
17:05:43.0751 2856 [ 987A2CC8EC0E86CAA2D8068B1ED7B441 ] InstallFilterService C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
17:05:43.0751 2856 InstallFilterService - ok
17:05:43.0783 2856 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:05:43.0798 2856 IntcDAud - ok
17:05:43.0829 2856 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:05:43.0829 2856 intelide - ok
17:05:43.0861 2856 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:05:43.0861 2856 intelppm - ok
17:05:43.0876 2856 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:05:43.0876 2856 IPBusEnum - ok
17:05:43.0892 2856 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:05:43.0892 2856 IpFilterDriver - ok
17:05:43.0923 2856 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:05:43.0939 2856 iphlpsvc - ok
17:05:43.0954 2856 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:05:43.0954 2856 IPMIDRV - ok
17:05:43.0970 2856 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:05:43.0970 2856 IPNAT - ok
17:05:44.0048 2856 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:05:44.0063 2856 iPod Service - ok
17:05:44.0095 2856 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:05:44.0095 2856 IRENUM - ok
17:05:44.0110 2856 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:05:44.0110 2856 isapnp - ok
17:05:44.0157 2856 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:05:44.0157 2856 iScsiPrt - ok
17:05:44.0188 2856 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:05:44.0188 2856 kbdclass - ok
17:05:44.0204 2856 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:05:44.0204 2856 kbdhid - ok
17:05:44.0219 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
17:05:44.0219 2856 KeyIso - ok
17:05:44.0266 2856 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:05:44.0266 2856 KSecDD - ok
17:05:44.0297 2856 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:05:44.0297 2856 KSecPkg - ok
17:05:44.0329 2856 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:05:44.0344 2856 KtmRm - ok
17:05:44.0407 2856 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\System32\srvsvc.dll
17:05:44.0407 2856 LanmanServer - ok
17:05:44.0438 2856 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:05:44.0454 2856 LanmanWorkstation - ok
17:05:44.0547 2856 [ 0F98B9384C37C8C29904B8AE4359A54F ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
17:05:44.0563 2856 LBTServ - ok
17:05:44.0610 2856 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
17:05:44.0610 2856 LHidFilt - ok
17:05:44.0641 2856 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:05:44.0641 2856 lltdio - ok
17:05:44.0688 2856 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:05:44.0688 2856 lltdsvc - ok
17:05:44.0703 2856 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:05:44.0703 2856 lmhosts - ok
17:05:44.0797 2856 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
17:05:44.0812 2856 LMIGuardianSvc - ok
17:05:44.0844 2856 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
17:05:44.0844 2856 LMIInfo - ok
17:05:44.0859 2856 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
17:05:44.0859 2856 LMIMaint - ok
17:05:44.0875 2856 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
17:05:44.0875 2856 lmimirr - ok
17:05:44.0890 2856 LMIRfsClientNP - ok
17:05:44.0906 2856 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
17:05:44.0906 2856 LMIRfsDriver - ok
17:05:44.0922 2856 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
17:05:44.0922 2856 LMouFilt - ok
17:05:44.0984 2856 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
17:05:44.0984 2856 LogMeIn - ok
17:05:45.0015 2856 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:05:45.0015 2856 LSI_FC - ok
17:05:45.0031 2856 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:05:45.0031 2856 LSI_SAS - ok
17:05:45.0046 2856 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:05:45.0046 2856 LSI_SAS2 - ok
17:05:45.0046 2856 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:05:45.0062 2856 LSI_SCSI - ok
17:05:45.0062 2856 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:05:45.0078 2856 luafv - ok
17:05:45.0140 2856 [ 4F2D526298CBC517EDB82501E8041112 ] McAfee SiteAdvisor Enterprise Service C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
17:05:45.0156 2856 McAfee SiteAdvisor Enterprise Service - ok
17:05:45.0218 2856 [ 1FF8A14225454A423F5AB81D06661B86 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
17:05:45.0234 2856 McShield - ok
17:05:45.0265 2856 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:05:45.0265 2856 Mcx2Svc - ok
17:05:45.0280 2856 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:05:45.0296 2856 megasas - ok
17:05:45.0343 2856 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:05:45.0343 2856 MegaSR - ok
17:05:45.0358 2856 [ 43C31BDF404A6D7A7AC1BFD5EAD2A566 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
17:05:45.0358 2856 mfeapfk - ok
17:05:45.0390 2856 [ C1DC5F42D3367F33B6451BE78B38BD46 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
17:05:45.0390 2856 mfeavfk - ok
17:05:45.0405 2856 mfeavfk01 - ok
17:05:45.0421 2856 [ 0435C43F4C2BE01B84868AD2A906397B ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
17:05:45.0421 2856 mfebopk - ok
17:05:45.0452 2856 [ D1E998748BA24A731106611D535C6BBF ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
17:05:45.0468 2856 mfehidk - ok
17:05:45.0499 2856 [ AC04A618AEF3DE0FCE91C766F9E069DA ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
17:05:45.0499 2856 mfenlfk - ok
17:05:45.0514 2856 [ F454A13377F0A006D20A8C14A753C432 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
17:05:45.0514 2856 mferkdet - ok
17:05:45.0546 2856 [ A3184075F30EA2D9B815FB24DF68DAE2 ] mfevtp C:\Windows\system32\mfevtps.exe
17:05:45.0546 2856 mfevtp - ok
17:05:45.0561 2856 [ F284337AEDB7483DF8A5FA840647E2B0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
17:05:45.0577 2856 mfewfpk - ok
17:05:45.0608 2856 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:05:45.0608 2856 MMCSS - ok
17:05:45.0624 2856 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:05:45.0624 2856 Modem - ok
17:05:45.0655 2856 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:05:45.0655 2856 monitor - ok
17:05:45.0717 2856 [ 54FEE02961C70FD9D4D7E2F87AFA23FA ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
17:05:45.0717 2856 motmodem - ok
17:05:45.0748 2856 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:05:45.0748 2856 mouclass - ok
17:05:45.0764 2856 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:05:45.0764 2856 mouhid - ok
17:05:45.0795 2856 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:05:45.0795 2856 mountmgr - ok
17:05:45.0873 2856 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:05:45.0873 2856 MozillaMaintenance - ok
17:05:45.0889 2856 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:05:45.0889 2856 mpio - ok
17:05:45.0904 2856 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:05:45.0904 2856 mpsdrv - ok
17:05:45.0920 2856 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:05:45.0920 2856 MRxDAV - ok
17:05:45.0951 2856 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:05:45.0967 2856 mrxsmb - ok
17:05:46.0014 2856 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:05:46.0014 2856 mrxsmb10 - ok
17:05:46.0029 2856 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:05:46.0029 2856 mrxsmb20 - ok
17:05:46.0060 2856 [ CB5D37E91135B0F15CEE64D1F1BA5DE5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:05:46.0060 2856 msahci - ok
17:05:46.0076 2856 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:05:46.0092 2856 msdsm - ok
17:05:46.0123 2856 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:05:46.0138 2856 MSDTC - ok
17:05:46.0216 2856 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:05:46.0216 2856 Msfs - ok
17:05:46.0232 2856 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:05:46.0232 2856 mshidkmdf - ok
17:05:46.0248 2856 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:05:46.0248 2856 msisadrv - ok
17:05:46.0310 2856 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:05:46.0310 2856 MSiSCSI - ok
17:05:46.0326 2856 msiserver - ok
17:05:46.0372 2856 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:05:46.0388 2856 MSKSSRV - ok
17:05:46.0404 2856 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:05:46.0404 2856 MSPCLOCK - ok
17:05:46.0404 2856 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:05:46.0419 2856 MSPQM - ok
17:05:46.0435 2856 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:05:46.0435 2856 MsRPC - ok
17:05:46.0450 2856 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:05:46.0450 2856 mssmbios - ok
17:05:46.0497 2856 MSSQL$TOCTTARGPPC05 - ok
17:05:46.0560 2856 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
17:05:46.0575 2856 MSSQLServerADHelper - ok
17:05:46.0591 2856 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:05:46.0591 2856 MSTEE - ok
17:05:46.0606 2856 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:05:46.0606 2856 MTConfig - ok
17:05:46.0622 2856 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:05:46.0622 2856 Mup - ok
17:05:46.0716 2856 [ 011053C6A37B28A9E3C38AB826465DB3 ] myAgtSvc C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
17:05:46.0731 2856 myAgtSvc - ok
17:05:47.0652 2856 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
17:05:47.0652 2856 napagent - ok
17:05:47.0699 2856 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:05:47.0699 2856 NativeWifiP - ok
17:05:47.0714 2856 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:05:47.0730 2856 NDIS - ok
17:05:47.0745 2856 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:05:47.0745 2856 NdisCap - ok
17:05:47.0761 2856 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:05:47.0777 2856 NdisTapi - ok
17:05:47.0792 2856 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:05:47.0792 2856 Ndisuio - ok
17:05:47.0823 2856 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:05:47.0823 2856 NdisWan - ok
17:05:47.0839 2856 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:05:47.0839 2856 NDProxy - ok
17:05:47.0839 2856 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:05:47.0855 2856 NetBIOS - ok
17:05:47.0870 2856 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:05:47.0870 2856 NetBT - ok
17:05:47.0886 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
17:05:47.0886 2856 Netlogon - ok
17:05:47.0933 2856 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:05:47.0948 2856 Netman - ok
17:05:47.0979 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:05:47.0979 2856 NetMsmqActivator - ok
17:05:48.0011 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:05:48.0011 2856 NetPipeActivator - ok
17:05:48.0042 2856 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:05:48.0042 2856 netprofm - ok
17:05:48.0057 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:05:48.0057 2856 NetTcpActivator - ok
17:05:48.0073 2856 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:05:48.0073 2856 NetTcpPortSharing - ok
17:05:48.0089 2856 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:05:48.0089 2856 nfrd960 - ok
17:05:48.0104 2856 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
17:05:48.0120 2856 NlaSvc - ok
17:05:48.0151 2856 [ 00602D89A2564414E6F81DB0F2E24685 ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
17:05:48.0167 2856 nlsX86cc - ok
17:05:48.0182 2856 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:05:48.0182 2856 Npfs - ok
17:05:48.0213 2856 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:05:48.0213 2856 nsi - ok
17:05:48.0229 2856 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:05:48.0229 2856 nsiproxy - ok
17:05:48.0291 2856 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:05:48.0307 2856 Ntfs - ok
17:05:48.0338 2856 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:05:48.0338 2856 Null - ok
17:05:48.0354 2856 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:05:48.0369 2856 nvraid - ok
17:05:48.0401 2856 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:05:48.0401 2856 nvstor - ok
17:05:48.0432 2856 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:05:48.0432 2856 nv_agp - ok
17:05:48.0463 2856 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:05:48.0463 2856 ohci1394 - ok
17:05:48.0510 2856 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:05:48.0510 2856 ose - ok
17:05:48.0666 2856 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:05:48.0744 2856 osppsvc - ok
17:05:48.0791 2856 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:05:48.0791 2856 p2pimsvc - ok
17:05:48.0837 2856 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:05:48.0837 2856 p2psvc - ok
17:05:48.0869 2856 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:05:48.0884 2856 Parport - ok
17:05:48.0915 2856 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:05:48.0931 2856 partmgr - ok
17:05:48.0947 2856 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:05:48.0947 2856 Parvdm - ok
17:05:48.0978 2856 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
17:05:48.0978 2856 PBADRV - ok
17:05:48.0993 2856 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:05:49.0009 2856 PcaSvc - ok
17:05:49.0040 2856 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
17:05:49.0056 2856 pci - ok
17:05:49.0087 2856 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:05:49.0087 2856 pciide - ok
17:05:49.0118 2856 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:05:49.0118 2856 pcmcia - ok
17:05:49.0149 2856 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:05:49.0149 2856 pcw - ok
17:05:49.0181 2856 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:05:49.0196 2856 PEAUTH - ok
17:05:49.0243 2856 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:05:49.0274 2856 PeerDistSvc - ok
17:05:49.0321 2856 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
17:05:49.0337 2856 pla - ok
17:05:49.0383 2856 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:05:49.0399 2856 PlugPlay - ok
17:05:49.0430 2856 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:05:49.0430 2856 PNRPAutoReg - ok
17:05:49.0461 2856 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:05:49.0461 2856 PNRPsvc - ok
17:05:49.0508 2856 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
17:05:49.0508 2856 Point32 - ok
17:05:49.0555 2856 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:05:49.0571 2856 PolicyAgent - ok
17:05:49.0617 2856 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
17:05:49.0617 2856 Power - ok
17:05:49.0649 2856 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:05:49.0649 2856 PptpMiniport - ok
17:05:49.0680 2856 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:05:49.0680 2856 Processor - ok
17:05:49.0711 2856 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\Windows\system32\profsvc.dll
17:05:49.0727 2856 ProfSvc - ok
17:05:49.0742 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:05:49.0742 2856 ProtectedStorage - ok
17:05:49.0758 2856 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:05:49.0773 2856 Psched - ok
17:05:49.0820 2856 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:05:49.0836 2856 ql2300 - ok
17:05:49.0851 2856 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:05:49.0851 2856 ql40xx - ok
17:05:49.0883 2856 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:05:49.0898 2856 QWAVE - ok
17:05:49.0914 2856 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:05:49.0914 2856 QWAVEdrv - ok
17:05:49.0929 2856 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:05:49.0929 2856 RasAcd - ok
17:05:49.0961 2856 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:05:49.0961 2856 RasAgileVpn - ok
17:05:49.0992 2856 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:05:49.0992 2856 RasAuto - ok
17:05:50.0007 2856 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:05:50.0007 2856 Rasl2tp - ok
17:05:50.0039 2856 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
17:05:50.0039 2856 RasMan - ok
17:05:50.0054 2856 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:05:50.0054 2856 RasPppoe - ok
17:05:50.0070 2856 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:05:50.0070 2856 RasSstp - ok
17:05:50.0085 2856 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:05:50.0101 2856 rdbss - ok
17:05:50.0101 2856 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:05:50.0117 2856 rdpbus - ok
17:05:50.0117 2856 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:05:50.0117 2856 RDPCDD - ok
17:05:50.0163 2856 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:05:50.0163 2856 RDPDR - ok
17:05:50.0179 2856 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:05:50.0179 2856 RDPENCDD - ok
17:05:50.0195 2856 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:05:50.0195 2856 RDPREFMP - ok
17:05:50.0226 2856 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:05:50.0241 2856 RDPWD - ok
17:05:50.0257 2856 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:05:50.0257 2856 rdyboost - ok
17:05:50.0288 2856 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:05:50.0288 2856 RemoteAccess - ok
17:05:50.0304 2856 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:05:50.0319 2856 RemoteRegistry - ok
17:05:50.0351 2856 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:05:50.0366 2856 RFCOMM - ok
17:05:50.0397 2856 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
17:05:50.0397 2856 rimspci - ok
17:05:50.0413 2856 [ 5312F15DBEB47D906DCA2E334DC4C97D ] risdpcie C:\Windows\system32\DRIVERS\risdpe86.sys
17:05:50.0413 2856 risdpcie - ok
17:05:50.0444 2856 [ CF2DE2365FD99E5B8E38C9F3467DCDB8 ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe86.sys
17:05:50.0460 2856 rixdpcie - ok
17:05:50.0491 2856 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:05:50.0491 2856 RpcEptMapper - ok
17:05:50.0538 2856 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:05:50.0538 2856 RpcLocator - ok
17:05:50.0553 2856 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
17:05:50.0569 2856 RpcSs - ok
17:05:50.0616 2856 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:05:50.0616 2856 rspndr - ok
17:05:50.0647 2856 [ 011053C6A37B28A9E3C38AB826465DB3 ] RumorServer C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
17:05:50.0647 2856 RumorServer - ok
17:05:50.0678 2856 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:05:50.0694 2856 s3cap - ok
17:05:50.0710 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
17:05:50.0710 2856 SamSs - ok
17:05:50.0788 2856 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:05:50.0788 2856 SASDIFSV - ok
17:05:50.0819 2856 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:05:50.0819 2856 SASKUTIL - ok
17:05:50.0850 2856 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:05:50.0850 2856 sbp2port - ok
17:05:50.0866 2856 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:05:50.0881 2856 SCardSvr - ok
17:05:50.0897 2856 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:05:50.0897 2856 scfilter - ok
17:05:50.0944 2856 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
17:05:50.0959 2856 Schedule - ok
17:05:50.0990 2856 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:05:50.0990 2856 SCPolicySvc - ok
17:05:51.0037 2856 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:05:51.0037 2856 SDRSVC - ok
17:05:51.0068 2856 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:05:51.0068 2856 secdrv - ok
17:05:51.0084 2856 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:05:51.0084 2856 seclogon - ok
17:05:51.0193 2856 [ E396FBC469DF73692318DC90AD13CE86 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
17:05:51.0209 2856 SecureStorageService - ok
17:05:51.0240 2856 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:05:51.0240 2856 SENS - ok
17:05:51.0271 2856 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:05:51.0287 2856 SensrSvc - ok
17:05:51.0318 2856 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:05:51.0318 2856 Serenum - ok
17:05:51.0334 2856 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:05:51.0334 2856 Serial - ok
17:05:51.0349 2856 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:05:51.0349 2856 sermouse - ok
17:05:51.0380 2856 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
17:05:51.0380 2856 SessionEnv - ok
17:05:51.0396 2856 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:05:51.0396 2856 sffdisk - ok
17:05:51.0396 2856 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:05:51.0396 2856 sffp_mmc - ok
17:05:51.0412 2856 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:05:51.0412 2856 sffp_sd - ok
17:05:51.0443 2856 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:05:51.0443 2856 sfloppy - ok
17:05:51.0474 2856 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:05:51.0490 2856 ShellHWDetection - ok
17:05:51.0505 2856 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
17:05:51.0505 2856 sisagp - ok
17:05:51.0521 2856 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:05:51.0521 2856 SiSRaid2 - ok
17:05:51.0552 2856 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:05:51.0552 2856 SiSRaid4 - ok
17:05:51.0568 2856 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:05:51.0568 2856 Smb - ok
17:05:51.0614 2856 [ 85BADA660D57BC5AEF52B11CABD6D8F9 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
17:05:51.0630 2856 snapman - ok
17:05:51.0661 2856 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:05:51.0661 2856 SNMPTRAP - ok
17:05:51.0661 2856 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:05:51.0661 2856 spldr - ok
17:05:51.0708 2856 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\Windows\System32\spoolsv.exe
17:05:51.0708 2856 Spooler - ok
17:05:51.0786 2856 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
17:05:51.0817 2856 sppsvc - ok
17:05:51.0833 2856 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:05:51.0833 2856 sppuinotify - ok
17:05:51.0895 2856 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
17:05:51.0895 2856 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
17:05:51.0895 2856 sptd ( LockedFile.Multi.Generic ) - warning
17:05:51.0895 2856 sptd - detected LockedFile.Multi.Generic (1)
17:05:51.0926 2856 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:05:51.0926 2856 SQLBrowser - ok
17:05:51.0973 2856 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:05:51.0973 2856 SQLWriter - ok
17:05:52.0020 2856 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:05:52.0020 2856 srv - ok
17:05:52.0051 2856 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:05:52.0051 2856 srv2 - ok
17:05:52.0082 2856 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:05:52.0082 2856 srvnet - ok
17:05:52.0114 2856 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:05:52.0114 2856 SSDPSRV - ok
17:05:52.0129 2856 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:05:52.0129 2856 SstpSvc - ok
17:05:52.0176 2856 [ 7FFB500CDE13B0706F8AA109961AF22D ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
17:05:52.0176 2856 STacSV - ok
17:05:52.0207 2856 [ A5B83C8050572622E5C43B5B3326A129 ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
17:05:52.0223 2856 stdflt - ok
17:05:52.0238 2856 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:05:52.0238 2856 stexstor - ok
17:05:52.0301 2856 [ 698E186AC2DF982B2D26428428155DE1 ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
17:05:52.0301 2856 STHDA - ok
17:05:52.0332 2856 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
17:05:52.0332 2856 StiSvc - ok
17:05:52.0363 2856 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:05:52.0363 2856 storflt - ok
17:05:52.0394 2856 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:05:52.0410 2856 StorSvc - ok
17:05:52.0426 2856 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:05:52.0426 2856 storvsc - ok
17:05:52.0441 2856 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:05:52.0441 2856 swenum - ok
17:05:52.0457 2856 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:05:52.0457 2856 swprv - ok
17:05:52.0488 2856 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
17:05:52.0504 2856 SysMain - ok
17:05:52.0535 2856 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:05:52.0535 2856 TabletInputService - ok
17:05:52.0550 2856 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
17:05:52.0566 2856 TapiSrv - ok
17:05:52.0582 2856 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:05:52.0582 2856 TBS - ok
17:05:52.0644 2856 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:05:52.0660 2856 Tcpip - ok
17:05:52.0691 2856 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:05:52.0691 2856 TCPIP6 - ok
17:05:52.0706 2856 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:05:52.0722 2856 tcpipreg - ok
17:05:52.0784 2856 [ 69F1A38A6DBFE682491CB61A596662E3 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
17:05:52.0800 2856 tcsd_win32.exe - ok
17:05:52.0862 2856 [ A405D39F4DD131954C39114FBA31A5E0 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
17:05:52.0894 2856 TdmService - ok
17:05:52.0909 2856 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:05:52.0909 2856 TDPIPE - ok
17:05:52.0940 2856 [ 431801FCC97034E04A6EFF81136578D7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
17:05:52.0956 2856 tdrpman273 - ok
17:05:52.0987 2856 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:05:52.0987 2856 TDTCP - ok
17:05:53.0018 2856 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:05:53.0018 2856 tdx - ok
17:05:53.0034 2856 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:05:53.0034 2856 TermDD - ok
17:05:53.0081 2856 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
17:05:53.0082 2856 TermService - ok
17:05:53.0113 2856 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:05:53.0113 2856 Themes - ok
17:05:53.0113 2856 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:05:53.0129 2856 THREADORDER - ok
17:05:53.0160 2856 [ A34D7024BB7140EC785C86BC065D4F60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
17:05:53.0175 2856 timounter - ok
17:05:53.0191 2856 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:05:53.0191 2856 TrkWks - ok
17:05:53.0253 2856 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:05:53.0253 2856 TrustedInstaller - ok
17:05:53.0285 2856 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:05:53.0285 2856 tssecsrv - ok
17:05:53.0316 2856 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:05:53.0316 2856 tunnel - ok
17:05:53.0363 2856 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:05:53.0363 2856 uagp35 - ok
17:05:53.0394 2856 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:05:53.0409 2856 udfs - ok
17:05:53.0441 2856 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:05:53.0441 2856 UI0Detect - ok
17:05:53.0441 2856 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:05:53.0441 2856 uliagpkx - ok
17:05:53.0487 2856 [ 5A5BD0F66E84EB039CB227520D49908C ] UltraMonUtility C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
17:05:53.0487 2856 UltraMonUtility - ok
17:05:53.0534 2856 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:05:53.0534 2856 umbus - ok
17:05:53.0550 2856 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:05:53.0565 2856 UmPass - ok
17:05:53.0612 2856 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
17:05:53.0612 2856 UmRdpService - ok
17:05:53.0659 2856 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:05:53.0659 2856 upnphost - ok
17:05:53.0675 2856 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
17:05:53.0690 2856 USBAAPL - ok
17:05:53.0706 2856 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:05:53.0706 2856 usbccgp - ok
17:05:53.0737 2856 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:05:53.0737 2856 usbcir - ok
17:05:53.0768 2856 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:05:53.0768 2856 usbehci - ok
17:05:53.0800 2856 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:05:53.0800 2856 usbhub - ok
17:05:53.0831 2856 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:05:53.0846 2856 usbohci - ok
17:05:53.0862 2856 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:05:53.0862 2856 usbprint - ok
17:05:53.0893 2856 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:05:53.0909 2856 usbscan - ok
17:05:53.0940 2856 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:05:53.0940 2856 USBSTOR - ok
17:05:53.0987 2856 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:05:53.0987 2856 usbuhci - ok
17:05:54.0002 2856 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:05:54.0002 2856 UxSms - ok
17:05:54.0034 2856 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
17:05:54.0034 2856 VaultSvc - ok
17:05:54.0080 2856 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:05:54.0080 2856 vdrvroot - ok
17:05:54.0096 2856 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
17:05:54.0097 2856 vds - ok
17:05:54.0128 2856 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:05:54.0128 2856 vga - ok
17:05:54.0144 2856 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:05:54.0144 2856 VgaSave - ok
17:05:54.0159 2856 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:05:54.0175 2856 vhdmp - ok
17:05:54.0191 2856 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
17:05:54.0191 2856 viaagp - ok
17:05:54.0206 2856 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:05:54.0206 2856 ViaC7 - ok
17:05:54.0237 2856 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:05:54.0237 2856 viaide - ok
17:05:54.0269 2856 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:05:54.0269 2856 vmbus - ok
17:05:54.0300 2856 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:05:54.0300 2856 VMBusHID - ok
17:05:54.0315 2856 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:05:54.0315 2856 volmgr - ok
17:05:54.0331 2856 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:05:54.0331 2856 volmgrx - ok
17:05:54.0347 2856 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:05:54.0347 2856 volsnap - ok
17:05:54.0378 2856 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:05:54.0378 2856 vsmraid - ok
17:05:54.0440 2856 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
17:05:54.0456 2856 VSS - ok
17:05:54.0471 2856 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:05:54.0471 2856 vwifibus - ok
17:05:54.0503 2856 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:05:54.0503 2856 vwififlt - ok
17:05:54.0518 2856 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:05:54.0518 2856 W32Time - ok
17:05:54.0549 2856 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:05:54.0549 2856 WacomPen - ok
17:05:54.0581 2856 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:05:54.0581 2856 WANARP - ok
17:05:54.0596 2856 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:05:54.0596 2856 Wanarpv6 - ok
17:05:54.0659 2856 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:05:54.0674 2856 WatAdminSvc - ok
17:05:54.0705 2856 [ FBF43B275EFC98799E76D57E5437EDEE ] WavxDMgr C:\Windows\system32\DRIVERS\WavxDMgr.sys
17:05:54.0721 2856 WavxDMgr - ok
17:05:54.0768 2856 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
17:05:54.0783 2856 wbengine - ok
17:05:54.0799 2856 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:05:54.0815 2856 WbioSrvc - ok
17:05:54.0846 2856 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:05:54.0861 2856 wcncsvc - ok
17:05:54.0877 2856 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:05:54.0877 2856 WcsPlugInService - ok
17:05:54.0877 2856 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:05:54.0893 2856 Wd - ok
17:05:54.0893 2856 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:05:54.0908 2856 Wdf01000 - ok
17:05:54.0924 2856 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:05:54.0924 2856 WdiServiceHost - ok
17:05:54.0924 2856 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:05:54.0924 2856 WdiSystemHost - ok
17:05:54.0971 2856 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
17:05:54.0971 2856 WebClient - ok
17:05:54.0986 2856 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:05:55.0002 2856 Wecsvc - ok
17:05:55.0002 2856 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:05:55.0017 2856 wercplsupport - ok
17:05:55.0033 2856 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:05:55.0049 2856 WerSvc - ok
17:05:55.0064 2856 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:05:55.0064 2856 WfpLwf - ok
17:05:55.0064 2856 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:05:55.0064 2856 WIMMount - ok
17:05:55.0143 2856 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:05:55.0159 2856 WinDefend - ok
17:05:55.0174 2856 WinHttpAutoProxySvc - ok
17:05:55.0252 2856 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:05:55.0252 2856 Winmgmt - ok
17:05:55.0299 2856 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
17:05:55.0330 2856 WinRM - ok
17:05:55.0377 2856 [ B5BA3CC19D00F2EBA92F1CFBEBB5D650 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:05:55.0377 2856 WinUsb - ok
17:05:55.0424 2856 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:05:55.0440 2856 Wlansvc - ok
17:05:55.0502 2856 [ 7FFF34AE69DFB80F7B190ABA31E00610 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
17:05:55.0502 2856 wltrysvc - ok
17:05:55.0518 2856 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:05:55.0533 2856 WmiAcpi - ok
17:05:55.0549 2856 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:05:55.0549 2856 wmiApSrv - ok
17:05:55.0580 2856 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:05:55.0596 2856 WMPNetworkSvc - ok
17:05:55.0611 2856 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:05:55.0627 2856 WPCSvc - ok
17:05:55.0642 2856 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:05:55.0642 2856 WPDBusEnum - ok
17:05:55.0674 2856 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:05:55.0674 2856 ws2ifsl - ok
17:05:55.0736 2856 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\Windows\system32\wscsvc.dll
17:05:55.0736 2856 wscsvc - ok
17:05:55.0752 2856 WSearch - ok
17:05:55.0845 2856 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:05:55.0876 2856 wuauserv - ok
17:05:55.0908 2856 [ A52494B107AFC92DDCA21F0B64F83376 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:05:55.0908 2856 WudfPf - ok
17:05:55.0923 2856 [ 90A541C607DA0025AE75F0F3673945FE ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:05:55.0923 2856 WUDFRd - ok
17:05:55.0954 2856 [ F1FCB56102A8373ED86B6FF08FB17D67 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:05:55.0954 2856 wudfsvc - ok
17:05:55.0986 2856 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:05:55.0986 2856 WwanSvc - ok
17:05:56.0032 2856 ================ Scan global ===============================
17:05:56.0064 2856 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
17:05:56.0110 2856 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
17:05:56.0126 2856 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
17:05:56.0173 2856 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:05:56.0220 2856 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:05:56.0220 2856 [Global] - ok
17:05:56.0220 2856 ================ Scan MBR ==================================
17:05:56.0235 2856 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:05:56.0547 2856 \Device\Harddisk0\DR0 - ok
17:05:56.0547 2856 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:05:56.0969 2856 \Device\Harddisk1\DR1 - ok
17:05:56.0984 2856 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR2
17:05:57.0125 2856 \Device\Harddisk2\DR2 - ok
17:05:57.0125 2856 ================ Scan VBR ==================================
17:05:57.0140 2856 [ 09E7F6FE40CF2123DBCEF5DF2C20E2F4 ] \Device\Harddisk0\DR0\Partition1
17:05:57.0140 2856 \Device\Harddisk0\DR0\Partition1 - ok
17:05:57.0171 2856 [ CB734CCCC4110865CA57109E1DFC6240 ] \Device\Harddisk0\DR0\Partition2
17:05:57.0171 2856 \Device\Harddisk0\DR0\Partition2 - ok
17:05:57.0171 2856 [ 18BED9BACA55CDB80A4C873C954E674E ] \Device\Harddisk1\DR1\Partition1
17:05:57.0171 2856 \Device\Harddisk1\DR1\Partition1 - ok
17:05:57.0187 2856 [ 838FF6C6AE7E10F68D6B551A546545F5 ] \Device\Harddisk2\DR2\Partition1
17:05:57.0187 2856 \Device\Harddisk2\DR2\Partition1 - ok
17:05:57.0187 2856 ============================================================
17:05:57.0187 2856 Scan finished
17:05:57.0187 2856 ============================================================
17:05:57.0203 3536 Detected object count: 1
17:05:57.0203 3536 Actual detected object count: 1
17:06:13.0755 3536 sptd ( LockedFile.Multi.Generic ) - skipped by user
17:06:13.0755 3536 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Gotta run for a few hours; will post ESET log when I get back

#4 tfwise

tfwise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 31 August 2012 - 07:24 AM

ESET log:

C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-18\$d97871235ec6813319f565b03f944aa5\n.vir a variant of Win32/Kryptik.ALCF trojan
C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-1302265074-3003300910-2372004546-1141\$d97871235ec6813319f565b03f944aa5\n.vir a variant of Win32/Kryptik.ALCF trojan
Operating memory a variant of Win32/Sirefef.EZ trojan

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:24 PM

Posted 31 August 2012 - 08:09 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Post the new FSS log

download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

adware cleaner

Launch it click on Delete

post the generated log

Edited by narenxp, 31 August 2012 - 08:10 AM.


#6 tfwise

tfwise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 31 August 2012 - 08:38 AM

Farbar Service Scanner Version: 06-08-2012
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-11 13:56] - [2012-03-30 06:29] - 1287024 ____A (Microsoft Corporation) 55E9965552741F3850CB22CBBA9671ED

C:\Windows\system32\dnsrslvr.dll
[2011-04-13 17:00] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-08 19:36] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-13 21:00] - [2012-04-24 00:47] - 0139264 ____A (Microsoft Corporation) 520A108A2657F4BCA7FCED9CA7D885DE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



Rkill 2.3.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/31/2012 09:24:39 AM in x86 mode.
Windows Version: Windows 7 Professional

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* C:\Windows\csasvc.exe (PID: 2436) [WD-HEUR]
* C:\Windows\csifcsvc.exe (PID: 2480) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Background Intelligent Transfer Service (BITS) is not Running.
Startup Type set to: Manual

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* atapi => \SystemRoot\system32\DRIVERS\atapi.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 08/31/2012 09:25:57 AM
Execution time: 0 hours(s), 1 minute(s), and 17 seconds(s)



# AdwCleaner v2.000 - Logfile created 08/31/2012 at 09:32:35
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Professional (32 bits)
# User :
# Boot Mode : Normal
# Running from :
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\531hul0m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v16.0.912.77

File : C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1261 octets] - [31/08/2012 09:32:35]

########## EOF - C:\AdwCleaner[S2].txt - [1321 octets] ##########

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:24 PM

Posted 31 August 2012 - 08:44 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#8 tfwise

tfwise
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 31 August 2012 - 08:48 AM

I really appreciate your help. Thanks so much!

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:24 PM

Posted 31 August 2012 - 08:52 AM

You're most welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users