Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus:WIN32/Sirefef.gen!C Microsoft Security Essentials


  • Please log in to reply
29 replies to this topic

#1 stirfrysteve

stirfrysteve

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 12:11 PM

Windows XP home edition. I noticed a slowdown in my computer response time while web surfing.

I have MS Security essentials as antivirus program, and ran a scan.

It detected Sirefef.gen!C

But when i hit the disinfect option it gets the following error:

"Security essentials encountered the following error: error code 0x800704ec windows cannot open this program because it has been prevented by a software restriction policy..."

anyone have some input to help solve this issue?

ThankYou, Steve

*Moderator Edit: Moved topic from Windows XP to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 15 November 2012 - 12:57 PM.


BC AdBot (Login to Remove)

 


#2 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 12:19 PM

I have also run malwarebytes and it showed no virus present.

I have also uninstalled and reinstalled MSE and windows defender.
reran scans and same result.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 15 November 2012 - 12:54 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 01:24 PM

Here is the log from TDSS. (Microsoft Security essentials is also started and notes catching the threat 'sirefef' while TDSS was running.)

13:17:30.0906 0580 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:17:31.0296 0580 ============================================================
13:17:31.0296 0580 Current date / time: 2012/11/15 13:17:31.0296
13:17:31.0296 0580 SystemInfo:
13:17:31.0296 0580
13:17:31.0296 0580 OS Version: 5.1.2600 ServicePack: 3.0
13:17:31.0296 0580 Product type: Workstation
13:17:31.0296 0580 ComputerName: DAVESCOMPUTER
13:17:31.0296 0580 UserName: Steve
13:17:31.0296 0580 Windows directory: C:\WINDOWS
13:17:31.0296 0580 System windows directory: C:\WINDOWS
13:17:31.0296 0580 Processor architecture: Intel x86
13:17:31.0296 0580 Number of processors: 1
13:17:31.0296 0580 Page size: 0x1000
13:17:31.0296 0580 Boot type: Normal boot
13:17:31.0296 0580 ============================================================
13:17:33.0968 0580 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:17:33.0984 0580 Drive \Device\Harddisk1\DR1 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:17:33.0984 0580 ============================================================
13:17:33.0984 0580 \Device\Harddisk0\DR0:
13:17:33.0984 0580 MBR partitions:
13:17:33.0984 0580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E482
13:17:33.0984 0580 \Device\Harddisk1\DR1:
13:17:33.0984 0580 MBR partitions:
13:17:33.0984 0580 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x4A89182
13:17:33.0984 0580 ============================================================
13:17:34.0031 0580 C: <-> \Device\Harddisk0\DR0\Partition1
13:17:34.0171 0580 E: <-> \Device\Harddisk1\DR1\Partition1
13:17:34.0171 0580 ============================================================
13:17:34.0171 0580 Initialize success
13:17:34.0171 0580 ============================================================
13:18:03.0468 0940 ============================================================
13:18:03.0468 0940 Scan started
13:18:03.0468 0940 Mode: Manual; TDLFS;
13:18:03.0468 0940 ============================================================
13:18:03.0781 0940 ================ Scan system memory ========================
13:18:03.0781 0940 System memory - ok
13:18:03.0812 0940 ================ Scan services =============================
13:18:03.0937 0940 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:18:03.0937 0940 !SASCORE - ok
13:18:04.0218 0940 Abiosdsk - ok
13:18:04.0296 0940 abp480n5 - ok
13:18:04.0390 0940 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:18:04.0406 0940 ACPI - ok
13:18:04.0484 0940 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:18:04.0484 0940 ACPIEC - ok
13:18:04.0625 0940 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:04.0640 0940 AdobeFlashPlayerUpdateSvc - ok
13:18:04.0687 0940 adpu160m - ok
13:18:04.0781 0940 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:18:04.0796 0940 aec - ok
13:18:04.0890 0940 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:18:04.0937 0940 AegisP - ok
13:18:05.0015 0940 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\system32\DRIVERS\AFD.SYS
13:18:05.0015 0940 AFD - ok
13:18:05.0093 0940 Aha154x - ok
13:18:05.0140 0940 aic78u2 - ok
13:18:05.0187 0940 aic78xx - ok
13:18:05.0281 0940 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:18:05.0281 0940 Alerter - ok
13:18:05.0343 0940 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:18:05.0343 0940 ALG - ok
13:18:05.0390 0940 AliIde - ok
13:18:05.0437 0940 amsint - ok
13:18:05.0546 0940 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:18:05.0562 0940 Apple Mobile Device - ok
13:18:05.0703 0940 [ B24B2A1D5DBECCC294C713DA19D21881 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
13:18:05.0781 0940 AR9271 - ok
13:18:05.0828 0940 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:18:05.0828 0940 Arp1394 - ok
13:18:05.0843 0940 asc - ok
13:18:05.0875 0940 asc3350p - ok
13:18:05.0906 0940 asc3550 - ok
13:18:06.0078 0940 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:18:06.0078 0940 aspnet_state - ok
13:18:06.0125 0940 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:18:06.0140 0940 AsyncMac - ok
13:18:06.0171 0940 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:18:06.0171 0940 atapi - ok
13:18:06.0187 0940 Atdisk - ok
13:18:06.0234 0940 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:18:06.0234 0940 Atmarpc - ok
13:18:06.0296 0940 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:18:06.0296 0940 AudioSrv - ok
13:18:06.0359 0940 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:18:06.0359 0940 audstub - ok
13:18:06.0500 0940 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:18:06.0515 0940 BBSvc - ok
13:18:06.0578 0940 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:18:06.0578 0940 BBUpdate - ok
13:18:06.0656 0940 [ 2D39D498108C4810EF8CC1103A2A5B73 ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMDM.sys
13:18:06.0687 0940 BCMModem - ok
13:18:06.0734 0940 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:18:06.0750 0940 Beep - ok
13:18:06.0828 0940 [ 1D26E3A3EA0234D54D14D4E45E2A84E9 ] Belkin700F C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys
13:18:06.0859 0940 Belkin700F - ok
13:18:06.0921 0940 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
13:18:06.0937 0940 BITS - ok
13:18:07.0000 0940 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:18:07.0000 0940 Browser - ok
13:18:07.0046 0940 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:18:07.0062 0940 cbidf2k - ok
13:18:07.0109 0940 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:18:07.0109 0940 CCDECODE - ok
13:18:07.0140 0940 cd20xrnt - ok
13:18:07.0187 0940 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:18:07.0187 0940 Cdaudio - ok
13:18:07.0218 0940 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:18:07.0218 0940 Cdfs - ok
13:18:07.0281 0940 [ 56C9655652491A130CD1C06BE6E3A6D8 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:18:07.0375 0940 Suspicious file (Forged): C:\WINDOWS\system32\drivers\Cdr4_xp.sys. Real md5: 56C9655652491A130CD1C06BE6E3A6D8, Fake md5: FC0BF5DF85F8BB38CB678976259E57D2
13:18:07.0375 0940 Cdr4_xp ( Virus.Win32.ZAccess.k ) - infected
13:18:07.0375 0940 Cdr4_xp - detected Virus.Win32.ZAccess.k (0)
13:18:07.0421 0940 [ EE162CA67A1158B56F6009EFD252642C ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:18:07.0468 0940 Cdralw2k - ok
13:18:07.0500 0940 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:18:07.0546 0940 Cdrom - ok
13:18:07.0609 0940 [ D6AF450EE494DF67A6D4E26B4CE34F09 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
13:18:07.0718 0940 cdudf_xp - ok
13:18:07.0734 0940 Changer - ok
13:18:07.0796 0940 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
13:18:07.0812 0940 cisvc - ok
13:18:07.0859 0940 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:18:07.0875 0940 ClipSrv - ok
13:18:07.0937 0940 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:18:07.0937 0940 clr_optimization_v2.0.50727_32 - ok
13:18:07.0968 0940 CmdIde - ok
13:18:08.0015 0940 COMSysApp - ok
13:18:08.0093 0940 Cpqarray - ok
13:18:08.0156 0940 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:18:08.0156 0940 CryptSvc - ok
13:18:08.0187 0940 dac2w2k - ok
13:18:08.0234 0940 dac960nt - ok
13:18:08.0359 0940 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:18:08.0375 0940 DcomLaunch - ok
13:18:08.0468 0940 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:18:08.0468 0940 Dhcp - ok
13:18:08.0515 0940 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:18:08.0531 0940 Disk - ok
13:18:08.0562 0940 dmadmin - ok
13:18:08.0671 0940 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:18:08.0687 0940 dmboot - ok
13:18:08.0734 0940 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:18:08.0750 0940 dmio - ok
13:18:08.0812 0940 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:18:08.0812 0940 dmload - ok
13:18:08.0859 0940 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:18:08.0859 0940 dmserver - ok
13:18:08.0921 0940 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:18:08.0921 0940 DMusic - ok
13:18:09.0000 0940 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:18:09.0000 0940 Dnscache - ok
13:18:09.0062 0940 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:18:09.0078 0940 Dot3svc - ok
13:18:09.0109 0940 dpti2o - ok
13:18:09.0156 0940 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:18:09.0156 0940 drmkaud - ok
13:18:09.0218 0940 [ 8506351FA2984C820728CD04B6AB688E ] DuneNtsc C:\WINDOWS\system32\DRIVERS\DuneNtsc.sys
13:18:09.0265 0940 DuneNtsc - ok
13:18:09.0328 0940 [ E1B79D42D7946F1C85797EA2D56A01F0 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
13:18:09.0421 0940 DVDVRRdr_xp - ok
13:18:09.0484 0940 [ D58A3C236B37A3A1F76B8F9C6288D1C3 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
13:18:09.0515 0940 dvd_2K - ok
13:18:09.0578 0940 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:18:09.0593 0940 E100B - ok
13:18:09.0656 0940 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:18:09.0671 0940 EapHost - ok
13:18:09.0734 0940 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:18:09.0734 0940 ERSvc - ok
13:18:09.0796 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:18:09.0796 0940 Eventlog - ok
13:18:09.0906 0940 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
13:18:09.0906 0940 EventSystem - ok
13:18:10.0000 0940 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:18:10.0000 0940 Fastfat - ok
13:18:10.0093 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:18:10.0093 0940 FastUserSwitchingCompatibility - ok
13:18:10.0140 0940 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:18:10.0140 0940 Fdc - ok
13:18:10.0218 0940 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:18:10.0218 0940 Fips - ok
13:18:10.0281 0940 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:18:10.0281 0940 Flpydisk - ok
13:18:10.0375 0940 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:18:10.0375 0940 FltMgr - ok
13:18:10.0468 0940 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:18:10.0484 0940 FontCache3.0.0.0 - ok
13:18:10.0531 0940 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:18:10.0531 0940 Fs_Rec - ok
13:18:10.0593 0940 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:18:10.0593 0940 Ftdisk - ok
13:18:10.0687 0940 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:18:10.0687 0940 GEARAspiWDM - ok
13:18:10.0781 0940 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:18:10.0781 0940 Gpc - ok
13:18:10.0953 0940 [ BF6E564F88FFC7809A9147E9381D4E50 ] GTWModem C:\WINDOWS\system32\DRIVERS\GWMDM.sys
13:18:11.0031 0940 GTWModem - ok
13:18:11.0156 0940 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:18:11.0156 0940 helpsvc - ok
13:18:11.0281 0940 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:18:11.0281 0940 hidusb - ok
13:18:11.0359 0940 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:18:11.0359 0940 hkmsvc - ok
13:18:11.0406 0940 hpn - ok
13:18:11.0468 0940 hpt3xx - ok
13:18:11.0546 0940 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:18:11.0546 0940 HPZid412 - ok
13:18:11.0593 0940 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:18:11.0593 0940 HPZipr12 - ok
13:18:11.0703 0940 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:18:11.0703 0940 HPZius12 - ok
13:18:11.0750 0940 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:18:11.0781 0940 HTTP - ok
13:18:11.0828 0940 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:18:11.0843 0940 HTTPFilter - ok
13:18:11.0875 0940 i2omgmt - ok
13:18:11.0890 0940 i2omp - ok
13:18:11.0953 0940 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:18:11.0953 0940 i8042prt - ok
13:18:12.0031 0940 [ 537EFE2F9ADCD01073F59E9D3D24164E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:18:12.0031 0940 ialm - ok
13:18:12.0140 0940 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:18:12.0203 0940 IDriverT - ok
13:18:12.0328 0940 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:18:12.0359 0940 idsvc - ok
13:18:12.0421 0940 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:18:12.0421 0940 Imapi - ok
13:18:12.0531 0940 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
13:18:12.0546 0940 ImapiService - ok
13:18:12.0609 0940 ini910u - ok
13:18:12.0671 0940 IntelIde - ok
13:18:12.0765 0940 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:18:12.0765 0940 intelppm - ok
13:18:12.0843 0940 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:18:12.0843 0940 ip6fw - ok
13:18:12.0921 0940 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:18:12.0921 0940 IpFilterDriver - ok
13:18:13.0000 0940 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:18:13.0000 0940 IpInIp - ok
13:18:13.0093 0940 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:18:13.0093 0940 IpNat - ok
13:18:13.0203 0940 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:18:13.0234 0940 iPod Service - ok
13:18:13.0328 0940 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:18:13.0328 0940 IPSec - ok
13:18:13.0375 0940 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:18:13.0390 0940 IRENUM - ok
13:18:13.0468 0940 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:18:13.0468 0940 isapnp - ok
13:18:13.0515 0940 iscFlash - ok
13:18:13.0687 0940 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:18:13.0703 0940 JavaQuickStarterService - ok
13:18:13.0796 0940 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:18:13.0796 0940 Kbdclass - ok
13:18:13.0875 0940 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:18:13.0875 0940 kbdhid - ok
13:18:13.0968 0940 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:18:13.0984 0940 kmixer - ok
13:18:14.0093 0940 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:18:14.0093 0940 KSecDD - ok
13:18:14.0187 0940 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:18:14.0187 0940 lanmanserver - ok
13:18:14.0281 0940 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:18:14.0296 0940 lanmanworkstation - ok
13:18:14.0328 0940 lbrtfdc - ok
13:18:14.0453 0940 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:18:14.0453 0940 LmHosts - ok
13:18:14.0500 0940 LVUSBSta - ok
13:18:14.0593 0940 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:18:14.0593 0940 Messenger - ok
13:18:14.0671 0940 [ AF89FA6CC924729DED21D4C3BE413CCA ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
13:18:14.0703 0940 mmc_2K - ok
13:18:14.0796 0940 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:18:14.0796 0940 mnmdd - ok
13:18:14.0859 0940 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:18:14.0859 0940 mnmsrvc - ok
13:18:14.0937 0940 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:18:14.0937 0940 Modem - ok
13:18:15.0015 0940 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:18:15.0015 0940 MODEMCSA - ok
13:18:15.0062 0940 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:18:15.0062 0940 Mouclass - ok
13:18:15.0140 0940 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:18:15.0140 0940 mouhid - ok
13:18:15.0203 0940 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:18:15.0218 0940 MountMgr - ok
13:18:15.0296 0940 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:18:15.0312 0940 MozillaMaintenance - ok
13:18:15.0406 0940 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:18:15.0421 0940 MpFilter - ok
13:18:15.0562 0940 [ A69630D039C38018689190234F866D77 ] MpKsl425fb5e1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87156C7D-7138-438B-A6FA-48A1135D7BC8}\MpKsl425fb5e1.sys
13:18:15.0562 0940 MpKsl425fb5e1 - ok
13:18:15.0609 0940 mraid35x - ok
13:18:15.0703 0940 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:18:15.0718 0940 MRxDAV - ok
13:18:15.0812 0940 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:18:15.0828 0940 MRxSmb - ok
13:18:15.0906 0940 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:18:15.0906 0940 MSDTC - ok
13:18:16.0015 0940 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:18:16.0015 0940 Msfs - ok
13:18:16.0062 0940 MSIServer - ok
13:18:16.0109 0940 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:18:16.0125 0940 MSKSSRV - ok
13:18:16.0187 0940 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:18:16.0187 0940 MsMpSvc - ok
13:18:16.0250 0940 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:18:16.0250 0940 MSPCLOCK - ok
13:18:16.0296 0940 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:18:16.0312 0940 MSPQM - ok
13:18:16.0375 0940 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:18:16.0375 0940 mssmbios - ok
13:18:16.0437 0940 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:18:16.0437 0940 MSTEE - ok
13:18:16.0515 0940 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:18:16.0515 0940 Mup - ok
13:18:16.0562 0940 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:18:16.0578 0940 NABTSFEC - ok
13:18:16.0671 0940 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:18:16.0687 0940 napagent - ok
13:18:16.0750 0940 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:18:16.0765 0940 NDIS - ok
13:18:16.0843 0940 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:18:16.0843 0940 NdisIP - ok
13:18:16.0921 0940 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:18:16.0937 0940 NdisTapi - ok
13:18:17.0000 0940 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:18:17.0000 0940 Ndisuio - ok
13:18:17.0046 0940 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:18:17.0046 0940 NdisWan - ok
13:18:17.0140 0940 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:18:17.0156 0940 NDProxy - ok
13:18:17.0203 0940 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:18:17.0203 0940 NetBIOS - ok
13:18:17.0265 0940 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:18:17.0265 0940 NetBT - ok
13:18:17.0343 0940 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:18:17.0359 0940 NetDDE - ok
13:18:17.0421 0940 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:18:17.0421 0940 NetDDEdsdm - ok
13:18:17.0484 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
13:18:17.0484 0940 Netlogon - ok
13:18:17.0578 0940 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:18:17.0578 0940 Netman - ok
13:18:17.0671 0940 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:18:17.0687 0940 NetTcpPortSharing - ok
13:18:17.0765 0940 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:18:17.0765 0940 NIC1394 - ok
13:18:17.0812 0940 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:18:17.0812 0940 Nla - ok
13:18:17.0843 0940 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:18:17.0859 0940 Npfs - ok
13:18:17.0984 0940 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:18:18.0015 0940 Ntfs - ok
13:18:18.0062 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
13:18:18.0062 0940 NtLmSsp - ok
13:18:18.0140 0940 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:18:18.0187 0940 NtmsSvc - ok
13:18:18.0234 0940 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:18:18.0250 0940 Null - ok
13:18:18.0312 0940 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:18:18.0312 0940 NwlnkFlt - ok
13:18:18.0375 0940 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:18:18.0375 0940 NwlnkFwd - ok
13:18:18.0453 0940 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:18:18.0453 0940 ohci1394 - ok
13:18:18.0531 0940 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:18:18.0531 0940 ose - ok
13:18:18.0625 0940 [ 56EBD7C43BE8C9E129D452828C1532D8 ] P1110VID C:\WINDOWS\system32\DRIVERS\P1110VID.sys
13:18:18.0640 0940 P1110VID - ok
13:18:18.0718 0940 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:18:18.0734 0940 Parport - ok
13:18:18.0781 0940 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:18:18.0781 0940 PartMgr - ok
13:18:18.0875 0940 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:18:18.0875 0940 ParVdm - ok
13:18:18.0953 0940 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:18:18.0968 0940 PCI - ok
13:18:19.0015 0940 PCIDump - ok
13:18:19.0078 0940 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:18:19.0078 0940 PCIIde - ok
13:18:19.0140 0940 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:18:19.0156 0940 Pcmcia - ok
13:18:19.0218 0940 [ EB7DE8F91803F267E899F87197731664 ] pctvvbi C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
13:18:19.0234 0940 pctvvbi - ok
13:18:19.0281 0940 PDCOMP - ok
13:18:19.0328 0940 PDFRAME - ok
13:18:19.0375 0940 PDRELI - ok
13:18:19.0421 0940 PDRFRAME - ok
13:18:19.0453 0940 perc2 - ok
13:18:19.0500 0940 perc2hib - ok
13:18:19.0703 0940 [ C5381A86A4A47FA6E6886774E7F6FB85 ] PictureTaker C:\WINDOWS\System32\PCTKRNT.SYS
13:18:19.0781 0940 PictureTaker - ok
13:18:19.0812 0940 PID_0928 - ok
13:18:19.0859 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:18:19.0875 0940 PlugPlay - ok
13:18:19.0937 0940 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
13:18:19.0937 0940 Pml Driver HPZ12 - ok
13:18:19.0984 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
13:18:20.0000 0940 PolicyAgent - ok
13:18:20.0078 0940 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:18:20.0078 0940 PptpMiniport - ok
13:18:20.0140 0940 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:18:20.0140 0940 Processor - ok
13:18:20.0187 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:18:20.0187 0940 ProtectedStorage - ok
13:18:20.0234 0940 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:18:20.0250 0940 PSched - ok
13:18:20.0328 0940 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:18:20.0328 0940 Ptilink - ok
13:18:20.0406 0940 [ 1C2B63FEFBD912055EC885894D001DFD ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
13:18:20.0453 0940 pwd_2k - ok
13:18:20.0500 0940 ql1080 - ok
13:18:20.0546 0940 Ql10wnt - ok
13:18:20.0593 0940 ql12160 - ok
13:18:20.0593 0940 ql1240 - ok
13:18:20.0640 0940 ql1280 - ok
13:18:20.0703 0940 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:18:20.0718 0940 RasAcd - ok
13:18:20.0781 0940 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:18:20.0796 0940 RasAuto - ok
13:18:20.0875 0940 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:18:20.0875 0940 Rasl2tp - ok
13:18:20.0968 0940 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:18:20.0984 0940 RasMan - ok
13:18:21.0046 0940 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:18:21.0046 0940 RasPppoe - ok
13:18:21.0109 0940 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:18:21.0109 0940 Raspti - ok
13:18:21.0218 0940 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:18:21.0234 0940 Rdbss - ok
13:18:21.0281 0940 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:18:21.0296 0940 RDPCDD - ok
13:18:21.0421 0940 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:18:21.0421 0940 RDPWD - ok
13:18:21.0500 0940 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:18:21.0515 0940 RDSessMgr - ok
13:18:21.0593 0940 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:18:21.0593 0940 redbook - ok
13:18:21.0671 0940 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:18:21.0687 0940 RemoteAccess - ok
13:18:21.0765 0940 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
13:18:21.0765 0940 RpcLocator - ok
13:18:21.0859 0940 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:18:21.0859 0940 RpcSs - ok
13:18:21.0937 0940 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:18:21.0953 0940 RSVP - ok
13:18:22.0031 0940 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:18:22.0031 0940 SamSs - ok
13:18:22.0109 0940 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:18:22.0125 0940 SASDIFSV - ok
13:18:22.0156 0940 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:18:22.0171 0940 SASKUTIL - ok
13:18:22.0265 0940 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:18:22.0265 0940 SCardSvr - ok
13:18:22.0343 0940 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:18:22.0343 0940 Schedule - ok
13:18:22.0468 0940 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:18:22.0484 0940 Secdrv - ok
13:18:22.0546 0940 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:18:22.0546 0940 seclogon - ok
13:18:22.0609 0940 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:18:22.0609 0940 SENS - ok
13:18:22.0703 0940 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:18:22.0703 0940 serenum - ok
13:18:22.0796 0940 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:18:22.0812 0940 Serial - ok
13:18:22.0968 0940 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:18:22.0968 0940 Sfloppy - ok
13:18:23.0046 0940 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:18:23.0046 0940 SharedAccess - ok
13:18:23.0109 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:18:23.0125 0940 ShellHWDetection - ok
13:18:23.0156 0940 Simbad - ok
13:18:23.0234 0940 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:18:23.0234 0940 SLIP - ok
13:18:23.0343 0940 [ B911C822922CF62DF83AD36D5C9775CC ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:18:23.0359 0940 smwdm - ok
13:18:23.0437 0940 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:18:23.0453 0940 SONYPVU1 - ok
13:18:23.0500 0940 Sparrow - ok
13:18:23.0578 0940 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:18:23.0578 0940 splitter - ok
13:18:23.0671 0940 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:18:23.0671 0940 Spooler - ok
13:18:23.0765 0940 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:18:23.0765 0940 sr - ok
13:18:23.0843 0940 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
13:18:23.0859 0940 srservice - ok
13:18:23.0953 0940 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:18:23.0984 0940 Srv - ok
13:18:24.0062 0940 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:18:24.0062 0940 SSDPSRV - ok
13:18:24.0171 0940 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:18:24.0187 0940 stisvc - ok
13:18:24.0265 0940 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:18:24.0281 0940 streamip - ok
13:18:24.0359 0940 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:18:24.0359 0940 swenum - ok
13:18:24.0437 0940 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:18:24.0453 0940 swmidi - ok
13:18:24.0484 0940 SwPrv - ok
13:18:24.0562 0940 symc810 - ok
13:18:24.0609 0940 symc8xx - ok
13:18:24.0656 0940 sym_hi - ok
13:18:24.0703 0940 sym_u3 - ok
13:18:24.0765 0940 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:18:24.0781 0940 sysaudio - ok
13:18:24.0859 0940 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:18:24.0875 0940 SysmonLog - ok
13:18:24.0968 0940 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:18:24.0968 0940 TapiSrv - ok
13:18:25.0093 0940 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:18:25.0109 0940 Tcpip - ok
13:18:25.0187 0940 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:18:25.0187 0940 TDPIPE - ok
13:18:25.0250 0940 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:18:25.0250 0940 TDTCP - ok
13:18:25.0343 0940 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:18:25.0343 0940 TermDD - ok
13:18:25.0437 0940 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:18:25.0453 0940 TermService - ok
13:18:25.0500 0940 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:18:25.0515 0940 Themes - ok
13:18:25.0593 0940 TosIde - ok
13:18:25.0687 0940 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:18:25.0687 0940 TrkWks - ok
13:18:25.0796 0940 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
13:18:25.0796 0940 TVICHW32 - ok
13:18:25.0875 0940 [ 6B9A26D1CFDD3C9B4623C33637495568 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
13:18:25.0968 0940 UdfReadr_xp - ok
13:18:26.0046 0940 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:18:26.0062 0940 Udfs - ok
13:18:26.0109 0940 ultra - ok
13:18:26.0187 0940 [ 0118C71BD37197228471EAE83BD9B32B ] umpusbxp C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
13:18:26.0203 0940 umpusbxp - ok
13:18:26.0296 0940 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:18:26.0328 0940 Update - ok
13:18:26.0406 0940 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:18:26.0421 0940 upnphost - ok
13:18:26.0468 0940 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:18:26.0484 0940 UPS - ok
13:18:26.0562 0940 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:18:26.0671 0940 USBAAPL - ok
13:18:26.0734 0940 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:18:26.0734 0940 usbccgp - ok
13:18:26.0812 0940 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:18:26.0812 0940 usbehci - ok
13:18:26.0906 0940 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:18:26.0921 0940 usbhub - ok
13:18:26.0984 0940 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:18:26.0984 0940 usbprint - ok
13:18:27.0062 0940 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:18:27.0062 0940 usbscan - ok
13:18:27.0156 0940 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:18:27.0156 0940 USBSTOR - ok
13:18:27.0218 0940 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:18:27.0218 0940 usbuhci - ok
13:18:27.0265 0940 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:18:27.0265 0940 VgaSave - ok
13:18:27.0312 0940 ViaIde - ok
13:18:27.0406 0940 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:18:27.0406 0940 VolSnap - ok
13:18:27.0500 0940 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:18:27.0515 0940 VSS - ok
13:18:27.0640 0940 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
13:18:27.0640 0940 W32Time - ok
13:18:27.0750 0940 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:18:27.0750 0940 Wanarp - ok
13:18:27.0781 0940 WDICA - ok
13:18:27.0875 0940 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:18:27.0875 0940 wdmaud - ok
13:18:27.0953 0940 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:18:27.0953 0940 WebClient - ok
13:18:28.0046 0940 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
13:18:28.0046 0940 WinDefend - ok
13:18:28.0218 0940 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:18:28.0218 0940 winmgmt - ok
13:18:28.0484 0940 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:18:28.0500 0940 wlidsvc - ok
13:18:28.0625 0940 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:18:28.0765 0940 WLSetupSvc - ok
13:18:28.0843 0940 [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
13:18:28.0843 0940 WMDM PMSP Service - ok
13:18:28.0906 0940 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:18:28.0906 0940 WmdmPmSN - ok
13:18:29.0031 0940 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:18:29.0125 0940 WmiApSrv - ok
13:18:29.0265 0940 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:18:29.0296 0940 WMPNetworkSvc - ok
13:18:29.0375 0940 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:18:29.0390 0940 wscsvc - ok
13:18:29.0468 0940 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:18:29.0484 0940 WSTCODEC - ok
13:18:29.0546 0940 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:18:29.0546 0940 wuauserv - ok
13:18:29.0625 0940 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:18:29.0640 0940 WudfPf - ok
13:18:29.0687 0940 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:18:29.0703 0940 WudfRd - ok
13:18:29.0734 0940 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:18:29.0750 0940 WudfSvc - ok
13:18:29.0843 0940 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:18:29.0859 0940 WZCSVC - ok
13:18:29.0937 0940 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:18:29.0937 0940 xmlprov - ok
13:18:30.0078 0940 [ E6C22D34BAEF5196E1B23A4492C275B7 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
13:18:30.0078 0940 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:18:30.0218 0940 [ 6E53BD96B0EBAD721CDD6320DBFC3F5F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
13:18:30.0218 0940 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:18:30.0265 0940 ================ Scan global ===============================
13:18:30.0328 0940 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:18:30.0421 0940 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:18:30.0484 0940 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:18:30.0546 0940 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:18:30.0562 0940 [Global] - ok
13:18:30.0578 0940 ================ Scan MBR ==================================
13:18:30.0625 0940 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:18:30.0906 0940 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:18:30.0906 0940 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:18:30.0968 0940 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:18:31.0640 0940 \Device\Harddisk1\DR1 - ok
13:18:31.0671 0940 ================ Scan VBR ==================================
13:18:31.0703 0940 [ C77A23AEBC4AC1401A8743F420FD5189 ] \Device\Harddisk0\DR0\Partition1
13:18:31.0703 0940 \Device\Harddisk0\DR0\Partition1 - ok
13:18:31.0750 0940 [ 2EDF1B35F2530534BF5B7A72D7BBE49A ] \Device\Harddisk1\DR1\Partition1
13:18:31.0750 0940 \Device\Harddisk1\DR1\Partition1 - ok
13:18:31.0750 0940 ============================================================
13:18:31.0750 0940 Scan finished
13:18:31.0750 0940 ============================================================
13:18:31.0843 3584 Detected object count: 2
13:18:31.0843 3584 Actual detected object count: 2
13:19:15.0171 3584 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - copied to quarantine
13:19:18.0000 3584 Backup copy not found, trying to cure infected file..
13:19:18.0000 3584 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - Cure failed (FFFFFFFF)
13:19:18.0000 3584 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - processing error
13:19:18.0109 3584 Cdr4_xp ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:19:18.0125 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:19:18.0125 3584 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:19:48.0765 3572 ============================================================
13:19:48.0765 3572 Scan started
13:19:48.0765 3572 Mode: Manual; TDLFS;
13:19:48.0765 3572 ============================================================
13:19:49.0187 3572 ================ Scan system memory ========================
13:19:49.0187 3572 System memory - ok
13:19:49.0203 3572 ================ Scan services =============================
13:19:49.0343 3572 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:19:49.0343 3572 !SASCORE - ok
13:19:49.0593 3572 Abiosdsk - ok
13:19:49.0640 3572 abp480n5 - ok
13:19:49.0734 3572 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:49.0734 3572 ACPI - ok
13:19:49.0828 3572 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:49.0828 3572 ACPIEC - ok
13:19:49.0968 3572 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:19:49.0968 3572 AdobeFlashPlayerUpdateSvc - ok
13:19:50.0015 3572 adpu160m - ok
13:19:50.0109 3572 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:19:50.0125 3572 aec - ok
13:19:50.0187 3572 [ 30BB1BDE595CA65FD5549462080D94E5 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:19:50.0187 3572 AegisP - ok
13:19:50.0265 3572 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\system32\DRIVERS\AFD.SYS
13:19:50.0265 3572 AFD - ok
13:19:50.0296 3572 Aha154x - ok
13:19:50.0343 3572 aic78u2 - ok
13:19:50.0359 3572 aic78xx - ok
13:19:50.0453 3572 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:19:50.0453 3572 Alerter - ok
13:19:50.0515 3572 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:19:50.0515 3572 ALG - ok
13:19:50.0562 3572 AliIde - ok
13:19:50.0593 3572 amsint - ok
13:19:50.0703 3572 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:50.0703 3572 Apple Mobile Device - ok
13:19:50.0828 3572 [ B24B2A1D5DBECCC294C713DA19D21881 ] AR9271 C:\WINDOWS\system32\DRIVERS\athuw.sys
13:19:50.0875 3572 AR9271 - ok
13:19:50.0937 3572 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:19:50.0937 3572 Arp1394 - ok
13:19:50.0984 3572 asc - ok
13:19:51.0031 3572 asc3350p - ok
13:19:51.0078 3572 asc3550 - ok
13:19:51.0296 3572 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:19:51.0312 3572 aspnet_state - ok
13:19:51.0375 3572 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:19:51.0390 3572 AsyncMac - ok
13:19:51.0453 3572 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:19:51.0453 3572 atapi - ok
13:19:51.0500 3572 Atdisk - ok
13:19:51.0546 3572 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:19:51.0562 3572 Atmarpc - ok
13:19:51.0640 3572 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:19:51.0640 3572 AudioSrv - ok
13:19:51.0718 3572 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:19:51.0718 3572 audstub - ok
13:19:51.0906 3572 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
13:19:51.0906 3572 BBSvc - ok
13:19:51.0968 3572 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
13:19:51.0984 3572 BBUpdate - ok
13:19:52.0078 3572 [ 2D39D498108C4810EF8CC1103A2A5B73 ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMDM.sys
13:19:52.0093 3572 BCMModem - ok
13:19:52.0171 3572 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:19:52.0171 3572 Beep - ok
13:19:52.0250 3572 [ 1D26E3A3EA0234D54D14D4E45E2A84E9 ] Belkin700F C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys
13:19:52.0265 3572 Belkin700F - ok
13:19:52.0343 3572 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\System32\qmgr.dll
13:19:52.0359 3572 BITS - ok
13:19:52.0437 3572 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:19:52.0437 3572 Browser - ok
13:19:52.0531 3572 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:19:52.0531 3572 cbidf2k - ok
13:19:52.0609 3572 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:19:52.0609 3572 CCDECODE - ok
13:19:52.0656 3572 cd20xrnt - ok
13:19:52.0734 3572 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:19:52.0734 3572 Cdaudio - ok
13:19:52.0796 3572 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:19:52.0796 3572 Cdfs - ok
13:19:52.0890 3572 [ 56C9655652491A130CD1C06BE6E3A6D8 ] Cdr4_xp C:\WINDOWS\system32\drivers\Cdr4_xp.sys
13:19:52.0890 3572 Suspicious file (Forged): C:\WINDOWS\system32\drivers\Cdr4_xp.sys. Real md5: 56C9655652491A130CD1C06BE6E3A6D8, Fake md5: FC0BF5DF85F8BB38CB678976259E57D2
13:19:52.0890 3572 Cdr4_xp ( Virus.Win32.ZAccess.k ) - infected
13:19:52.0890 3572 Cdr4_xp - detected Virus.Win32.ZAccess.k (0)
13:19:52.0968 3572 [ EE162CA67A1158B56F6009EFD252642C ] Cdralw2k C:\WINDOWS\system32\drivers\Cdralw2k.sys
13:19:52.0984 3572 Cdralw2k - ok
13:19:53.0046 3572 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:19:53.0046 3572 Cdrom - ok
13:19:53.0125 3572 [ D6AF450EE494DF67A6D4E26B4CE34F09 ] cdudf_xp C:\WINDOWS\system32\drivers\cdudf_xp.sys
13:19:53.0140 3572 cdudf_xp - ok
13:19:53.0187 3572 Changer - ok
13:19:53.0265 3572 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINDOWS\System32\cisvc.exe
13:19:53.0265 3572 cisvc - ok
13:19:53.0343 3572 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:19:53.0343 3572 ClipSrv - ok
13:19:53.0406 3572 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:53.0421 3572 clr_optimization_v2.0.50727_32 - ok
13:19:53.0453 3572 CmdIde - ok
13:19:53.0500 3572 COMSysApp - ok
13:19:53.0609 3572 Cpqarray - ok
13:19:53.0687 3572 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:19:53.0687 3572 CryptSvc - ok
13:19:53.0734 3572 dac2w2k - ok
13:19:53.0781 3572 dac960nt - ok
13:19:53.0906 3572 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:19:53.0921 3572 DcomLaunch - ok
13:19:54.0015 3572 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:19:54.0015 3572 Dhcp - ok
13:19:54.0078 3572 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:19:54.0078 3572 Disk - ok
13:19:54.0109 3572 dmadmin - ok
13:19:54.0203 3572 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:19:54.0218 3572 dmboot - ok
13:19:54.0281 3572 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:19:54.0281 3572 dmio - ok
13:19:54.0328 3572 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:19:54.0328 3572 dmload - ok
13:19:54.0390 3572 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:19:54.0406 3572 dmserver - ok
13:19:54.0484 3572 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:19:54.0484 3572 DMusic - ok
13:19:54.0546 3572 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:19:54.0562 3572 Dnscache - ok
13:19:54.0640 3572 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:19:54.0640 3572 Dot3svc - ok
13:19:54.0671 3572 dpti2o - ok
13:19:54.0734 3572 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:19:54.0734 3572 drmkaud - ok
13:19:54.0796 3572 [ 8506351FA2984C820728CD04B6AB688E ] DuneNtsc C:\WINDOWS\system32\DRIVERS\DuneNtsc.sys
13:19:54.0796 3572 DuneNtsc - ok
13:19:54.0859 3572 [ E1B79D42D7946F1C85797EA2D56A01F0 ] DVDVRRdr_xp C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
13:19:54.0875 3572 DVDVRRdr_xp - ok
13:19:54.0953 3572 [ D58A3C236B37A3A1F76B8F9C6288D1C3 ] dvd_2K C:\WINDOWS\system32\drivers\dvd_2K.sys
13:19:54.0953 3572 dvd_2K - ok
13:19:55.0046 3572 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:19:55.0046 3572 E100B - ok
13:19:55.0125 3572 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:19:55.0140 3572 EapHost - ok
13:19:55.0203 3572 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:19:55.0203 3572 ERSvc - ok
13:19:55.0281 3572 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:19:55.0281 3572 Eventlog - ok
13:19:55.0375 3572 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
13:19:55.0390 3572 EventSystem - ok
13:19:55.0484 3572 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:19:55.0484 3572 Fastfat - ok
13:19:55.0562 3572 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:19:55.0578 3572 FastUserSwitchingCompatibility - ok
13:19:55.0640 3572 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
13:19:55.0640 3572 Fdc - ok
13:19:55.0687 3572 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:19:55.0703 3572 Fips - ok
13:19:55.0750 3572 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:19:55.0750 3572 Flpydisk - ok
13:19:55.0843 3572 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
13:19:55.0843 3572 FltMgr - ok
13:19:55.0937 3572 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:55.0937 3572 FontCache3.0.0.0 - ok
13:19:56.0015 3572 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:19:56.0015 3572 Fs_Rec - ok
13:19:56.0062 3572 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:19:56.0062 3572 Ftdisk - ok
13:19:56.0140 3572 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:19:56.0156 3572 GEARAspiWDM - ok
13:19:56.0234 3572 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:19:56.0250 3572 Gpc - ok
13:19:56.0390 3572 [ BF6E564F88FFC7809A9147E9381D4E50 ] GTWModem C:\WINDOWS\system32\DRIVERS\GWMDM.sys
13:19:56.0421 3572 GTWModem - ok
13:19:56.0531 3572 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:19:56.0531 3572 helpsvc - ok
13:19:56.0625 3572 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:19:56.0625 3572 hidusb - ok
13:19:56.0734 3572 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:19:56.0734 3572 hkmsvc - ok
13:19:56.0781 3572 hpn - ok
13:19:56.0828 3572 hpt3xx - ok
13:19:56.0906 3572 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:19:56.0906 3572 HPZid412 - ok
13:19:56.0968 3572 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:19:56.0968 3572 HPZipr12 - ok
13:19:57.0046 3572 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:19:57.0046 3572 HPZius12 - ok
13:19:57.0125 3572 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:19:57.0140 3572 HTTP - ok
13:19:57.0218 3572 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:19:57.0234 3572 HTTPFilter - ok
13:19:57.0281 3572 i2omgmt - ok
13:19:57.0328 3572 i2omp - ok
13:19:57.0390 3572 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:19:57.0406 3572 i8042prt - ok
13:19:57.0484 3572 [ 537EFE2F9ADCD01073F59E9D3D24164E ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:19:57.0500 3572 ialm - ok
13:19:57.0625 3572 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:19:57.0625 3572 IDriverT - ok
13:19:57.0734 3572 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:57.0750 3572 idsvc - ok
13:19:57.0843 3572 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:19:57.0843 3572 Imapi - ok
13:19:57.0953 3572 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
13:19:57.0953 3572 ImapiService - ok
13:19:58.0046 3572 ini910u - ok
13:19:58.0093 3572 IntelIde - ok
13:19:58.0171 3572 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:19:58.0171 3572 intelppm - ok
13:19:58.0234 3572 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
13:19:58.0250 3572 ip6fw - ok
13:19:58.0328 3572 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:19:58.0343 3572 IpFilterDriver - ok
13:19:58.0390 3572 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:19:58.0390 3572 IpInIp - ok
13:19:58.0468 3572 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:19:58.0484 3572 IpNat - ok
13:19:58.0562 3572 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:19:58.0656 3572 iPod Service - ok
13:19:58.0781 3572 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:19:58.0781 3572 IPSec - ok
13:19:58.0812 3572 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:19:58.0812 3572 IRENUM - ok
13:19:58.0859 3572 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:19:58.0859 3572 isapnp - ok
13:19:58.0859 3572 iscFlash - ok
13:19:59.0000 3572 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:19:59.0000 3572 JavaQuickStarterService - ok
13:19:59.0062 3572 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:19:59.0062 3572 Kbdclass - ok
13:19:59.0109 3572 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:19:59.0109 3572 kbdhid - ok
13:19:59.0125 3572 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:19:59.0140 3572 kmixer - ok
13:19:59.0187 3572 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:19:59.0187 3572 KSecDD - ok
13:19:59.0250 3572 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
13:19:59.0250 3572 lanmanserver - ok
13:19:59.0312 3572 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:19:59.0328 3572 lanmanworkstation - ok
13:19:59.0328 3572 lbrtfdc - ok
13:19:59.0390 3572 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:19:59.0406 3572 LmHosts - ok
13:19:59.0421 3572 LVUSBSta - ok
13:19:59.0468 3572 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:19:59.0468 3572 Messenger - ok
13:19:59.0515 3572 [ AF89FA6CC924729DED21D4C3BE413CCA ] mmc_2K C:\WINDOWS\system32\drivers\mmc_2K.sys
13:19:59.0515 3572 mmc_2K - ok
13:19:59.0562 3572 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:19:59.0578 3572 mnmdd - ok
13:19:59.0609 3572 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
13:19:59.0609 3572 mnmsrvc - ok
13:19:59.0656 3572 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:19:59.0656 3572 Modem - ok
13:19:59.0703 3572 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:19:59.0703 3572 MODEMCSA - ok
13:19:59.0718 3572 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:19:59.0718 3572 Mouclass - ok
13:19:59.0765 3572 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:19:59.0765 3572 mouhid - ok
13:19:59.0796 3572 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:19:59.0796 3572 MountMgr - ok
13:19:59.0843 3572 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:19:59.0843 3572 MozillaMaintenance - ok
13:19:59.0890 3572 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:19:59.0906 3572 MpFilter - ok
13:20:00.0000 3572 [ A69630D039C38018689190234F866D77 ] MpKsl425fb5e1 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{87156C7D-7138-438B-A6FA-48A1135D7BC8}\MpKsl425fb5e1.sys
13:20:00.0000 3572 MpKsl425fb5e1 - ok
13:20:00.0015 3572 mraid35x - ok
13:20:00.0062 3572 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:20:00.0062 3572 MRxDAV - ok
13:20:00.0125 3572 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:20:00.0140 3572 MRxSmb - ok
13:20:00.0171 3572 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
13:20:00.0187 3572 MSDTC - ok
13:20:00.0203 3572 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:20:00.0203 3572 Msfs - ok
13:20:00.0203 3572 MSIServer - ok
13:20:00.0234 3572 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:20:00.0234 3572 MSKSSRV - ok
13:20:00.0265 3572 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:20:00.0265 3572 MsMpSvc - ok
13:20:00.0296 3572 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:20:00.0296 3572 MSPCLOCK - ok
13:20:00.0312 3572 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:20:00.0312 3572 MSPQM - ok
13:20:00.0343 3572 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:20:00.0343 3572 mssmbios - ok
13:20:00.0375 3572 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
13:20:00.0375 3572 MSTEE - ok
13:20:00.0421 3572 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:20:00.0421 3572 Mup - ok
13:20:00.0453 3572 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:20:00.0468 3572 NABTSFEC - ok
13:20:00.0500 3572 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:20:00.0515 3572 napagent - ok
13:20:00.0562 3572 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:20:00.0578 3572 NDIS - ok
13:20:00.0609 3572 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:20:00.0609 3572 NdisIP - ok
13:20:00.0656 3572 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:20:00.0656 3572 NdisTapi - ok
13:20:00.0671 3572 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:20:00.0671 3572 Ndisuio - ok
13:20:00.0703 3572 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:20:00.0703 3572 NdisWan - ok
13:20:00.0750 3572 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:20:00.0750 3572 NDProxy - ok
13:20:00.0765 3572 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:20:00.0765 3572 NetBIOS - ok
13:20:00.0796 3572 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:20:00.0796 3572 NetBT - ok
13:20:00.0843 3572 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:20:00.0859 3572 NetDDE - ok
13:20:00.0859 3572 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:20:00.0875 3572 NetDDEdsdm - ok
13:20:00.0906 3572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
13:20:00.0906 3572 Netlogon - ok
13:20:00.0968 3572 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:20:00.0968 3572 Netman - ok
13:20:01.0015 3572 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:20:01.0031 3572 NetTcpPortSharing - ok
13:20:01.0062 3572 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:20:01.0062 3572 NIC1394 - ok
13:20:01.0093 3572 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:20:01.0093 3572 Nla - ok
13:20:01.0125 3572 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:20:01.0125 3572 Npfs - ok
13:20:01.0156 3572 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:20:01.0171 3572 Ntfs - ok
13:20:01.0187 3572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
13:20:01.0187 3572 NtLmSsp - ok
13:20:01.0234 3572 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:20:01.0250 3572 NtmsSvc - ok
13:20:01.0281 3572 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:20:01.0281 3572 Null - ok
13:20:01.0328 3572 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:20:01.0328 3572 NwlnkFlt - ok
13:20:01.0343 3572 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:20:01.0343 3572 NwlnkFwd - ok
13:20:01.0390 3572 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:20:01.0390 3572 ohci1394 - ok
13:20:01.0453 3572 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:20:01.0453 3572 ose - ok
13:20:01.0515 3572 [ 56EBD7C43BE8C9E129D452828C1532D8 ] P1110VID C:\WINDOWS\system32\DRIVERS\P1110VID.sys
13:20:01.0515 3572 P1110VID - ok
13:20:01.0531 3572 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:20:01.0546 3572 Parport - ok
13:20:01.0546 3572 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:20:01.0546 3572 PartMgr - ok
13:20:01.0609 3572 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:20:01.0609 3572 ParVdm - ok
13:20:01.0625 3572 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:20:01.0640 3572 PCI - ok
13:20:01.0640 3572 PCIDump - ok
13:20:01.0687 3572 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:20:01.0687 3572 PCIIde - ok
13:20:01.0718 3572 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:20:01.0718 3572 Pcmcia - ok
13:20:01.0765 3572 [ EB7DE8F91803F267E899F87197731664 ] pctvvbi C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
13:20:01.0765 3572 pctvvbi - ok
13:20:01.0781 3572 PDCOMP - ok
13:20:01.0781 3572 PDFRAME - ok
13:20:01.0796 3572 PDRELI - ok
13:20:01.0812 3572 PDRFRAME - ok
13:20:01.0828 3572 perc2 - ok
13:20:01.0843 3572 perc2hib - ok
13:20:01.0906 3572 [ C5381A86A4A47FA6E6886774E7F6FB85 ] PictureTaker C:\WINDOWS\System32\PCTKRNT.SYS
13:20:01.0921 3572 PictureTaker - ok
13:20:01.0921 3572 PID_0928 - ok
13:20:01.0953 3572 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:20:01.0968 3572 PlugPlay - ok
13:20:02.0000 3572 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
13:20:02.0000 3572 Pml Driver HPZ12 - ok
13:20:02.0015 3572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
13:20:02.0015 3572 PolicyAgent - ok
13:20:02.0062 3572 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:20:02.0062 3572 PptpMiniport - ok
13:20:02.0078 3572 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:20:02.0093 3572 Processor - ok
13:20:02.0109 3572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:20:02.0109 3572 ProtectedStorage - ok
13:20:02.0109 3572 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:20:02.0125 3572 PSched - ok
13:20:02.0156 3572 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:20:02.0156 3572 Ptilink - ok
13:20:02.0187 3572 [ 1C2B63FEFBD912055EC885894D001DFD ] pwd_2k C:\WINDOWS\system32\drivers\pwd_2k.sys
13:20:02.0203 3572 pwd_2k - ok
13:20:02.0203 3572 ql1080 - ok
13:20:02.0218 3572 Ql10wnt - ok
13:20:02.0234 3572 ql12160 - ok
13:20:02.0250 3572 ql1240 - ok
13:20:02.0250 3572 ql1280 - ok
13:20:02.0265 3572 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:20:02.0281 3572 RasAcd - ok
13:20:02.0312 3572 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:20:02.0312 3572 RasAuto - ok
13:20:02.0359 3572 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:20:02.0359 3572 Rasl2tp - ok
13:20:02.0421 3572 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:20:02.0421 3572 RasMan - ok
13:20:02.0453 3572 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:20:02.0453 3572 RasPppoe - ok
13:20:02.0468 3572 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:20:02.0468 3572 Raspti - ok
13:20:02.0531 3572 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:20:02.0531 3572 Rdbss - ok
13:20:02.0546 3572 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:20:02.0562 3572 RDPCDD - ok
13:20:02.0625 3572 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:20:02.0625 3572 RDPWD - ok
13:20:02.0656 3572 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:20:02.0671 3572 RDSessMgr - ok
13:20:02.0703 3572 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:20:02.0703 3572 redbook - ok
13:20:02.0750 3572 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:20:02.0765 3572 RemoteAccess - ok
13:20:02.0781 3572 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
13:20:02.0781 3572 RpcLocator - ok
13:20:02.0828 3572 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
13:20:02.0843 3572 RpcSs - ok
13:20:02.0890 3572 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
13:20:02.0890 3572 RSVP - ok
13:20:02.0921 3572 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:20:02.0937 3572 SamSs - ok
13:20:02.0984 3572 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:20:02.0984 3572 SASDIFSV - ok
13:20:03.0000 3572 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:20:03.0000 3572 SASKUTIL - ok
13:20:03.0046 3572 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:20:03.0046 3572 SCardSvr - ok
13:20:03.0093 3572 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:20:03.0109 3572 Schedule - ok
13:20:03.0156 3572 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:20:03.0156 3572 Secdrv - ok
13:20:03.0203 3572 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:20:03.0203 3572 seclogon - ok
13:20:03.0218 3572 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:20:03.0218 3572 SENS - ok
13:20:03.0265 3572 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:20:03.0281 3572 serenum - ok
13:20:03.0343 3572 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:20:03.0343 3572 Serial - ok
13:20:03.0406 3572 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
13:20:03.0406 3572 Sfloppy - ok
13:20:03.0468 3572 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:20:03.0468 3572 SharedAccess - ok
13:20:03.0531 3572 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:20:03.0531 3572 ShellHWDetection - ok
13:20:03.0546 3572 Simbad - ok
13:20:03.0578 3572 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:20:03.0593 3572 SLIP - ok
13:20:03.0656 3572 [ B911C822922CF62DF83AD36D5C9775CC ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
13:20:03.0671 3572 smwdm - ok
13:20:03.0703 3572 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:20:03.0703 3572 SONYPVU1 - ok
13:20:03.0718 3572 Sparrow - ok
13:20:03.0765 3572 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:20:03.0765 3572 splitter - ok
13:20:03.0812 3572 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:20:03.0828 3572 Spooler - ok
13:20:03.0875 3572 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:20:03.0875 3572 sr - ok
13:20:03.0921 3572 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
13:20:03.0937 3572 srservice - ok
13:20:04.0015 3572 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:20:04.0015 3572 Srv - ok
13:20:04.0062 3572 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:20:04.0078 3572 SSDPSRV - ok
13:20:04.0140 3572 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:20:04.0140 3572 stisvc - ok
13:20:04.0187 3572 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:20:04.0187 3572 streamip - ok
13:20:04.0218 3572 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:20:04.0234 3572 swenum - ok
13:20:04.0281 3572 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:20:04.0281 3572 swmidi - ok
13:20:04.0296 3572 SwPrv - ok
13:20:04.0312 3572 symc810 - ok
13:20:04.0328 3572 symc8xx - ok
13:20:04.0328 3572 sym_hi - ok
13:20:04.0343 3572 sym_u3 - ok
13:20:04.0406 3572 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:20:04.0406 3572 sysaudio - ok
13:20:04.0453 3572 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:20:04.0453 3572 SysmonLog - ok
13:20:04.0515 3572 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:20:04.0515 3572 TapiSrv - ok
13:20:04.0578 3572 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:20:04.0593 3572 Tcpip - ok
13:20:04.0640 3572 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:20:04.0640 3572 TDPIPE - ok
13:20:04.0656 3572 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:20:04.0671 3572 TDTCP - ok
13:20:04.0703 3572 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:20:04.0703 3572 TermDD - ok
13:20:04.0765 3572 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:20:04.0781 3572 TermService - ok
13:20:04.0828 3572 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:20:04.0843 3572 Themes - ok
13:20:04.0859 3572 TosIde - ok
13:20:04.0921 3572 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:20:04.0921 3572 TrkWks - ok
13:20:04.0968 3572 [ E266683FC95ABDEC17CD378564E1B54B ] TVICHW32 C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
13:20:04.0968 3572 TVICHW32 - ok
13:20:05.0015 3572 [ 6B9A26D1CFDD3C9B4623C33637495568 ] UdfReadr_xp C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
13:20:05.0015 3572 UdfReadr_xp - ok
13:20:05.0062 3572 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:20:05.0062 3572 Udfs - ok
13:20:05.0078 3572 ultra - ok
13:20:05.0109 3572 [ 0118C71BD37197228471EAE83BD9B32B ] umpusbxp C:\WINDOWS\system32\DRIVERS\umpusbxp.sys
13:20:05.0109 3572 umpusbxp - ok
13:20:05.0187 3572 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:20:05.0187 3572 Update - ok
13:20:05.0234 3572 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:20:05.0234 3572 upnphost - ok
13:20:05.0281 3572 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:20:05.0281 3572 UPS - ok
13:20:05.0312 3572 [ F340199E8CB097E1ACD58A967C665919 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
13:20:05.0312 3572 USBAAPL - ok
13:20:05.0343 3572 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:20:05.0359 3572 usbccgp - ok
13:20:05.0406 3572 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:20:05.0406 3572 usbehci - ok
13:20:05.0468 3572 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:20:05.0468 3572 usbhub - ok
13:20:05.0515 3572 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:20:05.0515 3572 usbprint - ok
13:20:05.0546 3572 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:20:05.0546 3572 usbscan - ok
13:20:05.0593 3572 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:20:05.0593 3572 USBSTOR - ok
13:20:05.0640 3572 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:20:05.0640 3572 usbuhci - ok
13:20:05.0656 3572 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:20:05.0656 3572 VgaSave - ok
13:20:05.0671 3572 ViaIde - ok
13:20:05.0734 3572 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:20:05.0734 3572 VolSnap - ok
13:20:05.0796 3572 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:20:05.0812 3572 VSS - ok
13:20:05.0843 3572 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
13:20:05.0859 3572 W32Time - ok
13:20:05.0921 3572 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:20:05.0921 3572 Wanarp - ok
13:20:05.0937 3572 WDICA - ok
13:20:05.0984 3572 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:20:06.0000 3572 wdmaud - ok
13:20:06.0046 3572 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:20:06.0046 3572 WebClient - ok
13:20:06.0125 3572 [ F45DD1E1365D857DD08BC23563370D0E ] WinDefend C:\Program Files\Windows Defender\MsMpEng.exe
13:20:06.0125 3572 WinDefend - ok
13:20:06.0203 3572 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:20:06.0218 3572 winmgmt - ok
13:20:06.0390 3572 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:20:06.0406 3572 wlidsvc - ok
13:20:06.0500 3572 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:20:06.0500 3572 WLSetupSvc - ok
13:20:06.0531 3572 [ 668056D5C3C11AB7D266819A96B964E8 ] WMDM PMSP Service C:\WINDOWS\system32\MsPMSPSv.exe
13:20:06.0531 3572 WMDM PMSP Service - ok
13:20:06.0562 3572 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:20:06.0578 3572 WmdmPmSN - ok
13:20:06.0609 3572 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:20:06.0625 3572 WmiApSrv - ok
13:20:06.0703 3572 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:20:06.0718 3572 WMPNetworkSvc - ok
13:20:06.0781 3572 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:20:06.0781 3572 wscsvc - ok
13:20:06.0843 3572 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:20:06.0843 3572 WSTCODEC - ok
13:20:06.0875 3572 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:20:06.0875 3572 wuauserv - ok
13:20:06.0921 3572 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:20:06.0921 3572 WudfPf - ok
13:20:06.0953 3572 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:20:06.0953 3572 WudfRd - ok
13:20:06.0968 3572 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:20:06.0984 3572 WudfSvc - ok
13:20:07.0046 3572 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:20:07.0046 3572 WZCSVC - ok
13:20:07.0093 3572 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:20:07.0093 3572 xmlprov - ok
13:20:07.0156 3572 [ E6C22D34BAEF5196E1B23A4492C275B7 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
13:20:07.0156 3572 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
13:20:07.0203 3572 [ 6E53BD96B0EBAD721CDD6320DBFC3F5F ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
13:20:07.0203 3572 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
13:20:07.0203 3572 ================ Scan global ===============================
13:20:07.0265 3572 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:20:07.0328 3572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:20:07.0359 3572 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:20:07.0390 3572 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:20:07.0406 3572 [Global] - ok
13:20:07.0406 3572 ================ Scan MBR ==================================
13:20:07.0421 3572 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:20:07.0703 3572 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:20:07.0703 3572 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:20:07.0718 3572 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
13:20:08.0281 3572 \Device\Harddisk1\DR1 - ok
13:20:08.0281 3572 ================ Scan VBR ==================================
13:20:08.0312 3572 [ C77A23AEBC4AC1401A8743F420FD5189 ] \Device\Harddisk0\DR0\Partition1
13:20:08.0312 3572 \Device\Harddisk0\DR0\Partition1 - ok
13:20:08.0328 3572 [ 2EDF1B35F2530534BF5B7A72D7BBE49A ] \Device\Harddisk1\DR1\Partition1
13:20:08.0328 3572 \Device\Harddisk1\DR1\Partition1 - ok
13:20:08.0328 3572 ============================================================
13:20:08.0328 3572 Scan finished
13:20:08.0328 3572 ============================================================
13:20:08.0343 3332 Detected object count: 2
13:20:08.0343 3332 Actual detected object count: 2
13:20:14.0531 3332 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - copied to quarantine
13:20:14.0984 3332 Backup copy not found, trying to cure infected file..
13:20:14.0984 3332 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - Cure failed (FFFFFFFF)
13:20:14.0984 3332 C:\WINDOWS\system32\drivers\Cdr4_xp.sys - processing error
13:20:15.0078 3332 Cdr4_xp ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:20:15.0109 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:20:15.0109 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
13:21:51.0640 1412 Deinitialize success

#5 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 01:56 PM

Log From avast: (I did not select 'fix it' as you did not instruct to do so...should I have selected it?)


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-15 13:26:23
-----------------------------
13:26:23.031 OS Version: Windows 5.1.2600 Service Pack 3
13:26:23.031 Number of processors: 1 586 0x204
13:26:23.031 ComputerName: DAVESCOMPUTER UserName: Steve
13:26:24.046 Initialize success
13:28:02.468 AVAST engine defs: 12111500
13:28:54.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:28:54.468 Disk 0 Vendor: WDC_WD800BB-22JHC0 05.01C05 Size: 76319MB BusType: 3
13:28:54.484 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
13:28:54.484 Disk 1 Vendor: ST340016A 3.75 Size: 38166MB BusType: 3
13:28:54.500 Disk 0 MBR read successfully
13:28:54.500 Disk 0 MBR scan
13:28:54.562 Disk 0 Windows XP default MBR code
13:28:54.562 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
13:28:54.578 Disk 0 scanning sectors +156296385
13:28:54.671 Disk 0 scanning C:\WINDOWS\system32\drivers
13:29:07.031 File: C:\WINDOWS\system32\drivers\cdr4_xp.sys **SUSPICIOUS**
13:29:33.375 Disk 0 trace - called modules:
13:29:33.375 ntoskrnl.exe hal.dll CLASSPNP.SYS disk.sys >>UNKNOWN [0x897d2698]<<
13:29:33.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b68ab8]
13:29:33.375 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x89a399e8]
13:29:33.375 \Driver\00001095[0x899883e8] -> IRP_MJ_CREATE -> 0x897d2698
13:29:33.843 AVAST engine scan C:\WINDOWS
13:29:43.609 AVAST engine scan C:\WINDOWS\system32
13:35:56.953 AVAST engine scan C:\WINDOWS\system32\drivers
13:36:08.968 File: C:\WINDOWS\system32\drivers\cdr4_xp.sys **SUSPICIOUS**
13:36:40.187 AVAST engine scan C:\Documents and Settings\Steve
13:50:39.859 AVAST engine scan C:\Documents and Settings\All Users
13:54:14.953 Scan finished successfully
13:54:32.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steve\Desktop\MBR.dat"
13:54:32.406 The log file has been saved successfully to "C:\Documents and Settings\Steve\Desktop\aswMBR.txt"

#6 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:04 PM

ESET log file:

Operating memory a variant of Win32/Sirefef.EZ trojan

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 15 November 2012 - 04:12 PM

This is not the complete one

#8 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:21 PM

How do I find it now that it has run and finished?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 15 November 2012 - 04:25 PM

Launch TDSSkiller again and select DELETE

13:20:15.0109 3332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

Edited by narenxp, 15 November 2012 - 04:25 PM.


#10 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:26 PM

I believe so, i did the copy to txt option after the scan ran.

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:47 PM

Posted 15 November 2012 - 04:26 PM

Ignore it and follow my previous instruction

#12 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:27 PM

I am running eset again to see if i made a mistake.

#13 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:29 PM

ok, O will stop eset and follow the instructions i just seen

#14 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:35 PM

launched tdsskiller. I see no option to 'Delete'

#15 stirfrysteve

stirfrysteve
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 November 2012 - 04:39 PM

wait, my bad, misread your post. Am continuing with instructs. sorry.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users