Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Trojan & Rootkit


  • This topic is locked This topic is locked
36 replies to this topic

#1 jeepndiva

jeepndiva

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 17 September 2012 - 07:51 PM

I have a Windows7 computer and have run malwarebytes several times on it. I have four issues on it Trojan.small, Rootkit.0access, Rootkit.2access and Trojan.0access. The system will not allow me to do a system backup. Would appreciate some suggestions.

Thanks

BC AdBot (Login to Remove)

 


#2 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 17 September 2012 - 09:51 PM

My mistake Visa home premium OS.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 17 September 2012 - 09:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 17 September 2012 - 10:21 PM

System allowed me to download all three items, but will not run them. A device attached to the sytem is not functioning, is the message. After I clear it I get a suggestion to run Windows update and cannot do that either. Suggestion?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 17 September 2012 - 10:32 PM

is this a 64 bit system or 32?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 18 September 2012 - 05:43 AM

32 bit system

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 18 September 2012 - 07:13 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 18 September 2012 - 06:32 PM

•As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

•Use the arrow keys to select the Repair your computer menu item.

The system then says other (for user) and will not let me in.... advise.

#9 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 18 September 2012 - 06:42 PM

When rebooting I never get select US as the keyboard language settings, nor do I get to choose and OS. Other user comes up and I can not log in using any user. It states "The specified domain either does not exist or could not be contacted".

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 18 September 2012 - 07:31 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 18 September 2012 - 09:12 PM

Finally got it to run. I am not sure if the 1st file is the correct one after reboot it scanned again and found nothing. The first time it found items.

1st TDSSKiller log

21:51:25.0673 2340 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:51:25.0954 2340 ============================================================
21:51:25.0954 2340 Current date / time: 2012/09/18 21:51:25.0954
21:51:25.0954 2340 SystemInfo:
21:51:25.0954 2340
21:51:25.0954 2340 OS Version: 6.0.6001 ServicePack: 1.0
21:51:25.0954 2340 Product type: Workstation
21:51:25.0954 2340 ComputerName: MICHAEL-PC
21:51:25.0954 2340 UserName: michael
21:51:25.0954 2340 Windows directory: C:\Windows
21:51:25.0954 2340 System windows directory: C:\Windows
21:51:25.0954 2340 Processor architecture: Intel x86
21:51:25.0954 2340 Number of processors: 2
21:51:25.0954 2340 Page size: 0x1000
21:51:25.0954 2340 Boot type: Normal boot
21:51:25.0954 2340 ============================================================
21:51:26.0047 2340 BG loaded
21:51:26.0500 2340 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:51:26.0500 2340 Drive \Device\Harddisk1\DR1 - Size: 0x3C1800000 (15.02 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:51:26.0500 2340 ============================================================
21:51:26.0500 2340 \Device\Harddisk0\DR0:
21:51:26.0515 2340 MBR partitions:
21:51:26.0515 2340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
21:51:26.0515 2340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0xC66C7F8
21:51:26.0546 2340 \Device\Harddisk1\DR1:
21:51:26.0546 2340 MBR partitions:
21:51:26.0546 2340 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1E0B800
21:51:26.0546 2340 ============================================================
21:51:26.0671 2340 C: <-> \Device\Harddisk0\DR0\Partition2
21:51:26.0796 2340 D: <-> \Device\Harddisk0\DR0\Partition1
21:51:26.0796 2340 ============================================================
21:51:26.0796 2340 Initialize success
21:51:26.0796 2340 ============================================================
21:51:31.0771 3244 ============================================================
21:51:31.0771 3244 Scan started
21:51:31.0771 3244 Mode: Manual;
21:51:31.0771 3244 ============================================================
21:51:32.0371 3244 ================ Scan system memory ========================
21:51:32.0371 3244 System memory - ok
21:51:32.0372 3244 ================ Scan services =============================
21:51:33.0549 3244 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:51:33.0554 3244 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:51:34.0986 3244 [ 0CEE59E4613BF65E2FD37E544AD66BDB ] ACPI C:\Windows\system32\drivers\acpi.sys
21:51:34.0986 3244 ACPI - ok
21:51:35.0127 3244 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:51:35.0189 3244 AdobeFlashPlayerUpdateSvc - ok
21:51:35.0329 3244 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:51:35.0345 3244 adp94xx - ok
21:51:35.0423 3244 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:51:35.0423 3244 adpahci - ok
21:51:35.0485 3244 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:51:35.0485 3244 adpu160m - ok
21:51:35.0563 3244 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:51:35.0563 3244 adpu320 - ok
21:51:35.0704 3244 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:51:36.0359 3244 AeLookupSvc - ok
21:51:36.0577 3244 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
21:51:36.0577 3244 AESTFilters - ok
21:51:36.0843 3244 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
21:51:36.0843 3244 AFD - ok
21:51:36.0889 3244 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:51:36.0889 3244 agp440 - ok
21:51:36.0952 3244 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:51:36.0952 3244 aic78xx - ok
21:51:36.0999 3244 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:51:36.0999 3244 ALG - ok
21:51:37.0030 3244 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:51:37.0030 3244 aliide - ok
21:51:37.0123 3244 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:51:37.0123 3244 amdagp - ok
21:51:37.0155 3244 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:51:37.0155 3244 amdide - ok
21:51:37.0248 3244 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:51:37.0248 3244 AmdK7 - ok
21:51:37.0326 3244 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:51:37.0326 3244 AmdK8 - ok
21:51:37.0420 3244 [ A80230BD04F0B8BF05185B369BB1CBB8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:51:37.0420 3244 ApfiltrService - ok
21:51:37.0576 3244 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:51:37.0591 3244 Appinfo - ok
21:51:37.0841 3244 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:51:37.0872 3244 Apple Mobile Device - ok
21:51:37.0935 3244 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:51:37.0935 3244 arc - ok
21:51:38.0169 3244 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:51:38.0169 3244 arcsas - ok
21:51:38.0293 3244 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:38.0293 3244 AsyncMac - ok
21:51:38.0387 3244 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
21:51:38.0387 3244 atapi - ok
21:51:38.0715 3244 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:51:38.0715 3244 AudioEndpointBuilder - ok
21:51:38.0839 3244 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:51:38.0839 3244 Audiosrv - ok
21:51:38.0965 3244 [ 55070D71BBB424A56D5125C61FCC2897 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:51:38.0965 3244 BCM42RLY - ok
21:51:39.0745 3244 [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
21:51:39.0761 3244 BCM43XX - ok
21:51:39.0917 3244 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:51:39.0917 3244 Beep - ok
21:51:40.0151 3244 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
21:51:40.0151 3244 BFE - ok
21:51:40.0182 3244 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:51:40.0198 3244 blbdrive - ok
21:51:40.0463 3244 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:51:40.0463 3244 Bonjour Service - ok
21:51:40.0541 3244 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:51:40.0556 3244 bowser - ok
21:51:40.0650 3244 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:51:40.0650 3244 BrFiltLo - ok
21:51:40.0681 3244 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:51:40.0681 3244 BrFiltUp - ok
21:51:40.0744 3244 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:51:40.0744 3244 Browser - ok
21:51:40.0806 3244 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:51:40.0806 3244 Brserid - ok
21:51:40.0884 3244 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:51:40.0884 3244 BrSerWdm - ok
21:51:40.0931 3244 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:51:40.0931 3244 BrUsbMdm - ok
21:51:40.0962 3244 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:51:40.0962 3244 BrUsbSer - ok
21:51:41.0009 3244 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:51:41.0009 3244 BTHMODEM - ok
21:51:41.0087 3244 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:51:41.0087 3244 cdfs - ok
21:51:41.0134 3244 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:51:41.0134 3244 cdrom - ok
21:51:41.0212 3244 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
21:51:41.0212 3244 CertPropSvc - ok
21:51:41.0243 3244 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:51:41.0243 3244 circlass - ok
21:51:41.0352 3244 [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS C:\Windows\system32\CLFS.sys
21:51:41.0352 3244 CLFS - ok
21:51:41.0633 3244 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:51:41.0648 3244 clr_optimization_v2.0.50727_32 - ok
21:51:41.0836 3244 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:51:41.0836 3244 clr_optimization_v4.0.30319_32 - ok
21:51:41.0945 3244 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:41.0945 3244 CmBatt - ok
21:51:42.0038 3244 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:51:42.0038 3244 cmdide - ok
21:51:42.0085 3244 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:51:42.0085 3244 Compbatt - ok
21:51:42.0085 3244 COMSysApp - ok
21:51:42.0101 3244 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:51:42.0101 3244 crcdisk - ok
21:51:42.0148 3244 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:51:42.0148 3244 Crusoe - ok
21:51:42.0194 3244 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:51:42.0194 3244 CryptSvc - ok
21:51:42.0382 3244 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:51:42.0397 3244 DcomLaunch - ok
21:51:42.0428 3244 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:51:42.0428 3244 DfsC - ok
21:51:42.0943 3244 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
21:51:43.0349 3244 DFSR - ok
21:51:43.0536 3244 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:51:43.0536 3244 Dhcp - ok
21:51:43.0598 3244 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
21:51:43.0598 3244 disk - ok
21:51:43.0676 3244 dldo_device - ok
21:51:43.0801 3244 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:51:43.0801 3244 Dnscache - ok
21:51:44.0378 3244 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
21:51:44.0378 3244 DockLoginService - ok
21:51:44.0519 3244 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
21:51:44.0519 3244 dot3svc - ok
21:51:44.0566 3244 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:51:44.0581 3244 DPS - ok
21:51:44.0644 3244 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:51:44.0644 3244 drmkaud - ok
21:51:44.0924 3244 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:51:44.0924 3244 DXGKrnl - ok
21:51:45.0143 3244 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
21:51:45.0143 3244 e1express - ok
21:51:46.0250 3244 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:51:46.0250 3244 E1G60 - ok
21:51:46.0500 3244 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:51:46.0516 3244 EapHost - ok
21:51:46.0672 3244 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:51:46.0672 3244 Ecache - ok
21:51:46.0890 3244 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:51:46.0890 3244 elxstor - ok
21:51:47.0108 3244 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:51:47.0108 3244 EMDMgmt - ok
21:51:47.0483 3244 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:51:47.0483 3244 ErrDev - ok
21:51:47.0592 3244 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
21:51:47.0592 3244 EventSystem - ok
21:51:47.0654 3244 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
21:51:47.0654 3244 exfat - ok
21:51:47.0686 3244 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:51:47.0701 3244 fastfat - ok
21:51:47.0717 3244 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:51:47.0717 3244 fdc - ok
21:51:47.0764 3244 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:51:47.0764 3244 fdPHost - ok
21:51:47.0795 3244 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:51:47.0795 3244 FDResPub - ok
21:51:47.0810 3244 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:51:47.0810 3244 FileInfo - ok
21:51:47.0826 3244 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:51:47.0826 3244 Filetrace - ok
21:51:47.0857 3244 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:47.0857 3244 flpydisk - ok
21:51:47.0888 3244 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:51:47.0888 3244 FltMgr - ok
21:51:47.0982 3244 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:51:48.0013 3244 FontCache3.0.0.0 - ok
21:51:48.0029 3244 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:51:48.0029 3244 Fs_Rec - ok
21:51:48.0060 3244 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:51:48.0060 3244 gagp30kx - ok
21:51:48.0200 3244 [ 311ACFCDD2C9A99481E91FA4CB028D70 ] GameConsoleService C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
21:51:48.0232 3244 GameConsoleService - ok
21:51:48.0310 3244 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:51:48.0310 3244 GEARAspiWDM - ok
21:51:48.0622 3244 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:51:48.0622 3244 GoogleDesktopManager-051210-111108 - ok
21:51:48.0715 3244 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
21:51:48.0731 3244 GoToAssist - ok
21:51:48.0996 3244 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
21:51:48.0996 3244 gpsvc - ok
21:51:49.0230 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:49.0230 3244 gupdate - ok
21:51:49.0292 3244 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:49.0292 3244 gupdatem - ok
21:51:49.0433 3244 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:51:49.0433 3244 gusvc - ok
21:51:49.0495 3244 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:49.0495 3244 HDAudBus - ok
21:51:49.0558 3244 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:51:49.0558 3244 HidBth - ok
21:51:49.0589 3244 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:51:49.0589 3244 HidIr - ok
21:51:49.0651 3244 [ 53D5A2F9CE6AE47D7507727DF1DA79F8 ] hidserv C:\Windows\system32\hidserv.dll
21:51:49.0651 3244 hidserv - ok
21:51:49.0714 3244 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:51:49.0714 3244 HidUsb - ok
21:51:49.0760 3244 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:51:49.0760 3244 hkmsvc - ok
21:51:50.0088 3244 [ 11ACCB0D76E0FE109624224B6713893C ] hnmsvc c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
21:51:50.0104 3244 hnmsvc - ok
21:51:50.0150 3244 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:51:50.0150 3244 HpCISSs - ok
21:51:50.0369 3244 [ 99F85640054BA65190B860D878A7C9AE ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:51:50.0384 3244 HSF_DPV - ok
21:51:50.0431 3244 [ CFBC2B81972E298F0E19EE68FA9E73DA ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:51:50.0431 3244 HSXHWAZL - ok
21:51:50.0478 3244 [ 33B02459E86D0A2B86A6B9FE19139390 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:51:50.0494 3244 HTTP - ok
21:51:50.0540 3244 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:51:50.0540 3244 i2omp - ok
21:51:50.0665 3244 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:51:50.0665 3244 i8042prt - ok
21:51:50.0930 3244 [ AE38A12F79A4980DDB88F36514F8A1DA ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
21:51:50.0946 3244 IAANTMON - ok
21:51:50.0977 3244 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
21:51:50.0977 3244 iaStor - ok
21:51:51.0086 3244 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:51:51.0086 3244 iaStorV - ok
21:51:51.0367 3244 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:51:51.0414 3244 idsvc - ok
21:51:51.0835 3244 [ C134E69CE901422D1F2D7EA8D69098FE ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:51:51.0851 3244 igfx - ok
21:51:51.0882 3244 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:51:51.0882 3244 iirsp - ok
21:51:51.0960 3244 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
21:51:51.0960 3244 IKEEXT - ok
21:51:52.0007 3244 [ 98D303CCB3415E9202E82043B37D66DC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:51:52.0007 3244 IntcHdmiAddService - ok
21:51:52.0256 3244 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:51:52.0256 3244 intelide - ok
21:51:52.0272 3244 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:51:52.0288 3244 intelppm - ok
21:51:52.0303 3244 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:51:52.0303 3244 IPBusEnum - ok
21:51:52.0350 3244 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:52.0350 3244 IpFilterDriver - ok
21:51:52.0444 3244 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:51:52.0444 3244 iphlpsvc - ok
21:51:52.0459 3244 IpInIp - ok
21:51:52.0490 3244 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:51:52.0490 3244 IPMIDRV - ok
21:51:52.0553 3244 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:51:52.0553 3244 IPNAT - ok
21:51:52.0912 3244 [ 178FE38B7740F598391EB2F51AE4CCAC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:51:52.0974 3244 iPod Service - ok
21:51:53.0021 3244 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:51:53.0021 3244 IRENUM - ok
21:51:53.0083 3244 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:51:53.0083 3244 isapnp - ok
21:51:53.0161 3244 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:51:53.0161 3244 iScsiPrt - ok
21:51:53.0192 3244 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:51:53.0192 3244 iteatapi - ok
21:51:53.0255 3244 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:51:53.0255 3244 iteraid - ok
21:51:53.0286 3244 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:53.0286 3244 kbdclass - ok
21:51:53.0364 3244 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:53.0364 3244 kbdhid - ok
21:51:53.0426 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
21:51:53.0426 3244 KeyIso - ok
21:51:53.0504 3244 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:51:53.0504 3244 KSecDD - ok
21:51:53.0676 3244 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:51:53.0676 3244 KtmRm - ok
21:51:53.0738 3244 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:51:53.0738 3244 LanmanServer - ok
21:51:53.0863 3244 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:51:53.0863 3244 LanmanWorkstation - ok
21:51:53.0988 3244 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:51:53.0988 3244 lltdio - ok
21:51:54.0128 3244 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:51:54.0191 3244 lltdsvc - ok
21:51:54.0206 3244 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:51:54.0206 3244 lmhosts - ok
21:51:54.0316 3244 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:51:54.0316 3244 LSI_FC - ok
21:51:54.0378 3244 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:51:54.0378 3244 LSI_SAS - ok
21:51:54.0456 3244 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:51:54.0456 3244 LSI_SCSI - ok
21:51:54.0518 3244 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:51:54.0518 3244 luafv - ok
21:51:54.0581 3244 McShield - ok
21:51:54.0596 3244 McSysmon - ok
21:51:54.0659 3244 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:51:54.0659 3244 mdmxsdk - ok
21:51:54.0721 3244 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:51:54.0721 3244 megasas - ok
21:51:54.0846 3244 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:51:54.0846 3244 MegaSR - ok
21:51:54.0893 3244 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:51:54.0893 3244 MMCSS - ok
21:51:54.0940 3244 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:51:54.0940 3244 Modem - ok
21:51:55.0018 3244 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:51:55.0018 3244 monitor - ok
21:51:55.0064 3244 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:51:55.0064 3244 mouclass - ok
21:51:55.0142 3244 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:51:55.0142 3244 mouhid - ok
21:51:55.0174 3244 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:51:55.0174 3244 MountMgr - ok
21:51:55.0220 3244 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:51:55.0220 3244 mpio - ok
21:51:55.0298 3244 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:51:55.0298 3244 mpsdrv - ok
21:51:55.0470 3244 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
21:51:55.0470 3244 MpsSvc - ok
21:51:55.0595 3244 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:51:55.0610 3244 Mraid35x - ok
21:51:55.0642 3244 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:51:55.0642 3244 MRxDAV - ok
21:51:55.0720 3244 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:55.0720 3244 mrxsmb - ok
21:51:55.0860 3244 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:55.0860 3244 mrxsmb10 - ok
21:51:55.0907 3244 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:55.0907 3244 mrxsmb20 - ok
21:51:55.0969 3244 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
21:51:55.0969 3244 msahci - ok
21:51:56.0016 3244 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:51:56.0016 3244 msdsm - ok
21:51:56.0047 3244 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:51:56.0063 3244 MSDTC - ok
21:51:56.0110 3244 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:51:56.0110 3244 Msfs - ok
21:51:56.0156 3244 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:51:56.0156 3244 msisadrv - ok
21:51:56.0188 3244 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:51:56.0219 3244 MSiSCSI - ok
21:51:56.0219 3244 msiserver - ok
21:51:56.0312 3244 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:51:56.0312 3244 MSKSSRV - ok
21:51:56.0328 3244 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:56.0328 3244 MSPCLOCK - ok
21:51:56.0390 3244 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:51:56.0390 3244 MSPQM - ok
21:51:56.0453 3244 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:51:56.0453 3244 MsRPC - ok
21:51:56.0484 3244 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:56.0484 3244 mssmbios - ok
21:51:56.0546 3244 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:51:56.0546 3244 MSTEE - ok
21:51:56.0562 3244 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
21:51:56.0578 3244 Mup - ok
21:51:56.0656 3244 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
21:51:56.0671 3244 napagent - ok
21:51:56.0749 3244 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:51:56.0749 3244 NativeWifiP - ok
21:51:56.0921 3244 [ C8560010A542B5DCA94C62468DC20784 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:51:56.0921 3244 NDIS - ok
21:51:56.0968 3244 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:56.0968 3244 NdisTapi - ok
21:51:56.0999 3244 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:56.0999 3244 Ndisuio - ok
21:51:57.0030 3244 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:57.0030 3244 NdisWan - ok
21:51:57.0061 3244 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:51:57.0061 3244 NDProxy - ok
21:51:57.0092 3244 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:51:57.0092 3244 NetBIOS - ok
21:51:57.0124 3244 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:51:57.0124 3244 netbt - ok
21:51:57.0139 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
21:51:57.0155 3244 Netlogon - ok
21:51:57.0264 3244 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:51:57.0264 3244 Netman - ok
21:51:57.0295 3244 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:51:57.0311 3244 netprofm - ok
21:51:57.0373 3244 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:51:57.0389 3244 NetTcpPortSharing - ok
21:51:57.0451 3244 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:51:57.0451 3244 nfrd960 - ok
21:51:57.0529 3244 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:51:57.0529 3244 NlaSvc - ok
21:51:57.0560 3244 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:51:57.0560 3244 Npfs - ok
21:51:57.0623 3244 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:51:57.0623 3244 nsi - ok
21:51:57.0670 3244 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:51:57.0670 3244 nsiproxy - ok
21:51:57.0904 3244 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:51:57.0904 3244 Ntfs - ok
21:51:57.0966 3244 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:51:57.0966 3244 ntrigdigi - ok
21:51:57.0982 3244 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:51:57.0982 3244 Null - ok
21:51:58.0013 3244 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:51:58.0013 3244 nvraid - ok
21:51:58.0060 3244 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:51:58.0060 3244 nvstor - ok
21:51:58.0106 3244 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:51:58.0106 3244 nv_agp - ok
21:51:58.0106 3244 NwlnkFlt - ok
21:51:58.0122 3244 NwlnkFwd - ok
21:51:58.0278 3244 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:51:58.0637 3244 odserv - ok
21:51:58.0699 3244 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:51:58.0699 3244 ohci1394 - ok
21:51:58.0762 3244 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:58.0762 3244 ose - ok
21:51:58.0964 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:51:58.0964 3244 p2pimsvc - ok
21:51:59.0136 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
21:51:59.0136 3244 p2psvc - ok
21:51:59.0261 3244 [ 9D80E0BE979C3EDAF2863F23B88F4DE6 ] Packet C:\Windows\system32\DRIVERS\packet.sys
21:51:59.0261 3244 Packet - ok
21:51:59.0588 3244 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:51:59.0588 3244 Parport - ok
21:51:59.0620 3244 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:51:59.0620 3244 partmgr - ok
21:51:59.0651 3244 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:51:59.0651 3244 Parvdm - ok
21:51:59.0729 3244 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:51:59.0729 3244 PcaSvc - ok
21:51:59.0822 3244 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
21:51:59.0822 3244 pci - ok
21:51:59.0900 3244 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:51:59.0900 3244 pciide - ok
21:51:59.0947 3244 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:51:59.0947 3244 pcmcia - ok
21:52:00.0181 3244 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:52:00.0197 3244 PEAUTH - ok
21:52:00.0727 3244 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:52:00.0727 3244 pla - ok
21:52:00.0930 3244 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:52:00.0930 3244 PlugPlay - ok
21:52:01.0008 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:52:01.0008 3244 PNRPAutoReg - ok
21:52:01.0086 3244 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:52:01.0102 3244 PNRPsvc - ok
21:52:01.0226 3244 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:52:01.0226 3244 PolicyAgent - ok
21:52:01.0367 3244 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:52:01.0367 3244 PptpMiniport - ok
21:52:01.0414 3244 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:52:01.0414 3244 Processor - ok
21:52:01.0476 3244 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
21:52:01.0476 3244 ProfSvc - ok
21:52:01.0507 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:52:01.0507 3244 ProtectedStorage - ok
21:52:01.0554 3244 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:52:01.0554 3244 PSched - ok
21:52:01.0726 3244 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:52:01.0726 3244 PxHelp20 - ok
21:52:02.0272 3244 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:52:02.0272 3244 ql2300 - ok
21:52:02.0303 3244 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:52:02.0303 3244 ql40xx - ok
21:52:02.0412 3244 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:52:02.0412 3244 QWAVE - ok
21:52:02.0459 3244 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:52:02.0459 3244 QWAVEdrv - ok
21:52:03.0083 3244 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
21:52:03.0098 3244 R300 - ok
21:52:03.0114 3244 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:52:03.0114 3244 RasAcd - ok
21:52:03.0161 3244 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:52:03.0161 3244 RasAuto - ok
21:52:03.0301 3244 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:03.0301 3244 Rasl2tp - ok
21:52:03.0395 3244 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
21:52:03.0410 3244 RasMan - ok
21:52:03.0442 3244 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:03.0442 3244 RasPppoe - ok
21:52:03.0488 3244 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:52:03.0488 3244 RasSstp - ok
21:52:03.0582 3244 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:52:03.0582 3244 rdbss - ok
21:52:03.0598 3244 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:03.0598 3244 RDPCDD - ok
21:52:03.0644 3244 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:52:03.0644 3244 rdpdr - ok
21:52:03.0660 3244 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:52:03.0660 3244 RDPENCDD - ok
21:52:04.0019 3244 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:52:04.0034 3244 RDPWD - ok
21:52:04.0175 3244 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:52:04.0175 3244 RemoteAccess - ok
21:52:04.0237 3244 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:52:04.0237 3244 RemoteRegistry - ok
21:52:04.0393 3244 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:52:04.0393 3244 rimmptsk - ok
21:52:04.0456 3244 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:52:04.0456 3244 rimsptsk - ok
21:52:04.0518 3244 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:52:04.0518 3244 rismxdp - ok
21:52:04.0752 3244 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:52:04.0752 3244 RpcLocator - ok
21:52:04.0892 3244 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
21:52:04.0892 3244 RpcSs - ok
21:52:04.0970 3244 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:52:04.0970 3244 rspndr - ok
21:52:05.0002 3244 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
21:52:05.0017 3244 SamSs - ok
21:52:05.0048 3244 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:52:05.0048 3244 sbp2port - ok
21:52:05.0204 3244 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:52:05.0204 3244 SCardSvr - ok
21:52:06.0234 3244 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
21:52:06.0250 3244 Schedule - ok
21:52:06.0780 3244 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
21:52:06.0811 3244 SCPolicySvc - ok
21:52:06.0842 3244 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:52:06.0842 3244 sdbus - ok
21:52:06.0905 3244 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:52:06.0905 3244 SDRSVC - ok
21:52:06.0983 3244 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:52:06.0983 3244 secdrv - ok
21:52:07.0014 3244 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:52:07.0014 3244 seclogon - ok
21:52:07.0045 3244 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
21:52:07.0045 3244 SENS - ok
21:52:07.0295 3244 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:52:07.0295 3244 Serenum - ok
21:52:07.0451 3244 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:52:07.0451 3244 Serial - ok
21:52:07.0513 3244 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:52:07.0513 3244 sermouse - ok
21:52:07.0560 3244 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:52:07.0560 3244 SessionEnv - ok
21:52:07.0576 3244 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:52:07.0576 3244 sffdisk - ok
21:52:07.0622 3244 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:52:07.0622 3244 sffp_mmc - ok
21:52:07.0654 3244 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:52:07.0654 3244 sffp_sd - ok
21:52:07.0685 3244 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:52:07.0685 3244 sfloppy - ok
21:52:07.0810 3244 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:52:07.0810 3244 ShellHWDetection - ok
21:52:07.0841 3244 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:52:07.0841 3244 sisagp - ok
21:52:07.0903 3244 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:52:07.0903 3244 SiSRaid2 - ok
21:52:07.0950 3244 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:52:07.0950 3244 SiSRaid4 - ok
21:52:08.0558 3244 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
21:52:08.0574 3244 slsvc - ok
21:52:08.0621 3244 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:52:08.0621 3244 SLUINotify - ok
21:52:08.0652 3244 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:52:08.0652 3244 Smb - ok
21:52:08.0668 3244 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:52:08.0668 3244 SNMPTRAP - ok
21:52:08.0730 3244 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:52:08.0730 3244 spldr - ok
21:52:08.0777 3244 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
21:52:08.0792 3244 Spooler - ok
21:52:09.0089 3244 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files\Dell Support Center\bin\sprtsvc.exe
21:52:09.0089 3244 sprtsvc_DellSupportCenter - ok
21:52:09.0338 3244 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:52:09.0354 3244 srv - ok
21:52:09.0416 3244 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:52:09.0432 3244 srv2 - ok
21:52:09.0432 3244 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:52:09.0432 3244 srvnet - ok
21:52:09.0479 3244 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:52:09.0479 3244 SSDPSRV - ok
21:52:09.0557 3244 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:52:09.0557 3244 SstpSvc - ok
21:52:09.0650 3244 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
21:52:09.0650 3244 STacSV - ok
21:52:09.0744 3244 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
21:52:09.0744 3244 STHDA - ok
21:52:09.0838 3244 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
21:52:09.0838 3244 stisvc - ok
21:52:10.0009 3244 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:52:10.0072 3244 stllssvr - ok
21:52:10.0134 3244 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:52:10.0134 3244 swenum - ok
21:52:10.0306 3244 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
21:52:10.0306 3244 swprv - ok
21:52:10.0352 3244 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:52:10.0352 3244 Symc8xx - ok
21:52:10.0415 3244 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:52:10.0415 3244 Sym_hi - ok
21:52:10.0493 3244 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:52:10.0493 3244 Sym_u3 - ok
21:52:10.0664 3244 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
21:52:10.0680 3244 SysMain - ok
21:52:10.0727 3244 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:52:10.0727 3244 TabletInputService - ok
21:52:10.0820 3244 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:52:10.0820 3244 TapiSrv - ok
21:52:10.0883 3244 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:52:10.0898 3244 TBS - ok
21:52:11.0366 3244 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:52:11.0366 3244 Tcpip - ok
21:52:11.0398 3244 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:52:11.0398 3244 Tcpip6 - ok
21:52:11.0460 3244 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:52:11.0460 3244 tcpipreg - ok
21:52:11.0507 3244 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:52:11.0507 3244 TDPIPE - ok
21:52:11.0538 3244 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:52:11.0554 3244 TDTCP - ok
21:52:11.0585 3244 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:52:11.0585 3244 tdx - ok
21:52:11.0647 3244 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:52:11.0647 3244 TermDD - ok
21:52:11.0772 3244 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
21:52:11.0788 3244 TermService - ok
21:52:11.0803 3244 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
21:52:11.0819 3244 Themes - ok
21:52:11.0834 3244 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:52:11.0834 3244 THREADORDER - ok
21:52:11.0881 3244 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:52:11.0881 3244 TrkWks - ok
21:52:11.0975 3244 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:52:11.0975 3244 TrustedInstaller - ok
21:52:12.0022 3244 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:52:12.0022 3244 tssecsrv - ok
21:52:12.0115 3244 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:52:12.0115 3244 tunmp - ok
21:52:12.0146 3244 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:52:12.0146 3244 tunnel - ok
21:52:12.0193 3244 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:52:12.0193 3244 uagp35 - ok
21:52:12.0287 3244 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:52:12.0287 3244 udfs - ok
21:52:12.0334 3244 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:52:12.0334 3244 UI0Detect - ok
21:52:12.0349 3244 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:52:12.0349 3244 uliagpkx - ok
21:52:12.0396 3244 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:52:12.0396 3244 uliahci - ok
21:52:12.0427 3244 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:52:12.0427 3244 UlSata - ok
21:52:12.0458 3244 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:52:12.0474 3244 ulsata2 - ok
21:52:12.0583 3244 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:52:12.0583 3244 umbus - ok
21:52:12.0646 3244 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:52:12.0646 3244 upnphost - ok
21:52:12.0739 3244 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:52:12.0739 3244 USBAAPL - ok
21:52:12.0770 3244 [ 79A58D49E042E80F1909D8ED0A3C47A8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:52:12.0770 3244 usbccgp - ok
21:52:12.0817 3244 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:52:12.0817 3244 usbcir - ok
21:52:12.0895 3244 [ 8BD8E10A930235A67A10346D5F5029E2 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:52:12.0895 3244 usbehci - ok
21:52:12.0989 3244 [ 5146760CA7EA58E4DD5E2E1D418D7011 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:52:12.0989 3244 usbhub - ok
21:52:13.0020 3244 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:52:13.0020 3244 usbohci - ok
21:52:13.0082 3244 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:52:13.0082 3244 usbprint - ok
21:52:13.0129 3244 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:52:13.0129 3244 usbscan - ok
21:52:13.0207 3244 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:52:13.0207 3244 USBSTOR - ok
21:52:13.0270 3244 [ 0D815D51FD8EA5F9CB6B85C122CDDBF6 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:52:13.0270 3244 usbuhci - ok
21:52:13.0332 3244 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
21:52:13.0332 3244 UxSms - ok
21:52:13.0457 3244 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
21:52:13.0472 3244 vds - ok
21:52:13.0784 3244 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:52:13.0784 3244 vga - ok
21:52:13.0909 3244 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:52:13.0909 3244 VgaSave - ok
21:52:13.0987 3244 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:52:13.0987 3244 viaagp - ok
21:52:14.0034 3244 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:52:14.0034 3244 ViaC7 - ok
21:52:14.0096 3244 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:52:14.0096 3244 viaide - ok
21:52:14.0159 3244 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:52:14.0159 3244 volmgr - ok
21:52:14.0221 3244 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:52:14.0221 3244 volmgrx - ok
21:52:14.0596 3244 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:52:14.0596 3244 volsnap - ok
21:52:14.0658 3244 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:52:14.0658 3244 vsmraid - ok
21:52:14.0986 3244 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
21:52:14.0986 3244 VSS - ok
21:52:15.0064 3244 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
21:52:15.0064 3244 W32Time - ok
21:52:15.0110 3244 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:52:15.0110 3244 WacomPen - ok
21:52:15.0142 3244 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:52:15.0142 3244 Wanarp - ok
21:52:15.0173 3244 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:52:15.0173 3244 Wanarpv6 - ok
21:52:15.0329 3244 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:52:15.0329 3244 wcncsvc - ok
21:52:15.0376 3244 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:52:15.0376 3244 WcsPlugInService - ok
21:52:15.0407 3244 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:52:15.0407 3244 Wd - ok
21:52:15.0547 3244 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:52:15.0547 3244 Wdf01000 - ok
21:52:15.0563 3244 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:52:15.0578 3244 WdiServiceHost - ok
21:52:15.0578 3244 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:52:15.0578 3244 WdiSystemHost - ok
21:52:15.0625 3244 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
21:52:15.0625 3244 WebClient - ok
21:52:15.0688 3244 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:52:15.0688 3244 Wecsvc - ok
21:52:15.0703 3244 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:52:15.0703 3244 wercplsupport - ok
21:52:15.0875 3244 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
21:52:15.0875 3244 WerSvc - ok
21:52:16.0124 3244 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:52:16.0124 3244 winachsf - ok
21:52:16.0124 3244 WinHttpAutoProxySvc - ok
21:52:16.0234 3244 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:52:16.0234 3244 Winmgmt - ok
21:52:16.0483 3244 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:52:16.0499 3244 WinRM - ok
21:52:16.0686 3244 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:52:16.0702 3244 Wlansvc - ok
21:52:16.0702 3244 wltrysvc - ok
21:52:16.0748 3244 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:52:16.0748 3244 WmiAcpi - ok
21:52:16.0780 3244 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:52:16.0780 3244 wmiApSrv - ok
21:52:17.0014 3244 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:52:17.0014 3244 WMPNetworkSvc - ok
21:52:17.0076 3244 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:52:17.0076 3244 WPCSvc - ok
21:52:17.0092 3244 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:52:17.0092 3244 WPDBusEnum - ok
21:52:17.0154 3244 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:52:17.0154 3244 WpdUsb - ok
21:52:17.0450 3244 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:52:17.0466 3244 WPFFontCache_v0400 - ok
21:52:17.0622 3244 [ B510D7F7F96352601CC9641180F55802 ] wrssweep C:\Program Files\Webroot\Washer\wrssweep.sys
21:52:17.0622 3244 wrssweep - ok
21:52:17.0731 3244 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:52:17.0731 3244 ws2ifsl - ok
21:52:17.0794 3244 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
21:52:17.0794 3244 wscsvc - ok
21:52:17.0809 3244 WSearch - ok
21:52:17.0903 3244 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:52:17.0903 3244 WUDFRd - ok
21:52:17.0934 3244 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:52:17.0934 3244 wudfsvc - ok
21:52:18.0028 3244 [ 1F4D13FA3A0C4F0F7419AC7814EA8A8E ] wwEngineSvc C:\Program Files\Webroot\Washer\WasherSvc.exe
21:52:18.0028 3244 wwEngineSvc - ok
21:52:18.0059 3244 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:52:18.0059 3244 XAudio - ok
21:52:18.0106 3244 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:52:18.0106 3244 XAudioService - ok
21:52:18.0152 3244 [ A4822191C7CEA271903C2A4FB6D9809D ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:52:18.0168 3244 yukonwlh - ok
21:52:18.0184 3244 ================ Scan global ===============================
21:52:18.0480 3244 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:52:18.0589 3244 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:52:18.0605 3244 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:52:18.0730 3244 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:52:18.0730 3244 [Global] - ok
21:52:18.0730 3244 ================ Scan MBR ==================================
21:52:18.0792 3244 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:52:19.0993 3244 \Device\Harddisk0\DR0 - ok
21:52:20.0009 3244 [ 66D0B28C8B44E531D0C19F436252ABAA ] \Device\Harddisk1\DR1
21:52:20.0009 3244 \Device\Harddisk1\DR1 - ok
21:52:20.0009 3244 ================ Scan VBR ==================================
21:52:20.0040 3244 [ 145448FD26E208032A88C3ED8BC22C4D ] \Device\Harddisk0\DR0\Partition1
21:52:20.0056 3244 \Device\Harddisk0\DR0\Partition1 - ok
21:52:20.0087 3244 [ 5B61998B8D0DEC8D6456FE22BFDBE8E0 ] \Device\Harddisk0\DR0\Partition2
21:52:20.0102 3244 \Device\Harddisk0\DR0\Partition2 - ok
21:52:20.0102 3244 [ 43D13C94FAB6386582686D5863D106FF ] \Device\Harddisk1\DR1\Partition1
21:52:20.0102 3244 \Device\Harddisk1\DR1\Partition1 - ok
21:52:20.0102 3244 ============================================================
21:52:20.0102 3244 Scan finished
21:52:20.0102 3244 ============================================================
21:52:22.0770 3208 Detected object count: 0
21:52:22.0770 3208 Actual detected object count: 0


2nd file aswMBR file

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-18 21:58:40
-----------------------------
21:58:40.577 OS Version: Windows 6.0.6001 Service Pack 1
21:58:40.577 Number of processors: 2 586 0x170A
21:58:40.577 ComputerName: MICHAEL-PC UserName: michael
21:58:58.536 Initialize success
21:59:55.382 AVAST engine defs: 12091400
22:00:02.683 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:00:02.699 Disk 0 Vendor: SAMSUNG_ LZ10 Size: 114473MB BusType: 3
22:00:02.714 Disk 0 MBR read successfully
22:00:02.714 Disk 0 MBR scan
22:00:02.730 Disk 0 Windows VISTA default MBR code
22:00:02.730 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
22:00:02.761 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 161792
22:00:02.823 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101592 MB offset 21133312
22:00:02.823 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
22:00:03.042 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
22:00:03.057 Disk 0 scanning sectors +234438656
22:00:03.198 Disk 0 scanning C:\Windows\system32\drivers
22:00:31.371 Service scanning
22:00:52.697 Modules scanning
22:00:57.626 Disk 0 trace - called modules:
22:00:57.642 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:00:57.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856480f8]
22:00:57.657 3 CLASSPNP.SYS[87b9e745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84808030]
22:00:59.280 AVAST engine scan C:\Windows
22:01:02.197 AVAST engine scan C:\Windows\system32
22:04:23.391 AVAST engine scan C:\Windows\system32\drivers
22:04:37.839 AVAST engine scan C:\Users\michael
22:06:32.883 Disk 0 MBR has been saved successfully to "F:\Bleeping Files\MBR.dat"
22:06:32.930 The log file has been saved successfully to "F:\Bleeping Files\aswMBR.txt"


Now that I've managed to get these to run, should I run the other files? Thanks in advance.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 19 September 2012 - 01:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 September 2012 - 06:50 AM

Combofix states that McAfee is running and I cannot find a way to turn it off. Security, program files etc does not open the security center. Looks like the program is McAfee Virtual Technician, any suggestions? I've also enabled it in the taskbar but it does not show up.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:48 PM

Posted 19 September 2012 - 07:15 AM

go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:48 PM

Posted 19 September 2012 - 05:57 PM

The computer seems a bit better, combofix ran and belog is log file.

ComboFix 12-09-18.07 - michael 09/19/2012 18:14:10.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2037.1241 [GMT -4:00]
Running from: c:\users\michael\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\michael\AppData\Roaming\DataSafeDotNet.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 22:31 . 2012-09-19 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 01:45 . 2012-09-19 01:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-16 20:36 . 2012-09-16 20:36 -------- d-----w- c:\users\michael\AppData\Roaming\Malwarebytes
2012-09-16 18:50 . 2012-09-16 18:50 -------- d-----w- c:\programdata\Malwarebytes
2012-09-16 18:50 . 2012-09-16 18:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-16 18:50 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 01:47 . 2008-01-21 02:34 279040 ----a-w- c:\windows\system32\services.exe
2012-08-15 14:25 . 2012-07-16 16:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 14:25 . 2012-07-16 16:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 14:01 . 2009-01-29 10:12 223784182 ----a-w- c:\windows\DUMP55bd.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-08-09 1261384]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"DKab1err"="c:\program files\Dell\ErrorApp\DKab1err.exe" [2011-11-09 644160]
"DKADImon"="c:\program files\Dell V720 Series\DKADImon.exe" [2011-11-25 948360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-11 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-15 686792]
.
c:\users\michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Remote Access.lnk - c:\windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe [2009-1-29 53248]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-29 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-01-29 09:23 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 14:25]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:22]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 08:22]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730013126-1960073241-3106468613-1000Core.job
- c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 15:07]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1730013126-1960073241-3106468613-1000UA.job
- c:\users\michael\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 15:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 64.233.217.2 64.233.217.3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-4shared Desktop - c:\program files\4shared Desktop\desktop.exe
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
SafeBoot-83969880.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-4shared Desktop - c:\program files\4shared Desktop\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-19 18:36
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldocoms.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\STacSV.exe
c:\program files\Webroot\Washer\WasherSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Dell Remote Access\ezi_ra.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2012-09-19 18:49:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-19 22:49
.
Pre-Run: 34,649,202,688 bytes free
Post-Run: 36,125,048,832 bytes free
.
- - End Of File - - 079BD7DEC32E2374796F4B4C9BBC70E5




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users