Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Previously unknown user NT Authority


  • Please log in to reply
9 replies to this topic

#1 snowyman

snowyman

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 16 September 2012 - 11:01 AM

A few days ago I started getting extra and extended activity on my hard drives. I used Process Explorer to see what processes were most active and they were Windows Search indexer and mscorsvw.exe. I was a little suspicious then the phone rang and an Asian voice claiming to be from WWW.Microsoft something or other informed me that I had malware on my computer and that he knew my personal Microsoft identity number. I told him as politely as I could to go inseminate himself.

A little later I noticed that processes that I am almost sure had previously been running under the User "System" were now running under the User's NT Authority\System.

When I run my computer in anything other than Safe Mode I get phone calls from people claiming to be from Internet or Microsoft associated security services. This is ver worrying and I have no idea how unsafe my computer is. I have run AVG, Malwarebytes and SAS searches in Safe Mode and nothing has revealed itself.

Any advice or help would be greatly appreciated, thank you in advance for your consideration.
Snowy

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:53 AM

Posted 16 September 2012 - 11:59 AM

Hello, is this WIN7?

These 2 processes are related and are not usually a malware,disabling is at your option.
Windows Search indexer
SearchIndexer.exe is the Windows service that handles indexing of your files for Windows Search, which fuels the file search engine built into Windows that powers everything from the Start Menu search box to Windows Explorer, and even the Libraries feature.
L@@K



mscorsvw.exe
Microsoft .NET Framework NGEN service. If you see this process running then it is precompiling .NET assemblies and will terminate itself when completed. L@@K
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 snowyman

snowyman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 16 September 2012 - 04:32 PM

Hello, is this WIN7?


Yes I am running Win7.

I had checked whether these were legitimate processes and guessed that after an update they could be busy doing something. However the phone call from the Asian guy spooked me, particularly the timing of it.

I then noticed in Process Explorer that processes that belonged to user "system" were now preceded by "NT Authority". Can you tell me if it is usual to have key system and System32 .DLLs and .EXEs belonging to the NT Authority and the System. Or is this the result of an update or is there a possibility that a remote user is logged on and masquerading as NT Authority.

There is mention on a file check website of the possibility of NT Authority being a virus/infected if it is located in System32 folder. Then there is this scary reply to a query about NT Authority on C|Net Forum.

I have been working with this for 25 days now. This seems to me to be very serious. Not quiet sure exactly how you get this. But from the files i have decrypted so far. Looks like it came from a quiz on face book "IQTest" it installs the Trojan arcbomb.ZIQ on your computer. It also is being spread by way of an email you receive from a friend telling you about a new dangerous virus.
any way i have the whole UN-encrypted script of the virus. it is set to disable your alerter service first. then it creates a new user. then petitions for user priveleges to be granted these authenticated user,.Power user..back-up operator and restricted user. then it creates new work groups then 7 new users like this S-1-5-34-"random big number" it then sets u up as a limited user with read only rights. disables the av engine, disables windows updates and it takes you to a new page stored in the systewm32 files that it created for you that it does updates for itself installed from a nt\authority remote desktop user. it enables the remote registry. and from there it has complete control. Now where the crazy part comes in. It installs a wrapper program that allows it to run multiple OS. I think this is done at 3am by remote desktop. it also installs acronis disk editor hidden and partitions your HD it creates an extended virtual part and installs Windows nt 5.1 server and Linux solaris. it also creates a 7.8 MB partition on your hd B: drive RAM-DISK and stores an encrypted hidden compressed file that has a clone and backup files to fix any problem you may cause. If you use the D.O.D 36 pass wipe it still there. You can watch the logs when you install new OS it puts files in where it needs them. when you start your new install up it will have full control again within 15 minutes. I have found different ways it stores this hidden file 1. it uses Bitlocker 2. it uses the EISA partition. This remote desktop i have traced to Madrid & Bombay and Germany. I can email a copy of the exe. notepad that has the exact setup of this what starts as a virus situation. It erases all tracks of the virus and all the installs so you wont know its there. Look at the Monkey virus & the Terror virus i think this is the same guy. you can scan ans scan but you wont find a virus it has them in encrypted zips. one is called Mirror. it releases it if you find start looking to hard for what is going on. you can use a Linux boot cd and run klamAv it will remove about 90-150 encrypted zips and the arcbomb.zIq...worm.Kido-182...adware.comet...exploit.js-7...Trojan.spy and so on it has all sorts that you download during your so called visit to m updates. the file it has for that is call microsoft updates\Hell in the windows system system32 folder. you can tell if you have it if you explore the c drive and find these new folders called "recycler" system volume that is access denied and look in you user files you have several hidden folder with all sorts of new users. If anybody know how to get ride of this hidden partition please let me know. I have 26 computer waiting to be repaired. each one of the computer owners say they have all sorts of fraud activity on there credit cards for world of war craft and small stuff like that online purchases.

NT Authority-Hell

Hi. I've been dealing with this for years, off and on. Nothing I've done has worked. I'm self taught as far as using a computer. Unfortunately, I'm not a very good teacher. The message from the guy before me cracks me up. Maybe he doesn't see the irony of his post.
NT manges to evade or actually control certain aspects of every anti-virus or malmare program I throw at it. I use Revo as an uninstaller. It's good. Programs that i tought were gone will sometimes show up in Ccleaners uninstall list or Spybots'. IObit 360s' (which first alerted me to the fact that Gateway was preloading trojan downloaders as junkware , tapping my computer through Word) Passive security is constantly being manipulated, dropping certain blocks or whole catagories. Now it's set up to appear that its doing the job it used to do. Spybots installs get quirky, like they're being blocked. Once you get them installed, their block lists are almost reversed, inviting those sites in. Aviras' safeguard against USB auto downloads gets turned off. The same is true as far as Aviras' warning about going on line as an administrater. Windows updates for XP3 are unnecessary for security according to Secunias CSI scan (I think Microsofts' been leaving their back doors open and switching when they see the wrong traffic coming through). Funny that you can download Microsofts' Security program online for free, yet it doesn't come prepacked in the initial system. The list goes on and on with endless permutations depending on what combination of software is involved. Mwanwhile, there's always some kind hearted guru telling the sheep the old "move along, move along. There's nothing to see..." routine.


Edited by snowyman, 16 September 2012 - 04:36 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:53 AM

Posted 16 September 2012 - 06:50 PM

OK, we'll check the system,as it may be a rootkit.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



>>>>>

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

>>>>>

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 snowyman

snowyman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 September 2012 - 03:13 AM

Thanks very much for your help with my issue issues Boopme. :)

Here is the MiniToolBox Result:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Snowy (administrator) on 17-09-2012 at 08:58:13
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15262 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DARKSTARll
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 00-26-18-9C-B3-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5a4:ff8b:3f18:b785%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17 September 2012 08:44:00
Lease Expires . . . . . . . . . . : 18 September 2012 08:44:00
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234890776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F2-13-82-00-26-18-9C-B3-B3
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {039132CB-3006-4C9B-B94D-AA5C1F59D7D4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 2a00:1450:4009:809::1006
173.194.41.168
173.194.41.167
173.194.41.162
173.194.41.166
173.194.41.174
173.194.41.163
173.194.41.160
173.194.41.164
173.194.41.169
173.194.41.161
173.194.41.165


Pinging google.com [173.194.41.165] with 32 bytes of data:
Reply from 173.194.41.165: bytes=32 time=25ms TTL=52
Reply from 173.194.41.165: bytes=32 time=25ms TTL=52

Ping statistics for 173.194.41.165:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms
Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=715ms TTL=45
Reply from 72.30.38.140: bytes=32 time=789ms TTL=44

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 715ms, Maximum = 789ms, Average = 752ms
Server: BThomehub.home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...00 26 18 9c b3 b3 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.64 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.64 276
192.168.1.64 255.255.255.255 On-link 192.168.1.64 276
192.168.1.255 255.255.255.255 On-link 192.168.1.64 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.64 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.64 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::5a4:ff8b:3f18:b785/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/13/2012 09:51:04 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/13/2012 09:51:04 AM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=3600}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (09/13/2012 09:31:29 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (09/13/2012 09:31:29 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2012 09:30:53 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (09/13/2012 09:30:53 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2012 09:30:29 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (09/13/2012 09:30:29 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (09/13/2012 09:30:10 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (09/13/2012 09:30:10 AM) (Source: ESENT) (User: )
Description: Windows (4024) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (09/17/2012 08:58:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:58:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:58:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:53:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:53:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:53:15 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:51:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:51:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:51:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/17/2012 08:46:09 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (09/13/2012 09:51:04 AM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (09/13/2012 09:51:04 AM) (Source: Windows Search Service)(User: )
Description: Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)
3600

Error: (09/13/2012 09:31:29 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (09/13/2012 09:31:29 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2012 09:30:53 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (09/13/2012 09:30:53 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2012 09:30:29 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (09/13/2012 09:30:29 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (09/13/2012 09:30:10 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032

Error: (09/13/2012 09:30:10 AM) (Source: ESENT)(User: )
Description: Windows4024Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


=========================== Installed Programs ============================

"Nero SoundTrax Help (Version: 4.4.32.0)
3DMark 11 (Version: 1.0.0)
3DMark Vantage (Version: 1.0.3.1)
3DMark06 (Version: 1.2.0)
7-Zip 4.42 (Version: 4.42.00.0)
Adobe AIR (Version: 3.2.0.2070)
Adobe Community Help (Version: 3.5.23)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Advertising Center (Version: 0.0.0.2)
AI Suite (Version: 1.05.18)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Fuel (Version: 2011.0126.1749.31909)
AMD GPU Clock Tool (Version: 0.9.26.0)
AMD OverDrive (Version: 3.1.0.0342)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
ASUS Xonar DX Audio Driver
ASUSUpdate
ATI Catalyst Install Manager (Version: 3.0.812.0)
ATI Catalyst Registration (Version: 3.00.0000)
ATI Stream SDK v2 Developer (Version: 2.2.0.0)
Audacity 1.2.6
Audacity 1.3.11 (Unicode)
Autodesk Softimage Mod Tool 7.5 (Version: 1.00.0000)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2221)
Blender (remove only)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.0.1)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Internet Library for ZoomBrowser EX (Version: 1.7.0.1)
Canon MOV Decoder (Version: 1.7.0.6)
Canon MOV Encoder (Version: 1.5.0.3)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.6.0.5)
Canon RAW Codec (Version: 1.9.0.73)
Canon ScanGear Starter
Canon Utilities Digital Photo Professional 3.9 (Version: 3.9.1.0)
Canon Utilities EOS Utility (Version: 2.9.0.0)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities Picture Style Editor (Version: 1.8.0.0)
Canon Utilities WFT Utility (Version: 3.5.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.6.0.23)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.4.0.4)
CanoScan Toolbox Ver4.9
Carrara 7 (Version: 7.2.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2011.0126.1749.31909)
Catalyst Control Center InstallProxy (Version: 2011.0126.1749.31909)
ccc-core-static (Version: 2011.0126.1749.31909)
ccc-utility64 (Version: 2011.0126.1749.31909)
CCC Help English (Version: 2011.0126.1748.31909)
Cool & Quiet
CPUID CPU-Z 1.53.1
CTDP Formula One 2005 v1.2 (Version: V1.2)
CTDP Formula One 2006 V1.0 (Version: 0.95)
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite (Version: 6.0.2806)
CyberLink LabelPrint (Version: 2.5.1916)
CyberLink MediaShow (Version: 4.1.3102)
CyberLink Power2Go (Version: 6.1.3224)
CyberLink PowerDVD 8 (Version: 8.0.3228f)
CyberLink PowerProducer (Version: 5.0.1.1520)
CyberLink YouCam (Version: 1.0.2609)
D3DX10 (Version: 15.4.2368.0902)
DDS Thumbnail Viewer (Version: 1.00.000)
DivX Setup (Version: 1.0.1.5)
DolbyFiles (Version: 2.0)
Endurance Series by EnduRacers - Service Pack 1
eReg (Version: 1.20.138.34)
Euro Truck Simulator
Explorer Suite III
F1 1992 MOD LE V1.0
F1 2011 (Version: 1.0.0000.129)
F1 2011 (Version: 1.0.0001.129)
F1 2011 (Version: 1.0.0002.129)
FaceTrackingAPI_NC 3.2 (Version: 3.2.0)
FaceTrackNoIR (Version: 1.3.0)
Far Cry 2 (Version: 1.03.00)
Ferrari Virtual Academy version 1.3 (Version: 1.3)
FLV Player (Version: 1.33T)
Fraps (remove only)
FreeTrack v2.2.0.279
Futuremark SystemInfo (Version: 3.53.1.1)
GIMP 2.6.8
GoToAssist Corporate (Version: 9.0.570)
GT Legends 1.0.0.0 (Version: v1.0.0.0)
GTR Evolution
ImagXpress (Version: 7.0.74.0)
Intel® IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 (Version: 5.3.4.087)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java™ 6 Update 31 (64-bit) (Version: 6.0.310)
Java™ 6 Update 31 (Version: 6.0.310)
LAME v3.98.2 for Audacity
Leo's FFB Tuner (Version: 1.0)
LightScribe System Software (Version: 1.18.18.1)
Logitech Gaming Software 5.08 (Version: 5.08.146)
Logitech SetPoint 6.30 (Version: 6.30.43)
Macrium Reflect - Free Edition (Version: 4.2.2525)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Manual CanoScan LiDE 60
Mazda Furai 2008
Media Player Classic - Home Cinema v. 1.3.1249.0
Menu Templates - Pack 1 (Version: 9.4.6.0)
Menu Templates - Pack 2 (Version: 9.4.6.0)
Menu Templates - Pack 3 (Version: 9.4.6.0)
Menu Templates - Starter Kit (Version: 9.6.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Morphyre
MoTeC i2 Pro (Version: 1.10.0035)
Movie Templates - Pack 1 (Version: 9.4.6.0)
Movie Templates - Starter Kit (Version: 9.6.0.0)
Mozilla Firefox 15.0.1 (x86 en-GB) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Need for Speed™ SHIFT (Version: 1.0.0.0)
Nero 7 Essentials (Version: 7.03.1303)
Nero 9
Nero Burning ROM Help (Version: 9.4.17.100)
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.23.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero Disc Copy Gadget (Version: 2.4.43.0)
Nero Disc Copy Gadget Help (Version: 2.4.22.0)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.17.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Live (Version: 1.4.48.0)
Nero Live Help (Version: 1.4.48.0)
Nero PhotoSnap (Version: 2.4.29.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 4.4.40.0)
Nero Recode Help (Version: 4.4.31.0)
Nero Rescue Agent (Version: 2.4.14.100)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero ShowTime (Version: 5.4.0.100)
Nero ShowTime (Version: 5.4.27.100)
Nero StartSmart (Version: 9.4.40.100)
Nero StartSmart Help (Version: 9.4.12.100)
Nero Vision (Version: 6.4.19.100)
Nero Vision Help (Version: 6.4.8.100)
Nero WaveEditor (Version: 5.4.39.0)
NeroBurningROM (Version: 1.0.0.0)
NeroExpress (Version: 1.0.0.0)
NeroLiveGadget (Version: 1.2.16.100)
NeroLiveGadget Help (Version: 1.2.16.100)
neroxml (Version: 1.0.0)
netKar PRO 1.1
Next Generation Visualisations (Version: 1.0.0)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Photoshop Plug-ins (Version: 1.00.000)
NVIDIA PhysX (Version: 9.10.0513)
Opcion Font Viewer (Version: 1.1.1)
OpenAL
OpenOffice.org 3.3 (Version: 3.3.9567)
Paragon Backup & Recovery™ 10 PC Advisor Edition (Version: 90.00.0003)
PC Probe II (Version: 1.04.62)
PDF Settings CS5 (Version: 10.0)
PhotoTools 2.5 (Version: 2.5)
Platform (Version: 1.34)
PunkBuster Services (Version: 0.986)
Python 2.6.1 (64-bit) (Version: 2.6.1150)
Python 2.7.1 (Version: 2.7.1150)
QuickTime (Version: 7.71.80.42)
RaceRoom The Game
Rapture3D 2.4.9 Game
RedShift 5 (Version: 5.0.0)
RegiStax 6
RegiStax 6.1.0.8 update
rFactor (remove only)
rFactor2
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
SiSoftware Sandra Lite 2010c (Version: 16.26.2010.1)
SoundTrax (Version: 4.4.39.0)
Spotify (Version: 0.3.23)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
The Lord of the Rings FREE Trial (Version: 1.00.0000)
Unigine Heaven Benchmark v2.0 (Version: 2.0)
Unigine Sanctuary Demo v2.3 (Version: 1.0)
Unigine Tropics Demo v1.3 (Version: 1.3)
Unity Web Player (Version: )
Unlocker 1.9.0-x64 (Version: 1.9.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VIA Platform Device Manager (Version: 1.34)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
WMV9/VC-1 Video Playback (Version: 1.00.0000)
WRC FIA World Rally Championship Demo (Version: 1.00.0000)
XviD MPEG-4 Video Codec
Zerene Stacker 1.04

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


========================= Memory info: ===================================

Percentage of memory in use: 15%
Total physical RAM: 4094.18 MB
Available physical RAM: 3475.4 MB
Total Pagefile: 10233.37 MB
Available Pagefile: 9615.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.16 MB

========================= Partitions: =====================================

2 Drive c: (DARKSTAR lll) (Fixed) (Total:87.88 GB) (Free:22.18 GB) NTFS
3 Drive d: (HITACHI 2) (Fixed) (Total:231.39 GB) (Free:25.69 GB) NTFS
4 Drive e: (SIMULATIONS) (Fixed) (Total:146.48 GB) (Free:18.81 GB) NTFS
5 Drive f: (Macro_75-84) (CDROM) (Total:22.49 GB) (Free:0 GB) UDF
6 Drive i: (DPPRO0312DVD) (CDROM) (Total:4.34 GB) (Free:0 GB) UDF

========================= Users: ========================================

User accounts for \\DARKSTARLL

Administrator Guest Snowy

========================= Minidump Files ==================================

No minidump file found


**** End of log ****



#6 snowyman

snowyman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 September 2012 - 03:46 AM

Here is the TDSS Log:

09:24:39.0420 0204 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:24:41.0541 0204 ============================================================
09:24:41.0541 0204 Current date / time: 2012/09/17 09:24:41.0541
09:24:41.0541 0204 SystemInfo:
09:24:41.0541 0204
09:24:41.0541 0204 OS Version: 6.1.7601 ServicePack: 1.0
09:24:41.0541 0204 Product type: Workstation
09:24:41.0541 0204 ComputerName: DARKSTARLL
09:24:41.0541 0204 UserName: Snowy
09:24:41.0541 0204 Windows directory: C:\Windows
09:24:41.0541 0204 System windows directory: C:\Windows
09:24:41.0541 0204 Running under WOW64
09:24:41.0541 0204 Processor architecture: Intel x64
09:24:41.0541 0204 Number of processors: 4
09:24:41.0541 0204 Page size: 0x1000
09:24:41.0541 0204 Boot type: Safe boot with network
09:24:41.0541 0204 ============================================================
09:24:42.0321 0204 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:24:42.0337 0204 ============================================================
09:24:42.0337 0204 \Device\Harddisk0\DR0:
09:24:42.0337 0204 MBR partitions:
09:24:42.0337 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x124F7B84
09:24:42.0337 0204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0xAFC4800
09:24:42.0337 0204 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1D4BD3C3, BlocksNum 0x1CEC787E
09:24:42.0337 0204 ============================================================
09:24:42.0368 0204 C: <-> \Device\Harddisk0\DR0\Partition2
09:24:42.0399 0204 D: <-> \Device\Harddisk0\DR0\Partition3
09:24:42.0431 0204 E: <-> \Device\Harddisk0\DR0\Partition1
09:24:42.0431 0204 ============================================================
09:24:42.0431 0204 Initialize success
09:24:42.0431 0204 ============================================================
09:24:46.0799 0900 ============================================================
09:24:46.0799 0900 Scan started
09:24:46.0799 0900 Mode: Manual;
09:24:46.0799 0900 ============================================================
09:24:47.0454 0900 ================ Scan system memory ========================
09:24:47.0454 0900 System memory - ok
09:24:47.0454 0900 ================ Scan services =============================
09:24:47.0548 0900 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:24:47.0548 0900 1394ohci - ok
09:24:47.0610 0900 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:24:47.0610 0900 ACPI - ok
09:24:47.0626 0900 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:24:47.0626 0900 AcpiPmi - ok
09:24:47.0735 0900 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:24:47.0735 0900 AdobeARMservice - ok
09:24:47.0782 0900 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:24:47.0797 0900 adp94xx - ok
09:24:47.0828 0900 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:24:47.0828 0900 adpahci - ok
09:24:47.0860 0900 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:24:47.0860 0900 adpu320 - ok
09:24:47.0891 0900 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:24:47.0891 0900 AeLookupSvc - ok
09:24:47.0938 0900 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:24:47.0938 0900 AFD - ok
09:24:47.0969 0900 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:24:47.0969 0900 agp440 - ok
09:24:47.0984 0900 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:24:47.0984 0900 ALG - ok
09:24:48.0016 0900 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:24:48.0016 0900 aliide - ok
09:24:48.0172 0900 ALSysIO - ok
09:24:48.0265 0900 [ 5EBA5E837D6635AEA999BAE47E186C6F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:24:48.0265 0900 AMD External Events Utility - ok
09:24:48.0328 0900 AMD FUEL Service - ok
09:24:48.0374 0900 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
09:24:48.0374 0900 AMD Reservation Manager - ok
09:24:48.0406 0900 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:24:48.0406 0900 amdide - ok
09:24:48.0437 0900 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
09:24:48.0437 0900 amdiox64 - ok
09:24:48.0452 0900 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:24:48.0452 0900 AmdK8 - ok
09:24:48.0640 0900 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:24:48.0796 0900 amdkmdag - ok
09:24:48.0842 0900 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:24:48.0842 0900 amdkmdap - ok
09:24:48.0874 0900 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:24:48.0874 0900 AmdPPM - ok
09:24:48.0905 0900 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:24:48.0905 0900 amdsata - ok
09:24:48.0936 0900 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:24:48.0936 0900 amdsbs - ok
09:24:48.0967 0900 [ DEDA72A4AB5416AD0A09FAECFA6056C2 ] AmdTools64 C:\Windows\system32\DRIVERS\AmdTools64.sys
09:24:48.0967 0900 AmdTools64 - ok
09:24:48.0983 0900 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:24:48.0983 0900 amdxata - ok
09:24:49.0030 0900 [ 89122A637C5C90B0F9F05FF3ABEA843A ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
09:24:49.0030 0900 AODService - ok
09:24:49.0076 0900 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:24:49.0076 0900 AppID - ok
09:24:49.0092 0900 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:24:49.0092 0900 AppIDSvc - ok
09:24:49.0139 0900 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:24:49.0154 0900 Appinfo - ok
09:24:49.0186 0900 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:24:49.0186 0900 arc - ok
09:24:49.0186 0900 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:24:49.0201 0900 arcsas - ok
09:24:49.0279 0900 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
09:24:49.0279 0900 AsIO - ok
09:24:49.0326 0900 [ EDABC3FA8F941D2047DA630E95E936C7 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
09:24:49.0326 0900 AsSysCtrlService - ok
09:24:49.0357 0900 astcc - ok
09:24:49.0388 0900 [ A4398A8914C32F18EC2AB562CBA3CAAF ] asusgsb C:\Windows\system32\drivers\asusgsb.sys
09:24:49.0388 0900 asusgsb - ok
09:24:49.0404 0900 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:24:49.0404 0900 AsyncMac - ok
09:24:49.0435 0900 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:24:49.0435 0900 atapi - ok
09:24:49.0482 0900 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:24:49.0482 0900 AtiHDAudioService - ok
09:24:49.0529 0900 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
09:24:49.0529 0900 AtiHdmiService - ok
09:24:49.0591 0900 atillk64 - ok
09:24:49.0654 0900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:24:49.0685 0900 AudioEndpointBuilder - ok
09:24:49.0763 0900 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:24:49.0778 0900 AudioSrv - ok
09:24:49.0903 0900 [ 080D4FE1435401A370F122614EA514CD ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
09:24:49.0934 0900 AVG Security Toolbar Service - ok
09:24:50.0059 0900 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:24:50.0106 0900 AVGIDSAgent - ok
09:24:50.0168 0900 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:24:50.0168 0900 AVGIDSDriver - ok
09:24:50.0215 0900 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
09:24:50.0215 0900 AVGIDSFilter - ok
09:24:50.0278 0900 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:24:50.0278 0900 AVGIDSHA - ok
09:24:50.0309 0900 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:24:50.0324 0900 Avgldx64 - ok
09:24:50.0371 0900 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:24:50.0371 0900 Avgmfx64 - ok
09:24:50.0418 0900 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:24:50.0434 0900 Avgrkx64 - ok
09:24:50.0449 0900 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:24:50.0449 0900 Avgtdia - ok
09:24:50.0512 0900 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
09:24:50.0512 0900 avgtp - ok
09:24:50.0543 0900 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:24:50.0558 0900 avgwd - ok
09:24:50.0605 0900 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:24:50.0605 0900 AxInstSV - ok
09:24:50.0636 0900 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:24:50.0636 0900 b06bdrv - ok
09:24:50.0668 0900 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:24:50.0668 0900 b57nd60a - ok
09:24:50.0699 0900 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:24:50.0699 0900 BDESVC - ok
09:24:50.0714 0900 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:24:50.0714 0900 Beep - ok
09:24:50.0777 0900 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:24:50.0777 0900 BFE - ok
09:24:50.0824 0900 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:24:50.0902 0900 BITS - ok
09:24:50.0933 0900 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:24:50.0933 0900 blbdrive - ok
09:24:50.0964 0900 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:24:50.0964 0900 bowser - ok
09:24:50.0995 0900 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:24:50.0995 0900 BrFiltLo - ok
09:24:50.0995 0900 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:24:50.0995 0900 BrFiltUp - ok
09:24:51.0042 0900 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
09:24:51.0042 0900 Browser - ok
09:24:51.0058 0900 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:24:51.0073 0900 Brserid - ok
09:24:51.0089 0900 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:24:51.0089 0900 BrSerWdm - ok
09:24:51.0089 0900 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:24:51.0089 0900 BrUsbMdm - ok
09:24:51.0089 0900 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:24:51.0089 0900 BrUsbSer - ok
09:24:51.0104 0900 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:24:51.0104 0900 BTHMODEM - ok
09:24:51.0136 0900 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:24:51.0136 0900 bthserv - ok
09:24:51.0151 0900 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:24:51.0151 0900 cdfs - ok
09:24:51.0198 0900 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:24:51.0198 0900 cdrom - ok
09:24:51.0229 0900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:24:51.0229 0900 CertPropSvc - ok
09:24:51.0260 0900 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:24:51.0260 0900 circlass - ok
09:24:51.0292 0900 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:24:51.0292 0900 CLFS - ok
09:24:51.0338 0900 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:51.0338 0900 clr_optimization_v2.0.50727_32 - ok
09:24:51.0370 0900 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:24:51.0370 0900 clr_optimization_v2.0.50727_64 - ok
09:24:51.0448 0900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:24:51.0479 0900 clr_optimization_v4.0.30319_32 - ok
09:24:51.0510 0900 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:24:51.0510 0900 clr_optimization_v4.0.30319_64 - ok
09:24:51.0557 0900 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:24:51.0557 0900 CmBatt - ok
09:24:51.0572 0900 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:24:51.0572 0900 cmdide - ok
09:24:51.0619 0900 [ ADDEC51C9ECC4C876E7B51E3B19B1B00 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
09:24:51.0635 0900 cmudaxp - ok
09:24:51.0682 0900 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:24:51.0682 0900 CNG - ok
09:24:51.0697 0900 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:24:51.0697 0900 Compbatt - ok
09:24:51.0728 0900 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:24:51.0728 0900 CompositeBus - ok
09:24:51.0744 0900 COMSysApp - ok
09:24:51.0853 0900 cpuz130 - ok
09:24:51.0931 0900 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:24:51.0931 0900 crcdisk - ok
09:24:51.0962 0900 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:24:51.0962 0900 CryptSvc - ok
09:24:52.0009 0900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:24:52.0009 0900 DcomLaunch - ok
09:24:52.0040 0900 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:24:52.0040 0900 defragsvc - ok
09:24:52.0072 0900 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:24:52.0072 0900 DfsC - ok
09:24:52.0118 0900 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:24:52.0118 0900 Dhcp - ok
09:24:52.0118 0900 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:24:52.0118 0900 discache - ok
09:24:52.0165 0900 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:24:52.0165 0900 Disk - ok
09:24:52.0196 0900 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:24:52.0196 0900 Dnscache - ok
09:24:52.0243 0900 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:24:52.0243 0900 dot3svc - ok
09:24:52.0274 0900 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:24:52.0290 0900 DPS - ok
09:24:52.0306 0900 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:24:52.0306 0900 drmkaud - ok
09:24:52.0368 0900 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:24:52.0368 0900 DXGKrnl - ok
09:24:52.0399 0900 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:24:52.0399 0900 EapHost - ok
09:24:52.0477 0900 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:24:52.0508 0900 ebdrv - ok
09:24:52.0540 0900 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:24:52.0540 0900 EFS - ok
09:24:52.0602 0900 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:24:52.0602 0900 ehRecvr - ok
09:24:52.0633 0900 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:24:52.0633 0900 ehSched - ok
09:24:52.0633 0900 EIO64 - ok
09:24:52.0664 0900 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:24:52.0664 0900 elxstor - ok
09:24:52.0727 0900 [ 12C061D9F9621BE916D58191872EC281 ] ENTECH64 C:\Windows\system32\DRIVERS\ENTECH64.sys
09:24:52.0727 0900 ENTECH64 - ok
09:24:52.0758 0900 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:24:52.0758 0900 ErrDev - ok
09:24:52.0789 0900 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:24:52.0789 0900 EventSystem - ok
09:24:52.0805 0900 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:24:52.0805 0900 exfat - ok
09:24:52.0820 0900 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:24:52.0820 0900 fastfat - ok
09:24:52.0867 0900 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:24:52.0883 0900 Fax - ok
09:24:52.0883 0900 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:24:52.0883 0900 fdc - ok
09:24:52.0898 0900 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:24:52.0898 0900 fdPHost - ok
09:24:52.0898 0900 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:24:52.0898 0900 FDResPub - ok
09:24:52.0914 0900 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:24:52.0914 0900 FileInfo - ok
09:24:52.0930 0900 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:24:52.0930 0900 Filetrace - ok
09:24:52.0930 0900 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:24:52.0930 0900 flpydisk - ok
09:24:52.0945 0900 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:24:52.0961 0900 FltMgr - ok
09:24:53.0008 0900 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:24:53.0023 0900 FontCache - ok
09:24:53.0086 0900 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:24:53.0086 0900 FontCache3.0.0.0 - ok
09:24:53.0101 0900 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:24:53.0101 0900 FsDepends - ok
09:24:53.0132 0900 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:24:53.0132 0900 Fs_Rec - ok
09:24:53.0257 0900 [ 0425D9F81E689038D9B505F5EA48A4C8 ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
09:24:53.0257 0900 Futuremark SystemInfo Service - ok
09:24:53.0304 0900 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:24:53.0304 0900 fvevol - ok
09:24:53.0320 0900 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:24:53.0320 0900 gagp30kx - ok
09:24:53.0366 0900 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:24:53.0366 0900 gpsvc - ok
09:24:53.0382 0900 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:24:53.0382 0900 hcw85cir - ok
09:24:53.0429 0900 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:24:53.0429 0900 HdAudAddService - ok
09:24:53.0460 0900 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:24:53.0460 0900 HDAudBus - ok
09:24:53.0460 0900 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:24:53.0460 0900 HidBatt - ok
09:24:53.0476 0900 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:24:53.0476 0900 HidBth - ok
09:24:53.0491 0900 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:24:53.0491 0900 HidIr - ok
09:24:53.0507 0900 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:24:53.0507 0900 hidserv - ok
09:24:53.0522 0900 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:24:53.0522 0900 HidUsb - ok
09:24:53.0554 0900 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:24:53.0554 0900 hkmsvc - ok
09:24:53.0585 0900 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:24:53.0585 0900 HomeGroupListener - ok
09:24:53.0616 0900 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:24:53.0616 0900 HomeGroupProvider - ok
09:24:53.0663 0900 [ 0ACC07121A08A02EFED9C017F14B7C1A ] hotcore3 C:\Windows\system32\DRIVERS\hotcore3.sys
09:24:53.0663 0900 hotcore3 - ok
09:24:53.0710 0900 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:24:53.0710 0900 HpSAMD - ok
09:24:53.0756 0900 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:24:53.0756 0900 HTTP - ok
09:24:53.0772 0900 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:24:53.0772 0900 hwpolicy - ok
09:24:53.0819 0900 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:24:53.0819 0900 i8042prt - ok
09:24:53.0850 0900 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:24:53.0866 0900 iaStorV - ok
09:24:53.0928 0900 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:24:53.0928 0900 IDriverT - ok
09:24:53.0990 0900 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:24:53.0990 0900 idsvc - ok
09:24:54.0022 0900 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:24:54.0022 0900 iirsp - ok
09:24:54.0068 0900 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:24:54.0068 0900 IKEEXT - ok
09:24:54.0100 0900 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:24:54.0100 0900 intelide - ok
09:24:54.0131 0900 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:24:54.0131 0900 intelppm - ok
09:24:54.0178 0900 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:24:54.0178 0900 IPBusEnum - ok
09:24:54.0209 0900 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:24:54.0209 0900 IpFilterDriver - ok
09:24:54.0240 0900 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:24:54.0256 0900 iphlpsvc - ok
09:24:54.0256 0900 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:24:54.0256 0900 IPMIDRV - ok
09:24:54.0287 0900 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:24:54.0287 0900 IPNAT - ok
09:24:54.0302 0900 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:24:54.0302 0900 IRENUM - ok
09:24:54.0318 0900 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:24:54.0318 0900 isapnp - ok
09:24:54.0334 0900 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:24:54.0334 0900 iScsiPrt - ok
09:24:54.0365 0900 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:24:54.0365 0900 kbdclass - ok
09:24:54.0380 0900 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:24:54.0380 0900 kbdhid - ok
09:24:54.0380 0900 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:24:54.0380 0900 KeyIso - ok
09:24:54.0427 0900 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:24:54.0427 0900 KSecDD - ok
09:24:54.0458 0900 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:24:54.0458 0900 KSecPkg - ok
09:24:54.0458 0900 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:24:54.0458 0900 ksthunk - ok
09:24:54.0490 0900 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:24:54.0490 0900 KtmRm - ok
09:24:54.0536 0900 [ B8E670D7EF61615FA03104552854FAC9 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
09:24:54.0536 0900 L1E - ok
09:24:54.0568 0900 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:24:54.0568 0900 LanmanServer - ok
09:24:54.0599 0900 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:24:54.0599 0900 LanmanWorkstation - ok
09:24:54.0692 0900 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
09:24:54.0724 0900 LBTServ - ok
09:24:54.0770 0900 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:24:54.0770 0900 LHidFilt - ok
09:24:54.0848 0900 [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:24:54.0848 0900 LightScribeService - ok
09:24:54.0880 0900 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:24:54.0880 0900 lltdio - ok
09:24:54.0895 0900 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:24:54.0911 0900 lltdsvc - ok
09:24:54.0911 0900 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:24:54.0911 0900 lmhosts - ok
09:24:54.0911 0900 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:24:54.0911 0900 LMouFilt - ok
09:24:54.0942 0900 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:24:54.0942 0900 LSI_FC - ok
09:24:54.0958 0900 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:24:54.0958 0900 LSI_SAS - ok
09:24:54.0973 0900 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:24:54.0973 0900 LSI_SAS2 - ok
09:24:54.0989 0900 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:24:54.0989 0900 LSI_SCSI - ok
09:24:55.0004 0900 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:24:55.0004 0900 luafv - ok
09:24:55.0036 0900 [ 11DDB1D900078FBE3691DF7B878AEC28 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
09:24:55.0036 0900 LUsbFilt - ok
09:24:55.0067 0900 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:24:55.0067 0900 Mcx2Svc - ok
09:24:55.0145 0900 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:24:55.0145 0900 MDM - ok
09:24:55.0160 0900 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:24:55.0160 0900 megasas - ok
09:24:55.0176 0900 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:24:55.0176 0900 MegaSR - ok
09:24:55.0207 0900 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:24:55.0207 0900 MMCSS - ok
09:24:55.0223 0900 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:24:55.0223 0900 Modem - ok
09:24:55.0270 0900 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:24:55.0270 0900 monitor - ok
09:24:55.0285 0900 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:24:55.0285 0900 mouclass - ok
09:24:55.0301 0900 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:24:55.0301 0900 mouhid - ok
09:24:55.0332 0900 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:24:55.0332 0900 mountmgr - ok
09:24:55.0394 0900 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:24:55.0394 0900 MozillaMaintenance - ok
09:24:55.0426 0900 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:24:55.0426 0900 mpio - ok
09:24:55.0457 0900 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:24:55.0457 0900 mpsdrv - ok
09:24:55.0488 0900 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:24:55.0504 0900 MpsSvc - ok
09:24:55.0535 0900 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:24:55.0535 0900 MRxDAV - ok
09:24:55.0550 0900 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:24:55.0550 0900 mrxsmb - ok
09:24:55.0597 0900 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:24:55.0597 0900 mrxsmb10 - ok
09:24:55.0628 0900 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:24:55.0628 0900 mrxsmb20 - ok
09:24:55.0660 0900 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:24:55.0660 0900 msahci - ok
09:24:55.0722 0900 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
09:24:55.0722 0900 MSCamSvc - ok
09:24:55.0753 0900 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:24:55.0753 0900 msdsm - ok
09:24:55.0769 0900 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:24:55.0769 0900 MSDTC - ok
09:24:55.0800 0900 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:24:55.0800 0900 Msfs - ok
09:24:55.0816 0900 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:24:55.0816 0900 mshidkmdf - ok
09:24:55.0831 0900 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:24:55.0831 0900 msisadrv - ok
09:24:55.0847 0900 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:24:55.0847 0900 MSiSCSI - ok
09:24:55.0847 0900 msiserver - ok
09:24:55.0878 0900 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:24:55.0878 0900 MSKSSRV - ok
09:24:55.0878 0900 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:24:55.0878 0900 MSPCLOCK - ok
09:24:55.0878 0900 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:24:55.0878 0900 MSPQM - ok
09:24:55.0909 0900 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:24:55.0909 0900 MsRPC - ok
09:24:55.0940 0900 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:24:55.0940 0900 mssmbios - ok
09:24:55.0956 0900 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:24:55.0956 0900 MSTEE - ok
09:24:55.0972 0900 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:24:55.0972 0900 MTConfig - ok
09:24:56.0003 0900 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
09:24:56.0003 0900 MTsensor - ok
09:24:56.0034 0900 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:24:56.0034 0900 Mup - ok
09:24:56.0065 0900 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:24:56.0065 0900 napagent - ok
09:24:56.0096 0900 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:24:56.0112 0900 NativeWifiP - ok
09:24:56.0190 0900 [ F0FFED72D8F7E776D176AFBD35D78684 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
09:24:56.0206 0900 NBService - ok
09:24:56.0237 0900 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:24:56.0237 0900 NDIS - ok
09:24:56.0252 0900 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:24:56.0252 0900 NdisCap - ok
09:24:56.0284 0900 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:24:56.0284 0900 NdisTapi - ok
09:24:56.0315 0900 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:24:56.0315 0900 Ndisuio - ok
09:24:56.0346 0900 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:24:56.0346 0900 NdisWan - ok
09:24:56.0377 0900 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:24:56.0377 0900 NDProxy - ok
09:24:56.0471 0900 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:24:56.0486 0900 Nero BackItUp Scheduler 4.0 - ok
09:24:56.0502 0900 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:24:56.0502 0900 NetBIOS - ok
09:24:56.0549 0900 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:24:56.0549 0900 NetBT - ok
09:24:56.0549 0900 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:24:56.0549 0900 Netlogon - ok
09:24:56.0580 0900 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:24:56.0580 0900 Netman - ok
09:24:56.0596 0900 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:24:56.0596 0900 netprofm - ok
09:24:56.0642 0900 [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys
09:24:56.0642 0900 netr7364 - ok
09:24:56.0674 0900 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:24:56.0674 0900 NetTcpPortSharing - ok
09:24:56.0674 0900 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:24:56.0689 0900 nfrd960 - ok
09:24:56.0705 0900 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:24:56.0705 0900 NlaSvc - ok
09:24:56.0752 0900 [ 40777BD92D73A8FF3B252E4F4881E672 ] nlscc C:\Windows\system32\nlsInterface.exe
09:24:56.0752 0900 nlscc - ok
09:24:56.0798 0900 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
09:24:56.0798 0900 NMIndexingService - ok
09:24:56.0814 0900 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:24:56.0814 0900 Npfs - ok
09:24:56.0830 0900 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:24:56.0830 0900 nsi - ok
09:24:56.0845 0900 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:24:56.0845 0900 nsiproxy - ok
09:24:56.0892 0900 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:24:56.0908 0900 Ntfs - ok
09:24:56.0923 0900 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:24:56.0923 0900 Null - ok
09:24:56.0939 0900 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:24:56.0939 0900 nvraid - ok
09:24:56.0954 0900 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:24:56.0970 0900 nvstor - ok
09:24:57.0001 0900 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:24:57.0001 0900 nv_agp - ok
09:24:57.0032 0900 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:24:57.0032 0900 ohci1394 - ok
09:24:57.0064 0900 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:24:57.0079 0900 ose - ok
09:24:57.0095 0900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:24:57.0095 0900 p2pimsvc - ok
09:24:57.0126 0900 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:24:57.0126 0900 p2psvc - ok
09:24:57.0157 0900 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:24:57.0157 0900 Parport - ok
09:24:57.0188 0900 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:24:57.0188 0900 partmgr - ok
09:24:57.0204 0900 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:24:57.0204 0900 PcaSvc - ok
09:24:57.0220 0900 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:24:57.0220 0900 pci - ok
09:24:57.0235 0900 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:24:57.0235 0900 pciide - ok
09:24:57.0266 0900 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:24:57.0266 0900 pcmcia - ok
09:24:57.0266 0900 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:24:57.0266 0900 pcw - ok
09:24:57.0298 0900 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:24:57.0298 0900 PEAUTH - ok
09:24:57.0344 0900 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:24:57.0344 0900 PerfHost - ok
09:24:57.0391 0900 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:24:57.0407 0900 pla - ok
09:24:57.0438 0900 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
09:24:57.0438 0900 PLFlash DeviceIoControl Service - ok
09:24:57.0469 0900 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:24:57.0485 0900 PlugPlay - ok
09:24:57.0500 0900 PnkBstrA - ok
09:24:57.0516 0900 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:24:57.0516 0900 PNRPAutoReg - ok
09:24:57.0532 0900 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:24:57.0532 0900 PNRPsvc - ok
09:24:57.0563 0900 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:24:57.0563 0900 PolicyAgent - ok
09:24:57.0594 0900 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:24:57.0594 0900 Power - ok
09:24:57.0641 0900 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:24:57.0641 0900 PptpMiniport - ok
09:24:57.0641 0900 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:24:57.0641 0900 Processor - ok
09:24:57.0688 0900 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:24:57.0688 0900 ProfSvc - ok
09:24:57.0703 0900 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:24:57.0703 0900 ProtectedStorage - ok
09:24:57.0734 0900 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:24:57.0750 0900 Psched - ok
09:24:57.0781 0900 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:24:57.0797 0900 ql2300 - ok
09:24:57.0812 0900 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:24:57.0812 0900 ql40xx - ok
09:24:57.0844 0900 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:24:57.0844 0900 QWAVE - ok
09:24:57.0859 0900 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:24:57.0859 0900 QWAVEdrv - ok
09:24:57.0875 0900 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:24:57.0875 0900 RasAcd - ok
09:24:57.0906 0900 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:24:57.0906 0900 RasAgileVpn - ok
09:24:57.0922 0900 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:24:57.0922 0900 RasAuto - ok
09:24:57.0953 0900 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:24:57.0953 0900 Rasl2tp - ok
09:24:57.0984 0900 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:24:57.0984 0900 RasMan - ok
09:24:58.0000 0900 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:24:58.0000 0900 RasPppoe - ok
09:24:58.0015 0900 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:24:58.0015 0900 RasSstp - ok
09:24:58.0046 0900 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:24:58.0046 0900 rdbss - ok
09:24:58.0062 0900 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:24:58.0062 0900 rdpbus - ok
09:24:58.0078 0900 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:24:58.0078 0900 RDPCDD - ok
09:24:58.0109 0900 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:24:58.0109 0900 RDPENCDD - ok
09:24:58.0124 0900 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:24:58.0124 0900 RDPREFMP - ok
09:24:58.0187 0900 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:24:58.0202 0900 RDPWD - ok
09:24:58.0249 0900 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:24:58.0249 0900 rdyboost - ok
09:24:58.0312 0900 [ 76DBD5B4E7BE6C1DDCF4F24D2B2371BC ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
09:24:58.0312 0900 ReflectService - ok
09:24:58.0327 0900 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:24:58.0327 0900 RemoteAccess - ok
09:24:58.0343 0900 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:24:58.0343 0900 RemoteRegistry - ok
09:24:58.0421 0900 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
09:24:58.0421 0900 RichVideo - ok
09:24:58.0483 0900 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys
09:24:58.0483 0900 RivaTuner64 - ok
09:24:58.0499 0900 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:24:58.0499 0900 RpcEptMapper - ok
09:24:58.0514 0900 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:24:58.0514 0900 RpcLocator - ok
09:24:58.0546 0900 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:24:58.0561 0900 RpcSs - ok
09:24:58.0592 0900 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:24:58.0592 0900 rspndr - ok
09:24:58.0592 0900 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:24:58.0592 0900 SamSs - ok
09:24:58.0686 0900 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys
09:24:58.0702 0900 SANDRA - ok
09:24:58.0733 0900 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:24:58.0733 0900 sbp2port - ok
09:24:58.0795 0900 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:24:58.0811 0900 SBSDWSCService - ok
09:24:58.0826 0900 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:24:58.0826 0900 SCardSvr - ok
09:24:58.0858 0900 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:24:58.0858 0900 scfilter - ok
09:24:58.0904 0900 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:24:58.0904 0900 Schedule - ok
09:24:58.0936 0900 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:24:58.0936 0900 SCPolicySvc - ok
09:24:58.0982 0900 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:24:58.0982 0900 SDRSVC - ok
09:24:59.0014 0900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:24:59.0014 0900 secdrv - ok
09:24:59.0029 0900 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:24:59.0029 0900 seclogon - ok
09:24:59.0045 0900 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:24:59.0045 0900 SENS - ok
09:24:59.0060 0900 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:24:59.0060 0900 SensrSvc - ok
09:24:59.0076 0900 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:24:59.0076 0900 Serenum - ok
09:24:59.0092 0900 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:24:59.0092 0900 Serial - ok
09:24:59.0123 0900 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:24:59.0138 0900 sermouse - ok
09:24:59.0170 0900 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:24:59.0170 0900 SessionEnv - ok
09:24:59.0185 0900 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:24:59.0185 0900 sffdisk - ok
09:24:59.0185 0900 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:24:59.0185 0900 sffp_mmc - ok
09:24:59.0201 0900 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:24:59.0201 0900 sffp_sd - ok
09:24:59.0216 0900 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:24:59.0216 0900 sfloppy - ok
09:24:59.0248 0900 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:24:59.0263 0900 SharedAccess - ok
09:24:59.0279 0900 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:24:59.0279 0900 ShellHWDetection - ok
09:24:59.0294 0900 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:24:59.0294 0900 SiSRaid2 - ok
09:24:59.0310 0900 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:24:59.0310 0900 SiSRaid4 - ok
09:24:59.0326 0900 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:24:59.0326 0900 Smb - ok
09:24:59.0372 0900 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:24:59.0372 0900 SNMPTRAP - ok
09:24:59.0388 0900 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:24:59.0388 0900 spldr - ok
09:24:59.0419 0900 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
09:24:59.0419 0900 Spooler - ok
09:24:59.0513 0900 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:24:59.0528 0900 sppsvc - ok
09:24:59.0544 0900 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:24:59.0544 0900 sppuinotify - ok
09:24:59.0591 0900 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:24:59.0591 0900 srv - ok
09:24:59.0606 0900 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:24:59.0606 0900 srv2 - ok
09:24:59.0622 0900 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:24:59.0622 0900 srvnet - ok
09:24:59.0638 0900 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:24:59.0638 0900 SSDPSRV - ok
09:24:59.0653 0900 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:24:59.0653 0900 SstpSvc - ok
09:24:59.0684 0900 Steam Client Service - ok
09:24:59.0700 0900 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:24:59.0700 0900 stexstor - ok
09:24:59.0747 0900 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:24:59.0747 0900 stisvc - ok
09:24:59.0778 0900 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:24:59.0778 0900 swenum - ok
09:24:59.0887 0900 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:24:59.0887 0900 SwitchBoard - ok
09:24:59.0918 0900 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:24:59.0918 0900 swprv - ok
09:24:59.0981 0900 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:24:59.0996 0900 SysMain - ok
09:25:00.0028 0900 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:25:00.0028 0900 TabletInputService - ok
09:25:00.0043 0900 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:25:00.0043 0900 TapiSrv - ok
09:25:00.0074 0900 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:25:00.0074 0900 TBS - ok
09:25:00.0121 0900 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:25:00.0137 0900 Tcpip - ok
09:25:00.0184 0900 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:25:00.0184 0900 TCPIP6 - ok
09:25:00.0215 0900 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:25:00.0215 0900 tcpipreg - ok
09:25:00.0230 0900 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:25:00.0230 0900 TDPIPE - ok
09:25:00.0262 0900 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:25:00.0262 0900 TDTCP - ok
09:25:00.0308 0900 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:25:00.0308 0900 tdx - ok
09:25:00.0340 0900 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:25:00.0340 0900 TermDD - ok
09:25:00.0371 0900 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:25:00.0371 0900 TermService - ok
09:25:00.0402 0900 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:25:00.0402 0900 Themes - ok
09:25:00.0433 0900 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:25:00.0433 0900 THREADORDER - ok
09:25:00.0449 0900 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:25:00.0449 0900 TrkWks - ok
09:25:00.0496 0900 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:25:00.0496 0900 TrustedInstaller - ok
09:25:00.0527 0900 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:00.0527 0900 tssecsrv - ok
09:25:00.0574 0900 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:25:00.0574 0900 TsUsbFlt - ok
09:25:00.0620 0900 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:25:00.0636 0900 tunnel - ok
09:25:00.0652 0900 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:25:00.0652 0900 uagp35 - ok
09:25:00.0683 0900 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:25:00.0683 0900 udfs - ok
09:25:00.0714 0900 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:25:00.0714 0900 UI0Detect - ok
09:25:00.0745 0900 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:25:00.0745 0900 uliagpkx - ok
09:25:00.0761 0900 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
09:25:00.0761 0900 umbus - ok
09:25:00.0792 0900 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:25:00.0792 0900 UmPass - ok
09:25:00.0823 0900 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
09:25:00.0823 0900 UnlockerDriver5 - ok
09:25:00.0854 0900 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:25:00.0854 0900 upnphost - ok
09:25:00.0901 0900 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:25:00.0901 0900 usbaudio - ok
09:25:00.0932 0900 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:00.0932 0900 usbccgp - ok
09:25:00.0964 0900 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:25:00.0964 0900 usbcir - ok
09:25:00.0995 0900 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:25:00.0995 0900 usbehci - ok
09:25:01.0026 0900 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:25:01.0026 0900 usbhub - ok
09:25:01.0042 0900 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:25:01.0042 0900 usbohci - ok
09:25:01.0073 0900 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:25:01.0073 0900 usbprint - ok
09:25:01.0120 0900 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:25:01.0120 0900 usbscan - ok
09:25:01.0151 0900 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:01.0151 0900 USBSTOR - ok
09:25:01.0166 0900 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:25:01.0166 0900 usbuhci - ok
09:25:01.0182 0900 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:25:01.0182 0900 UxSms - ok
09:25:01.0182 0900 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:25:01.0182 0900 VaultSvc - ok
09:25:01.0198 0900 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:25:01.0198 0900 vdrvroot - ok
09:25:01.0244 0900 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:25:01.0244 0900 vds - ok
09:25:01.0276 0900 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:01.0276 0900 vga - ok
09:25:01.0276 0900 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:25:01.0276 0900 VgaSave - ok
09:25:01.0307 0900 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:25:01.0307 0900 vhdmp - ok
09:25:01.0369 0900 [ 28BCDFE57119B97EEF05361906CE74BE ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
09:25:01.0385 0900 VIAHdAudAddService - ok
09:25:01.0400 0900 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:25:01.0400 0900 viaide - ok
09:25:01.0400 0900 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:25:01.0400 0900 volmgr - ok
09:25:01.0447 0900 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:25:01.0447 0900 volmgrx - ok
09:25:01.0447 0900 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:25:01.0463 0900 volsnap - ok
09:25:01.0478 0900 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:25:01.0494 0900 vsmraid - ok
09:25:01.0541 0900 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:25:01.0556 0900 VSS - ok
09:25:01.0666 0900 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:25:01.0681 0900 vToolbarUpdater12.2.6 - ok
09:25:01.0697 0900 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:25:01.0697 0900 vwifibus - ok
09:25:01.0712 0900 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:25:01.0712 0900 vwififlt - ok
09:25:01.0775 0900 [ C366AE91D2CC2C1C25380061D235C36B ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
09:25:01.0790 0900 VX3000 - ok
09:25:01.0822 0900 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:25:01.0822 0900 W32Time - ok
09:25:01.0837 0900 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:25:01.0853 0900 WacomPen - ok
09:25:01.0884 0900 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:25:01.0884 0900 WANARP - ok
09:25:01.0884 0900 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:25:01.0884 0900 Wanarpv6 - ok
09:25:01.0946 0900 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:25:01.0962 0900 WatAdminSvc - ok
09:25:02.0009 0900 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:25:02.0024 0900 wbengine - ok
09:25:02.0056 0900 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:25:02.0071 0900 WbioSrvc - ok
09:25:02.0102 0900 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:25:02.0102 0900 wcncsvc - ok
09:25:02.0118 0900 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:25:02.0118 0900 WcsPlugInService - ok
09:25:02.0165 0900 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:25:02.0165 0900 Wd - ok
09:25:02.0180 0900 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:25:02.0196 0900 Wdf01000 - ok
09:25:02.0196 0900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:25:02.0196 0900 WdiServiceHost - ok
09:25:02.0212 0900 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:25:02.0212 0900 WdiSystemHost - ok
09:25:02.0227 0900 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:25:02.0227 0900 WebClient - ok
09:25:02.0258 0900 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:25:02.0258 0900 Wecsvc - ok
09:25:02.0274 0900 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:25:02.0274 0900 wercplsupport - ok
09:25:02.0305 0900 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:25:02.0305 0900 WerSvc - ok
09:25:02.0336 0900 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:25:02.0336 0900 WfpLwf - ok
09:25:02.0352 0900 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:25:02.0352 0900 WIMMount - ok
09:25:02.0368 0900 WinDefend - ok
09:25:02.0383 0900 WinHttpAutoProxySvc - ok
09:25:02.0414 0900 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:25:02.0430 0900 Winmgmt - ok
09:25:02.0477 0900 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:25:02.0492 0900 WinRM - ok
09:25:02.0539 0900 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:25:02.0539 0900 WinUsb - ok
09:25:02.0586 0900 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:25:02.0586 0900 Wlansvc - ok
09:25:02.0680 0900 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:25:02.0695 0900 wlidsvc - ok
09:25:02.0742 0900 [ E7F4937B613B1E4294100C9D4EFC36A9 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
09:25:02.0742 0900 WmBEnum - ok
09:25:02.0758 0900 [ 6F6F2B263002B243D3501C7E6C8FC11D ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
09:25:02.0758 0900 WmFilter - ok
09:25:02.0758 0900 [ 1584F8D5FDFE44C03DBA85A2106B937F ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
09:25:02.0758 0900 WmHidLo - ok
09:25:02.0789 0900 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:25:02.0789 0900 WmiAcpi - ok
09:25:02.0804 0900 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:25:02.0820 0900 wmiApSrv - ok
09:25:02.0851 0900 WMPNetworkSvc - ok
09:25:02.0851 0900 [ 52B4FCC6AFAEC0FFD80BDA63F9B140CD ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
09:25:02.0851 0900 WmVirHid - ok
09:25:02.0867 0900 [ 395B3E7FBA81BDC4501641B3B2CF2E20 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
09:25:02.0867 0900 WmXlCore - ok
09:25:02.0882 0900 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:25:02.0882 0900 WPCSvc - ok
09:25:02.0914 0900 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:25:02.0914 0900 WPDBusEnum - ok
09:25:02.0929 0900 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:25:02.0929 0900 ws2ifsl - ok
09:25:02.0945 0900 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:25:02.0945 0900 wscsvc - ok
09:25:02.0945 0900 WSearch - ok
09:25:03.0007 0900 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:25:03.0038 0900 wuauserv - ok
09:25:03.0054 0900 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:25:03.0070 0900 WudfPf - ok
09:25:03.0085 0900 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:03.0085 0900 WUDFRd - ok
09:25:03.0132 0900 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:25:03.0179 0900 wudfsvc - ok
09:25:03.0210 0900 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:25:03.0226 0900 WwanSvc - ok
09:25:03.0397 0900 [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
09:25:03.0413 0900 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
09:25:03.0413 0900 ================ Scan global ===============================
09:25:03.0444 0900 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:25:03.0475 0900 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:25:03.0491 0900 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:25:03.0506 0900 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:25:03.0522 0900 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:25:03.0522 0900 [Global] - ok
09:25:03.0522 0900 ================ Scan MBR ==================================
09:25:03.0553 0900 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:25:03.0943 0900 \Device\Harddisk0\DR0 - ok
09:25:03.0943 0900 ================ Scan VBR ==================================
09:25:03.0943 0900 [ F7D19DB781042300C487622B919C7E17 ] \Device\Harddisk0\DR0\Partition1
09:25:03.0943 0900 \Device\Harddisk0\DR0\Partition1 - ok
09:25:03.0959 0900 [ 34BAB53BC9E9593F7A5F533C5BD68B4E ] \Device\Harddisk0\DR0\Partition2
09:25:03.0959 0900 \Device\Harddisk0\DR0\Partition2 - ok
09:25:03.0974 0900 [ FCFBBD52EF591E51DFE2CA2512A22027 ] \Device\Harddisk0\DR0\Partition3
09:25:03.0974 0900 \Device\Harddisk0\DR0\Partition3 - ok
09:25:03.0974 0900 ============================================================
09:25:03.0974 0900 Scan finished
09:25:03.0974 0900 ============================================================
09:25:03.0974 1772 Detected object count: 0
09:25:03.0974 1772 Actual detected object count: 0
09:25:09.0824 1260 Deinitialize success



#7 snowyman

snowyman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 September 2012 - 04:41 AM

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-17 09:48:21
-----------------------------
09:48:21.199 OS Version: Windows x64 6.1.7601 Service Pack 1
09:48:21.199 Number of processors: 4 586 0x402
09:48:21.199 ComputerName: DARKSTARLL UserName: Snowy
09:48:21.558 Initialize success
09:49:12.258 AVAST engine defs: 12091400
09:52:22.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:52:22.001 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
09:52:22.017 Disk 0 MBR read successfully
09:52:22.032 Disk 0 MBR scan
09:52:22.032 Disk 0 Windows 7 default MBR code
09:52:22.032 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 149999 MB offset 63
09:52:22.048 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 89993 MB offset 307202048
09:52:22.063 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 236943 MB offset 491508675
09:52:22.095 Disk 0 scanning C:\Windows\system32\drivers
09:52:30.378 Service scanning
09:52:50.409 Modules scanning
09:52:50.409 Disk 0 trace - called modules:
09:52:50.424 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
09:52:50.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f3060]
09:52:50.440 3 CLASSPNP.SYS[fffff88000c3643f] -> nt!IofCallDriver -> [0xfffffa80043cb520]
09:52:50.440 5 ACPI.sys[fffff88000f937a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043c8060]
09:52:50.689 AVAST engine scan C:\Windows
09:52:52.873 AVAST engine scan C:\Windows\system32
09:54:50.700 AVAST engine scan C:\Windows\system32\drivers
09:55:02.088 AVAST engine scan C:\Users\Snowy
10:29:13.320 AVAST engine scan C:\ProgramData
10:31:46.825 Scan finished successfully
10:37:16.328 Disk 0 MBR has been saved successfully to "C:\Users\Snowy\Desktop\MBR.dat"
10:37:16.328 The log file has been saved successfully to "C:\Users\Snowy\Desktop\aswMBR.txt"



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:53 AM

Posted 17 September 2012 - 02:37 PM

Well I can see no activity no these logs. If you still feel like something is there or just want to be certain. We need to repost and get a deeper look.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 snowyman

snowyman
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 17 September 2012 - 03:10 PM

Thanks very much for your help with this Boopme. :)
I feel a litle more comfortable and will monitor things for a few days, invest in Trend Micro Security or other.
And as long as nothing weird happens I'll try to be a little less paranoid.

Thanks again. :thumbup2:
Ciao for now Snowy :busy:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:53 AM

Posted 17 September 2012 - 03:15 PM

You're most welcome. If you are going to purchase may I suggest either ESET or Kaspersky as the best.

You need to update your Java and adobe reader.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe (or jre-7u7-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users