Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problems....hacker?


  • Please log in to reply
7 replies to this topic

#1 dingdingding

dingdingding

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:57 AM

Posted 11 December 2012 - 06:38 PM

Hello, and to whoever helps me, many sincere thank yous in advance.

-I am running Windows 7
-I am using Kaspersky anti-virus
-I also have MalwareBytes installed

But today, after doing some reading on your amazing site here, I decided that Kaspersky may not be enough, and I wanted to do what I have done in the past, which is to use BC's blended approach to computer protection (stupidly, I had let myself be talked out of using this blended approach, once we got our new computer....again, not my brightest moment).

So today, I downloaded the Spybot 2 program (as my first step in downloading several programs from one of BC's tutorials....I have not downloaded those other programs yet).

Then I updated and ran Malwarebytes.

Then I updated and ran Kaspersky.

Then I updated and ran Spybot (I used to use an older version of Spybot, and this newer version is new to me).

None of these programs found any problems, until I had Spybot run a 'search for rootkits'.....and it seemed to find many (I would post a log of that, but I honestly don't know how.....I am still getting used to this Windows 7 too). All of these rootkit problems seem to deal with one program (?).

Anyway, I seem to have rootkit issues, and I don't know if I should delete these issues via Spybot, or what....because I would apparently need to run down the list of found problems, and delete every file. That seems dangerous when I don't know what I'm doing (unless you tell me that I should do that, and then I am all for it).

My computer isn't running badly that I can tell, but.....that's not to say that I haven't had some recent internet problems with a stalker, and.....that stalker may or many not have some computer experience that I clearly don't have.

Any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 AM

Posted 11 December 2012 - 08:09 PM

Hello and welcome back Lets run these and see the logs.

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt).

A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>>

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:57 AM

Posted 11 December 2012 - 09:03 PM

Hi Boopme! :)


Here are my logs for the scans:


MiniToolBox by Farbar Version: 25-11-2012
Ran by EdJen (administrator) on 11-12-2012 at 19:24:02
Running from "C:\Users\EdJen\Downloads"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : EdJen-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : westell.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 5C-F9-DD-6C-56-B1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3444:ac5a:a9f9:a09f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.33(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, December 11, 2012 9:38:20 AM
Lease Expires . . . . . . . . . . : Wednesday, December 12, 2012 9:38:20 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 240974301
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-31-C6-CE-5C-F9-DD-6C-56-B1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : westell.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:3072:11a9:3f57:fede(Preferred)
Link-local IPv6 Address . . . . . : fe80::3072:11a9:3f57:fede%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: google.com
Addresses: 2607:f8b0:4009:800::1008
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46
74.125.225.32
74.125.225.33


Pinging google.com [74.125.225.33] with 32 bytes of data:
Reply from 74.125.225.33: bytes=32 time=24ms TTL=56
Reply from 74.125.225.33: bytes=32 time=24ms TTL=56

Ping statistics for 74.125.225.33:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server: dslrouter.westell.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=43ms TTL=53
Reply from 98.138.253.109: bytes=32 time=42ms TTL=53

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 43ms, Average = 42ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...5c f9 dd 6c 56 b1 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.33 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.33 276
192.168.1.33 255.255.255.255 On-link 192.168.1.33 276
192.168.1.255 255.255.255.255 On-link 192.168.1.33 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.33 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.33 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:953c:3072:11a9:3f57:fede/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::3072:11a9:3f57:fede/128
On-link
11 276 fe80::3444:ac5a:a9f9:a09f/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/11/2012 01:24:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/11/2012 09:39:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2012 07:43:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2012 10:35:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2012 01:20:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (12/07/2012 10:08:31 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 08:11:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 05:09:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 03:49:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2012 05:02:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/11/2012 09:38:51 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (12/11/2012 01:53:07 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/10/2012 07:43:01 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (12/10/2012 10:42:54 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/10/2012 10:34:38 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (12/07/2012 11:50:30 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/07/2012 10:07:38 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (12/06/2012 11:06:58 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (12/06/2012 08:10:17 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (12/06/2012 05:14:23 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (12/11/2012 01:24:00 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (12/11/2012 09:39:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2012 07:43:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2012 10:35:53 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2012 01:20:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (12/07/2012 10:08:31 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 08:11:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 05:09:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/06/2012 03:49:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2012 05:02:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.222)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Photoshop Elements (Version: 1.0)
Adobe Reader X (10.1.4) MUI (Version: 10.1.4)
AMD APP SDK Runtime (Version: 2.4.650.9)
ATI AVIVO64 Codecs (Version: 11.6.0.10628)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Blio (Version: 2.3.7140)
Canon Easy-PhotoPrint EX
Canon MG3100 series MP Drivers
Canon MG3100 series On-screen Manual
Canon MG3100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX (Version: 3.3.0.5)
Canon Solution Menu EX
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities Digital Photo Professional 3.4 (Version: 3.4.0.0)
Canon Utilities EOS Utility (Version: 2.4.0.1)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities Picture Style Editor (Version: 1.3.0.0)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities WFT-E1/E2/E3 Utility (Version: 3.2.1.1)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Portuguese (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
Consumer In-Home Service Agreement (Version: 2.0.0)
Cozi (Version: 1.0.6505.38692)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.67)
Dell DataSafe Local Backup (Version: 9.4.67)
Dell Digital Delivery (Version: 2.2.4000.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell KM632 Wireless Keyboard Caps Lock Indicator (Version: 2.1.9.0401)
Dell MusicStage (Version: 1.6.225.0)
Dell PhotoStage (Version: 1.5.0.130)
Dell Stage (Version: 1.7.209.0)
Dell VideoStage (Version: 1.3.0.2214)
DirectX 9 Runtime (Version: 1.00.0000)
eBay (Version: 1.4.0)
High-Definition Video Playback (Version: 7.3.10000.0.0)
Homestead SiteBuilder
Intel® Control Center (Version: 1.2.1.1007)
Intel® Rapid Storage Technology (Version: 10.6.0.1002)
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 17.0)
Mozilla Thunderbird 17.0 (x86 en-US) (Version: 17.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Multimedia Card Reader (Version: 1.7.915.93)
Nero 10 Movie ThemePack Basic (Version: 10.2.10200.0.0)
Nero Control Center 10 (Version: 10.6.12800.0.8)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.20500.9.16)
Nero Update (Version: 1.0.0018)
OpenOffice.org 3.4 (Version: 3.4.9590)
PlayReady PC Runtime x86 (Version: 1.3.0)
RBVirtualFolder64Inst (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.6141)
Roxio BackOnTrack (Version: 4.0)
Roxio Burn (Version: 1.6)
Roxio CinePlayer (Version: 5.6)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2011 (Version: 1.3.166)
Roxio Creator 2011 (Version: 13.0)
Roxio Creator 2011 (Version: 6.0.0)
Roxio Dell install Util (Version: 2.00.0000)
Roxio PhotoShow (Version: 6.0)
Roxio Video Capture USB (Version: 1.22.0000)
Skype™ 5.10 (Version: 5.10.116)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
Spybot - Search & Destroy (Version: 2.0.12)
SyncUP (Version: 1.12.11100.9.104)
SyncUP (Version: 10.2.16100)
THX TruStudio PC (Version: 1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
VD64Inst (Version: 1.00.0000)
VideoCam Suite 3.0 (Version: 3.00.031.1033)
WD SmartWare (Version: 1.6.0.25)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zinio Reader 4 (Version: 4.2.4164)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 16366.45 MB
Available physical RAM: 13133.39 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 28639.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.41 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1846.26 GB) (Free:1745.03 GB) NTFS

========================= Users: ========================================

User accounts for \\EDJEN-PC

Administrator Ed EdJen
Guest


**** End of log ****






TDSSkiller:


19:25:19.0601 100584 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:25:20.0079 100584 ============================================================
19:25:20.0080 100584 Current date / time: 2012/12/11 19:25:20.0079
19:25:20.0080 100584 SystemInfo:
19:25:20.0080 100584
19:25:20.0080 100584 OS Version: 6.1.7601 ServicePack: 1.0
19:25:20.0080 100584 Product type: Workstation
19:25:20.0080 100584 ComputerName: EDJEN-PC
19:25:20.0080 100584 UserName: EdJen
19:25:20.0080 100584 Windows directory: C:\Windows
19:25:20.0080 100584 System windows directory: C:\Windows
19:25:20.0080 100584 Running under WOW64
19:25:20.0080 100584 Processor architecture: Intel x64
19:25:20.0080 100584 Number of processors: 8
19:25:20.0080 100584 Page size: 0x1000
19:25:20.0080 100584 Boot type: Normal boot
19:25:20.0080 100584 ============================================================
19:25:20.0424 100584 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:25:20.0438 100584 ============================================================
19:25:20.0438 100584 \Device\Harddisk0\DR0:
19:25:20.0438 100584 MBR partitions:
19:25:20.0438 100584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x216E000
19:25:20.0438 100584 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2182000, BlocksNum 0xE6C86000
19:25:20.0438 100584 ============================================================
19:25:20.0457 100584 C: <-> \Device\Harddisk0\DR0\Partition2
19:25:20.0457 100584 ============================================================
19:25:20.0457 100584 Initialize success
19:25:20.0457 100584 ============================================================
19:26:03.0469 98976 ============================================================
19:26:03.0469 98976 Scan started
19:26:03.0469 98976 Mode: Manual; TDLFS;
19:26:03.0469 98976 ============================================================
19:26:03.0902 98976 ================ Scan system memory ========================
19:26:03.0902 98976 System memory - ok
19:26:03.0903 98976 ================ Scan services =============================
19:26:03.0998 98976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:26:04.0001 98976 1394ohci - ok
19:26:04.0064 98976 [ A15069EEC83EBC54150564B2585CFDBA ] 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
19:26:04.0066 98976 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
19:26:04.0084 98976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:26:04.0086 98976 ACPI - ok
19:26:04.0094 98976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:26:04.0095 98976 AcpiPmi - ok
19:26:04.0171 98976 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:26:04.0171 98976 AdobeARMservice - ok
19:26:04.0185 98976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:26:04.0187 98976 adp94xx - ok
19:26:04.0192 98976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:26:04.0194 98976 adpahci - ok
19:26:04.0198 98976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:26:04.0199 98976 adpu320 - ok
19:26:04.0218 98976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:26:04.0219 98976 AeLookupSvc - ok
19:26:04.0231 98976 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:26:04.0233 98976 AFD - ok
19:26:04.0242 98976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:26:04.0243 98976 agp440 - ok
19:26:04.0257 98976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:26:04.0259 98976 ALG - ok
19:26:04.0263 98976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:26:04.0264 98976 aliide - ok
19:26:04.0286 98976 [ 310F88A93C3B02E3D1F906FB57B9E01E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:26:04.0288 98976 AMD External Events Utility - ok
19:26:04.0291 98976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:26:04.0292 98976 amdide - ok
19:26:04.0296 98976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:26:04.0298 98976 AmdK8 - ok
19:26:04.0424 98976 [ 62DDF55680F8C53E4B8DDE4189ADA0B8 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:26:04.0555 98976 amdkmdag - ok
19:26:04.0570 98976 [ 51F027DFFEDFB8D763FABFFA06B56E6D ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:26:04.0572 98976 amdkmdap - ok
19:26:04.0574 98976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:26:04.0575 98976 AmdPPM - ok
19:26:04.0583 98976 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:26:04.0583 98976 amdsata - ok
19:26:04.0587 98976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:26:04.0588 98976 amdsbs - ok
19:26:04.0599 98976 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:26:04.0600 98976 amdxata - ok
19:26:04.0608 98976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:26:04.0608 98976 AppID - ok
19:26:04.0616 98976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:26:04.0616 98976 AppIDSvc - ok
19:26:04.0627 98976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:26:04.0628 98976 Appinfo - ok
19:26:04.0659 98976 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
19:26:04.0661 98976 AppMgmt - ok
19:26:04.0665 98976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:26:04.0667 98976 arc - ok
19:26:04.0671 98976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:26:04.0673 98976 arcsas - ok
19:26:04.0733 98976 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:26:04.0734 98976 aspnet_state - ok
19:26:04.0742 98976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:26:04.0744 98976 AsyncMac - ok
19:26:04.0759 98976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:26:04.0760 98976 atapi - ok
19:26:04.0783 98976 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:26:04.0786 98976 AtiHDAudioService - ok
19:26:04.0804 98976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:26:04.0811 98976 AudioEndpointBuilder - ok
19:26:04.0817 98976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:26:04.0820 98976 AudioSrv - ok
19:26:04.0889 98976 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
19:26:04.0892 98976 AVP - ok
19:26:04.0906 98976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:26:04.0908 98976 AxInstSV - ok
19:26:04.0928 98976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:26:04.0933 98976 b06bdrv - ok
19:26:04.0944 98976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:26:04.0946 98976 b57nd60a - ok
19:26:04.0957 98976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:26:04.0959 98976 BDESVC - ok
19:26:04.0971 98976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:26:04.0972 98976 Beep - ok
19:26:04.0990 98976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:26:04.0996 98976 BFE - ok
19:26:05.0053 98976 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\SysWOW64\bgsvcgen.exe
19:26:05.0054 98976 bgsvcgen - ok
19:26:05.0085 98976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:26:05.0094 98976 BITS - ok
19:26:05.0100 98976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:26:05.0101 98976 blbdrive - ok
19:26:05.0130 98976 [ F4BA084CBDE9B67C57BC7891C0225EA8 ] BOT4Service C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
19:26:05.0131 98976 BOT4Service - ok
19:26:05.0147 98976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:26:05.0149 98976 bowser - ok
19:26:05.0153 98976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:26:05.0154 98976 BrFiltLo - ok
19:26:05.0157 98976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:26:05.0158 98976 BrFiltUp - ok
19:26:05.0185 98976 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:26:05.0187 98976 Browser - ok
19:26:05.0201 98976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:26:05.0204 98976 Brserid - ok
19:26:05.0208 98976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:26:05.0210 98976 BrSerWdm - ok
19:26:05.0213 98976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:26:05.0214 98976 BrUsbMdm - ok
19:26:05.0217 98976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:26:05.0218 98976 BrUsbSer - ok
19:26:05.0223 98976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:26:05.0225 98976 BTHMODEM - ok
19:26:05.0239 98976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:26:05.0240 98976 bthserv - ok
19:26:05.0250 98976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:26:05.0250 98976 cdfs - ok
19:26:05.0282 98976 [ 9EDD76D0800A022AE10B9243D0224E72 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
19:26:05.0284 98976 cdrbsdrv - ok
19:26:05.0291 98976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:26:05.0293 98976 cdrom - ok
19:26:05.0309 98976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:26:05.0311 98976 CertPropSvc - ok
19:26:05.0321 98976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:26:05.0322 98976 circlass - ok
19:26:05.0336 98976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:26:05.0340 98976 CLFS - ok
19:26:05.0374 98976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:26:05.0376 98976 clr_optimization_v2.0.50727_32 - ok
19:26:05.0398 98976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:26:05.0400 98976 clr_optimization_v2.0.50727_64 - ok
19:26:05.0426 98976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:26:05.0428 98976 clr_optimization_v4.0.30319_32 - ok
19:26:05.0443 98976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:26:05.0446 98976 clr_optimization_v4.0.30319_64 - ok
19:26:05.0450 98976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:26:05.0451 98976 CmBatt - ok
19:26:05.0454 98976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:26:05.0455 98976 cmdide - ok
19:26:05.0487 98976 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:26:05.0489 98976 CNG - ok
19:26:05.0497 98976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:26:05.0498 98976 Compbatt - ok
19:26:05.0507 98976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:26:05.0508 98976 CompositeBus - ok
19:26:05.0511 98976 COMSysApp - ok
19:26:05.0516 98976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:26:05.0517 98976 crcdisk - ok
19:26:05.0550 98976 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:26:05.0551 98976 CryptSvc - ok
19:26:05.0571 98976 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
19:26:05.0576 98976 CSC - ok
19:26:05.0596 98976 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
19:26:05.0602 98976 CscService - ok
19:26:05.0624 98976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:26:05.0630 98976 DcomLaunch - ok
19:26:05.0653 98976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:26:05.0656 98976 defragsvc - ok
19:26:05.0711 98976 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
19:26:05.0713 98976 DellDigitalDelivery - ok
19:26:05.0725 98976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:26:05.0727 98976 DfsC - ok
19:26:05.0738 98976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:26:05.0742 98976 Dhcp - ok
19:26:05.0749 98976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:26:05.0750 98976 discache - ok
19:26:05.0764 98976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:26:05.0765 98976 Disk - ok
19:26:05.0781 98976 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:26:05.0783 98976 dmvsc - ok
19:26:05.0806 98976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:26:05.0809 98976 Dnscache - ok
19:26:05.0826 98976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:26:05.0830 98976 dot3svc - ok
19:26:05.0842 98976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:26:05.0844 98976 DPS - ok
19:26:05.0865 98976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:26:05.0866 98976 drmkaud - ok
19:26:05.0888 98976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:26:05.0896 98976 DXGKrnl - ok
19:26:05.0906 98976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:26:05.0909 98976 EapHost - ok
19:26:05.0970 98976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:26:06.0010 98976 ebdrv - ok
19:26:06.0018 98976 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:26:06.0019 98976 EFS - ok
19:26:06.0053 98976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:26:06.0059 98976 ehRecvr - ok
19:26:06.0070 98976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:26:06.0072 98976 ehSched - ok
19:26:06.0088 98976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:26:06.0092 98976 elxstor - ok
19:26:06.0095 98976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:26:06.0096 98976 ErrDev - ok
19:26:06.0112 98976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:26:06.0115 98976 EventSystem - ok
19:26:06.0129 98976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:26:06.0131 98976 exfat - ok
19:26:06.0140 98976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:26:06.0142 98976 fastfat - ok
19:26:06.0163 98976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:26:06.0170 98976 Fax - ok
19:26:06.0174 98976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:26:06.0175 98976 fdc - ok
19:26:06.0187 98976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:26:06.0189 98976 fdPHost - ok
19:26:06.0197 98976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:26:06.0198 98976 FDResPub - ok
19:26:06.0209 98976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:26:06.0210 98976 FileInfo - ok
19:26:06.0217 98976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:26:06.0217 98976 Filetrace - ok
19:26:06.0266 98976 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:26:06.0274 98976 FLEXnet Licensing Service - ok
19:26:06.0279 98976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:26:06.0280 98976 flpydisk - ok
19:26:06.0290 98976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:26:06.0291 98976 FltMgr - ok
19:26:06.0315 98976 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:26:06.0325 98976 FontCache - ok
19:26:06.0355 98976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:26:06.0356 98976 FontCache3.0.0.0 - ok
19:26:06.0364 98976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:26:06.0366 98976 FsDepends - ok
19:26:06.0388 98976 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:26:06.0389 98976 Fs_Rec - ok
19:26:06.0412 98976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:26:06.0414 98976 fvevol - ok
19:26:06.0425 98976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:26:06.0427 98976 gagp30kx - ok
19:26:06.0446 98976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:26:06.0452 98976 gpsvc - ok
19:26:06.0466 98976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:26:06.0467 98976 hcw85cir - ok
19:26:06.0489 98976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:26:06.0490 98976 HDAudBus - ok
19:26:06.0494 98976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:26:06.0495 98976 HidBatt - ok
19:26:06.0499 98976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:26:06.0500 98976 HidBth - ok
19:26:06.0504 98976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:26:06.0505 98976 HidIr - ok
19:26:06.0511 98976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:26:06.0513 98976 hidserv - ok
19:26:06.0516 98976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:26:06.0517 98976 HidUsb - ok
19:26:06.0529 98976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:26:06.0530 98976 hkmsvc - ok
19:26:06.0544 98976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:26:06.0546 98976 HomeGroupListener - ok
19:26:06.0564 98976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:26:06.0568 98976 HomeGroupProvider - ok
19:26:06.0581 98976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:26:06.0583 98976 HpSAMD - ok
19:26:06.0603 98976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:26:06.0609 98976 HTTP - ok
19:26:06.0619 98976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:26:06.0620 98976 hwpolicy - ok
19:26:06.0625 98976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:26:06.0627 98976 i8042prt - ok
19:26:06.0647 98976 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:26:06.0652 98976 iaStor - ok
19:26:06.0681 98976 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:26:06.0682 98976 IAStorDataMgrSvc - ok
19:26:06.0696 98976 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:26:06.0700 98976 iaStorV - ok
19:26:06.0732 98976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:26:06.0739 98976 idsvc - ok
19:26:06.0753 98976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:26:06.0754 98976 iirsp - ok
19:26:06.0778 98976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:26:06.0786 98976 IKEEXT - ok
19:26:06.0837 98976 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:26:06.0863 98976 IntcAzAudAddService - ok
19:26:06.0884 98976 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:26:06.0886 98976 IntcDAud - ok
19:26:06.0904 98976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:26:06.0905 98976 intelide - ok
19:26:06.0915 98976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:26:06.0916 98976 intelppm - ok
19:26:06.0922 98976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:26:06.0924 98976 IPBusEnum - ok
19:26:06.0933 98976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:26:06.0934 98976 IpFilterDriver - ok
19:26:06.0970 98976 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:26:06.0974 98976 iphlpsvc - ok
19:26:06.0979 98976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:26:06.0980 98976 IPMIDRV - ok
19:26:06.0985 98976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:26:06.0987 98976 IPNAT - ok
19:26:07.0007 98976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:26:07.0007 98976 IRENUM - ok
19:26:07.0016 98976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:26:07.0016 98976 isapnp - ok
19:26:07.0025 98976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:26:07.0026 98976 iScsiPrt - ok
19:26:07.0045 98976 [ 12E27942DBB7C91880163634B0D8A776 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
19:26:07.0046 98976 k57nd60a - ok
19:26:07.0058 98976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:26:07.0059 98976 kbdclass - ok
19:26:07.0066 98976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:26:07.0066 98976 kbdhid - ok
19:26:07.0075 98976 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:26:07.0076 98976 KeyIso - ok
19:26:07.0122 98976 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:26:07.0124 98976 KL1 - ok
19:26:07.0129 98976 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:26:07.0129 98976 kl2 - ok
19:26:07.0161 98976 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:26:07.0164 98976 KLIF - ok
19:26:07.0172 98976 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:26:07.0174 98976 KLIM6 - ok
19:26:07.0186 98976 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:26:07.0186 98976 klmouflt - ok
19:26:07.0222 98976 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:26:07.0224 98976 KSecDD - ok
19:26:07.0232 98976 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:26:07.0234 98976 KSecPkg - ok
19:26:07.0238 98976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:26:07.0239 98976 ksthunk - ok
19:26:07.0261 98976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:26:07.0264 98976 KtmRm - ok
19:26:07.0283 98976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:26:07.0285 98976 LanmanServer - ok
19:26:07.0304 98976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:26:07.0307 98976 LanmanWorkstation - ok
19:26:07.0327 98976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:26:07.0328 98976 lltdio - ok
19:26:07.0345 98976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:26:07.0348 98976 lltdsvc - ok
19:26:07.0360 98976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:26:07.0362 98976 lmhosts - ok
19:26:07.0377 98976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:26:07.0378 98976 LSI_FC - ok
19:26:07.0383 98976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:26:07.0385 98976 LSI_SAS - ok
19:26:07.0389 98976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:26:07.0390 98976 LSI_SAS2 - ok
19:26:07.0393 98976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:26:07.0394 98976 LSI_SCSI - ok
19:26:07.0406 98976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:26:07.0407 98976 luafv - ok
19:26:07.0424 98976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:26:07.0427 98976 Mcx2Svc - ok
19:26:07.0431 98976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:26:07.0432 98976 megasas - ok
19:26:07.0438 98976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:26:07.0441 98976 MegaSR - ok
19:26:07.0460 98976 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:26:07.0461 98976 MEIx64 - ok
19:26:07.0470 98976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:26:07.0472 98976 MMCSS - ok
19:26:07.0476 98976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:26:07.0477 98976 Modem - ok
19:26:07.0485 98976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:26:07.0486 98976 monitor - ok
19:26:07.0499 98976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:26:07.0500 98976 mouclass - ok
19:26:07.0509 98976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:26:07.0510 98976 mouhid - ok
19:26:07.0516 98976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:26:07.0517 98976 mountmgr - ok
19:26:07.0570 98976 [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:26:07.0572 98976 MozillaMaintenance - ok
19:26:07.0585 98976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:26:07.0587 98976 mpio - ok
19:26:07.0596 98976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:26:07.0598 98976 mpsdrv - ok
19:26:07.0614 98976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:26:07.0621 98976 MpsSvc - ok
19:26:07.0626 98976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:26:07.0628 98976 MRxDAV - ok
19:26:07.0647 98976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:26:07.0649 98976 mrxsmb - ok
19:26:07.0658 98976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:26:07.0661 98976 mrxsmb10 - ok
19:26:07.0674 98976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:26:07.0676 98976 mrxsmb20 - ok
19:26:07.0684 98976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:26:07.0685 98976 msahci - ok
19:26:07.0695 98976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:26:07.0697 98976 msdsm - ok
19:26:07.0707 98976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:26:07.0710 98976 MSDTC - ok
19:26:07.0716 98976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:26:07.0717 98976 Msfs - ok
19:26:07.0725 98976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:26:07.0725 98976 mshidkmdf - ok
19:26:07.0741 98976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:26:07.0741 98976 msisadrv - ok
19:26:07.0757 98976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:26:07.0760 98976 MSiSCSI - ok
19:26:07.0763 98976 msiserver - ok
19:26:07.0775 98976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:26:07.0777 98976 MSKSSRV - ok
19:26:07.0780 98976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:26:07.0781 98976 MSPCLOCK - ok
19:26:07.0784 98976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:26:07.0785 98976 MSPQM - ok
19:26:07.0799 98976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:26:07.0802 98976 MsRPC - ok
19:26:07.0813 98976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:26:07.0814 98976 mssmbios - ok
19:26:07.0821 98976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:26:07.0822 98976 MSTEE - ok
19:26:07.0824 98976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:26:07.0825 98976 MTConfig - ok
19:26:07.0839 98976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:26:07.0840 98976 Mup - ok
19:26:07.0857 98976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:26:07.0861 98976 napagent - ok
19:26:07.0876 98976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:26:07.0879 98976 NativeWifiP - ok
19:26:07.0936 98976 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
19:26:07.0941 98976 NAUpdate - ok
19:26:07.0982 98976 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:26:07.0990 98976 NDIS - ok
19:26:08.0003 98976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:26:08.0004 98976 NdisCap - ok
19:26:08.0018 98976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:26:08.0019 98976 NdisTapi - ok
19:26:08.0026 98976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:26:08.0028 98976 Ndisuio - ok
19:26:08.0036 98976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:26:08.0039 98976 NdisWan - ok
19:26:08.0052 98976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:26:08.0054 98976 NDProxy - ok
19:26:08.0064 98976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:26:08.0065 98976 NetBIOS - ok
19:26:08.0085 98976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:26:08.0088 98976 NetBT - ok
19:26:08.0091 98976 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:26:08.0093 98976 Netlogon - ok
19:26:08.0114 98976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:26:08.0119 98976 Netman - ok
19:26:08.0145 98976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:08.0147 98976 NetMsmqActivator - ok
19:26:08.0152 98976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:08.0154 98976 NetPipeActivator - ok
19:26:08.0172 98976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:26:08.0177 98976 netprofm - ok
19:26:08.0181 98976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:08.0183 98976 NetTcpActivator - ok
19:26:08.0186 98976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:26:08.0187 98976 NetTcpPortSharing - ok
19:26:08.0203 98976 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
19:26:08.0205 98976 netvsc - ok
19:26:08.0217 98976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:26:08.0219 98976 nfrd960 - ok
19:26:08.0248 98976 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:26:08.0252 98976 NlaSvc - ok
19:26:08.0261 98976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:26:08.0262 98976 Npfs - ok
19:26:08.0270 98976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:26:08.0273 98976 nsi - ok
19:26:08.0278 98976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:26:08.0279 98976 nsiproxy - ok
19:26:08.0323 98976 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:26:08.0334 98976 Ntfs - ok
19:26:08.0343 98976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:26:08.0344 98976 Null - ok
19:26:08.0358 98976 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:26:08.0359 98976 nvraid - ok
19:26:08.0373 98976 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:26:08.0374 98976 nvstor - ok
19:26:08.0390 98976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:26:08.0392 98976 nv_agp - ok
19:26:08.0396 98976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:26:08.0398 98976 ohci1394 - ok
19:26:08.0430 98976 [ FBE1D971EB64ABF4CE37B519307C94F1 ] OSDSvc C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
19:26:08.0433 98976 OSDSvc - ok
19:26:08.0450 98976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:26:08.0455 98976 p2pimsvc - ok
19:26:08.0476 98976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:26:08.0481 98976 p2psvc - ok
19:26:08.0486 98976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:26:08.0488 98976 Parport - ok
19:26:08.0500 98976 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:26:08.0501 98976 partmgr - ok
19:26:08.0513 98976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:26:08.0514 98976 PcaSvc - ok
19:26:08.0533 98976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:26:08.0536 98976 pci - ok
19:26:08.0547 98976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:26:08.0548 98976 pciide - ok
19:26:08.0562 98976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:26:08.0565 98976 pcmcia - ok
19:26:08.0572 98976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:26:08.0573 98976 pcw - ok
19:26:08.0585 98976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:26:08.0590 98976 PEAUTH - ok
19:26:08.0616 98976 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:26:08.0622 98976 PeerDistSvc - ok
19:26:08.0671 98976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:26:08.0673 98976 PerfHost - ok
19:26:08.0703 98976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:26:08.0710 98976 pla - ok
19:26:08.0742 98976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:26:08.0747 98976 PlugPlay - ok
19:26:08.0756 98976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:26:08.0758 98976 PNRPAutoReg - ok
19:26:08.0775 98976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:26:08.0779 98976 PNRPsvc - ok
19:26:08.0807 98976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:26:08.0812 98976 PolicyAgent - ok
19:26:08.0830 98976 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
19:26:08.0834 98976 Power - ok
19:26:08.0840 98976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:26:08.0842 98976 PptpMiniport - ok
19:26:08.0846 98976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:26:08.0847 98976 Processor - ok
19:26:08.0880 98976 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:26:08.0883 98976 ProfSvc - ok
19:26:08.0890 98976 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:26:08.0892 98976 ProtectedStorage - ok
19:26:08.0911 98976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:26:08.0913 98976 Psched - ok
19:26:08.0946 98976 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:26:08.0947 98976 PxHlpa64 - ok
19:26:08.0990 98976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:26:09.0004 98976 ql2300 - ok
19:26:09.0010 98976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:26:09.0011 98976 ql40xx - ok
19:26:09.0029 98976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:26:09.0031 98976 QWAVE - ok
19:26:09.0038 98976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:26:09.0039 98976 QWAVEdrv - ok
19:26:09.0041 98976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:26:09.0041 98976 RasAcd - ok
19:26:09.0055 98976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:26:09.0056 98976 RasAgileVpn - ok
19:26:09.0070 98976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:26:09.0073 98976 RasAuto - ok
19:26:09.0084 98976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:26:09.0087 98976 Rasl2tp - ok
19:26:09.0094 98976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:26:09.0099 98976 RasMan - ok
19:26:09.0128 98976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:26:09.0129 98976 RasPppoe - ok
19:26:09.0134 98976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:26:09.0135 98976 RasSstp - ok
19:26:09.0146 98976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:26:09.0150 98976 rdbss - ok
19:26:09.0158 98976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:26:09.0159 98976 rdpbus - ok
19:26:09.0166 98976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:26:09.0167 98976 RDPCDD - ok
19:26:09.0183 98976 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:26:09.0185 98976 RDPDR - ok
19:26:09.0193 98976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:26:09.0194 98976 RDPENCDD - ok
19:26:09.0201 98976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:26:09.0202 98976 RDPREFMP - ok
19:26:09.0228 98976 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:26:09.0230 98976 RDPWD - ok
19:26:09.0250 98976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:26:09.0252 98976 rdyboost - ok
19:26:09.0265 98976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:26:09.0267 98976 RemoteAccess - ok
19:26:09.0290 98976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:26:09.0293 98976 RemoteRegistry - ok
19:26:09.0346 98976 [ 053A0D66B1982D93A20062E4DA40B29B ] RoxMediaDB13 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
19:26:09.0355 98976 RoxMediaDB13 - ok
19:26:09.0389 98976 [ 495C85B15470374A9499451893742EE6 ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
19:26:09.0391 98976 RoxWatch12 - ok
19:26:09.0398 98976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:26:09.0400 98976 RpcEptMapper - ok
19:26:09.0410 98976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:26:09.0412 98976 RpcLocator - ok
19:26:09.0429 98976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:26:09.0434 98976 RpcSs - ok
19:26:09.0438 98976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:26:09.0439 98976 rspndr - ok
19:26:09.0456 98976 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:26:09.0457 98976 s3cap - ok
19:26:09.0490 98976 [ 27DB9153D259D632D15483DEEAB799ED ] Sahdad64 C:\Windows\system32\Drivers\Sahdad64.sys
19:26:09.0491 98976 Sahdad64 - ok
19:26:09.0501 98976 [ F77849D909B90BCACFCF7295AECF299B ] Saibad64 C:\Windows\system32\Drivers\Saibad64.sys
19:26:09.0502 98976 Saibad64 - ok
19:26:09.0512 98976 [ 704D415290A568F68DE20942DAC23F7E ] SaibVdAd64 C:\Windows\system32\Drivers\SaibVdAd64.sys
19:26:09.0514 98976 SaibVdAd64 - ok
19:26:09.0524 98976 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:26:09.0526 98976 SamSs - ok
19:26:09.0536 98976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:26:09.0538 98976 sbp2port - ok
19:26:09.0555 98976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:26:09.0559 98976 SCardSvr - ok
19:26:09.0570 98976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:26:09.0571 98976 scfilter - ok
19:26:09.0597 98976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:26:09.0607 98976 Schedule - ok
19:26:09.0622 98976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:26:09.0623 98976 SCPolicySvc - ok
19:26:09.0626 98976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:26:09.0628 98976 SDRSVC - ok
19:26:09.0691 98976 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:26:09.0721 98976 SDScannerService - ok
19:26:09.0783 98976 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:26:09.0815 98976 SDUpdateService - ok
19:26:09.0851 98976 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:26:09.0852 98976 SDWSCService - ok
19:26:09.0870 98976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:26:09.0871 98976 secdrv - ok
19:26:09.0878 98976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:26:09.0881 98976 seclogon - ok
19:26:09.0899 98976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:26:09.0902 98976 SENS - ok
19:26:09.0914 98976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:26:09.0917 98976 SensrSvc - ok
19:26:09.0930 98976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:26:09.0931 98976 Serenum - ok
19:26:09.0935 98976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:26:09.0937 98976 Serial - ok
19:26:09.0940 98976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:26:09.0941 98976 sermouse - ok
19:26:09.0951 98976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:26:09.0953 98976 SessionEnv - ok
19:26:09.0954 98976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:26:09.0955 98976 sffdisk - ok
19:26:09.0957 98976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:26:09.0957 98976 sffp_mmc - ok
19:26:09.0959 98976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:26:09.0959 98976 sffp_sd - ok
19:26:09.0961 98976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:26:09.0961 98976 sfloppy - ok
19:26:10.0005 98976 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
19:26:10.0012 98976 SftService - ok
19:26:10.0038 98976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:26:10.0040 98976 SharedAccess - ok
19:26:10.0050 98976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:26:10.0053 98976 ShellHWDetection - ok
19:26:10.0062 98976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:26:10.0063 98976 SiSRaid2 - ok
19:26:10.0075 98976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:26:10.0076 98976 SiSRaid4 - ok
19:26:10.0114 98976 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:26:10.0115 98976 SkypeUpdate - ok
19:26:10.0118 98976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:26:10.0119 98976 Smb - ok
19:26:10.0132 98976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:26:10.0133 98976 SNMPTRAP - ok
19:26:10.0144 98976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:26:10.0145 98976 spldr - ok
19:26:10.0174 98976 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:26:10.0177 98976 Spooler - ok
19:26:10.0238 98976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:26:10.0254 98976 sppsvc - ok
19:26:10.0274 98976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:26:10.0276 98976 sppuinotify - ok
19:26:10.0290 98976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:26:10.0292 98976 srv - ok
19:26:10.0305 98976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:26:10.0309 98976 srv2 - ok
19:26:10.0325 98976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:26:10.0328 98976 srvnet - ok
19:26:10.0343 98976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:26:10.0347 98976 SSDPSRV - ok
19:26:10.0354 98976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:26:10.0357 98976 SstpSvc - ok
19:26:10.0382 98976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:26:10.0384 98976 stexstor - ok
19:26:10.0402 98976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:26:10.0409 98976 stisvc - ok
19:26:10.0427 98976 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
19:26:10.0430 98976 StorSvc - ok
19:26:10.0438 98976 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:26:10.0440 98976 storvsc - ok
19:26:10.0453 98976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:26:10.0454 98976 swenum - ok
19:26:10.0471 98976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:26:10.0477 98976 swprv - ok
19:26:10.0485 98976 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
19:26:10.0486 98976 SynthVid - ok
19:26:10.0526 98976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:26:10.0541 98976 SysMain - ok
19:26:10.0556 98976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:26:10.0557 98976 TabletInputService - ok
19:26:10.0569 98976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:26:10.0572 98976 TapiSrv - ok
19:26:10.0583 98976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:26:10.0586 98976 TBS - ok
19:26:10.0642 98976 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:26:10.0657 98976 Tcpip - ok
19:26:10.0696 98976 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:26:10.0710 98976 TCPIP6 - ok
19:26:10.0727 98976 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:26:10.0728 98976 tcpipreg - ok
19:26:10.0737 98976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:26:10.0738 98976 TDPIPE - ok
19:26:10.0753 98976 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:26:10.0754 98976 TDTCP - ok
19:26:10.0770 98976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:26:10.0772 98976 tdx - ok
19:26:10.0784 98976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:26:10.0786 98976 TermDD - ok
19:26:10.0811 98976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:26:10.0818 98976 TermService - ok
19:26:10.0826 98976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:26:10.0829 98976 Themes - ok
19:26:10.0851 98976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:26:10.0853 98976 THREADORDER - ok
19:26:10.0865 98976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:26:10.0868 98976 TrkWks - ok
19:26:10.0896 98976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:26:10.0898 98976 TrustedInstaller - ok
19:26:10.0907 98976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:26:10.0908 98976 tssecsrv - ok
19:26:10.0917 98976 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:26:10.0918 98976 TsUsbFlt - ok
19:26:10.0922 98976 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:26:10.0923 98976 TsUsbGD - ok
19:26:10.0947 98976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:26:10.0949 98976 tunnel - ok
19:26:10.0953 98976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:26:10.0954 98976 uagp35 - ok
19:26:10.0968 98976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:26:10.0971 98976 udfs - ok
19:26:10.0984 98976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:26:10.0986 98976 UI0Detect - ok
19:26:10.0999 98976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:26:11.0000 98976 uliagpkx - ok
19:26:11.0016 98976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:26:11.0017 98976 umbus - ok
19:26:11.0030 98976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:26:11.0032 98976 UmPass - ok
19:26:11.0054 98976 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
19:26:11.0058 98976 UmRdpService - ok
19:26:11.0073 98976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:26:11.0078 98976 upnphost - ok
19:26:11.0097 98976 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:26:11.0098 98976 usbccgp - ok
19:26:11.0101 98976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:26:11.0102 98976 usbcir - ok
19:26:11.0107 98976 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:26:11.0107 98976 usbehci - ok
19:26:11.0128 98976 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:26:11.0131 98976 usbhub - ok
19:26:11.0144 98976 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:26:11.0145 98976 usbohci - ok
19:26:11.0166 98976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:26:11.0167 98976 usbprint - ok
19:26:11.0203 98976 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:26:11.0204 98976 usbscan - ok
19:26:11.0217 98976 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:26:11.0219 98976 USBSTOR - ok
19:26:11.0232 98976 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:26:11.0234 98976 usbuhci - ok
19:26:11.0246 98976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:26:11.0249 98976 UxSms - ok
19:26:11.0256 98976 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:26:11.0258 98976 VaultSvc - ok
19:26:11.0266 98976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:26:11.0268 98976 vdrvroot - ok
19:26:11.0290 98976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:26:11.0297 98976 vds - ok
19:26:11.0306 98976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:26:11.0307 98976 vga - ok
19:26:11.0315 98976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:26:11.0316 98976 VgaSave - ok
19:26:11.0322 98976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:26:11.0324 98976 vhdmp - ok
19:26:11.0326 98976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:26:11.0326 98976 viaide - ok
19:26:11.0333 98976 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:26:11.0333 98976 VMBusHID - ok
19:26:11.0340 98976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:26:11.0340 98976 volmgr - ok
19:26:11.0354 98976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:26:11.0356 98976 volmgrx - ok
19:26:11.0370 98976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:26:11.0372 98976 volsnap - ok
19:26:11.0391 98976 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
19:26:11.0393 98976 vpcbus - ok
19:26:11.0411 98976 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
19:26:11.0412 98976 vpcnfltr - ok
19:26:11.0427 98976 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
19:26:11.0429 98976 vpcusb - ok
19:26:11.0441 98976 [ 30D4243726A15A14F5C5E45898D14394 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
19:26:11.0444 98976 vpcvmm - ok
19:26:11.0460 98976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:26:11.0462 98976 vsmraid - ok
19:26:11.0496 98976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:26:11.0505 98976 VSS - ok
19:26:11.0529 98976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:26:11.0529 98976 vwifibus - ok
19:26:11.0542 98976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:26:11.0547 98976 W32Time - ok
19:26:11.0553 98976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:26:11.0554 98976 WacomPen - ok
19:26:11.0564 98976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0565 98976 WANARP - ok
19:26:11.0569 98976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:26:11.0571 98976 Wanarpv6 - ok
19:26:11.0626 98976 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:26:11.0638 98976 WatAdminSvc - ok
19:26:11.0680 98976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:26:11.0691 98976 wbengine - ok
19:26:11.0737 98976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:26:11.0741 98976 WbioSrvc - ok
19:26:11.0758 98976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:26:11.0763 98976 wcncsvc - ok
19:26:11.0772 98976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:26:11.0775 98976 WcsPlugInService - ok
19:26:11.0779 98976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:26:11.0780 98976 Wd - ok
19:26:11.0835 98976 [ 6A1AEF46AC445EF4013E494BAC9D66C2 ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
19:26:11.0844 98976 WDBackup - ok
19:26:11.0873 98976 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
19:26:11.0874 98976 WDC_SAM - ok
19:26:11.0895 98976 [ 46DA6F2C6B084069EC9C4A1C79BFE8C7 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
19:26:11.0897 98976 WDDriveService - ok
19:26:11.0939 98976 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:26:11.0946 98976 Wdf01000 - ok
19:26:11.0959 98976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:26:11.0962 98976 WdiServiceHost - ok
19:26:11.0966 98976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:26:11.0969 98976 WdiSystemHost - ok
19:26:12.0002 98976 [ B1C9682B3AC27567BDBA4DEDAFB6FA79 ] WDRulesService C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
19:26:12.0012 98976 WDRulesService - ok
19:26:12.0017 98976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:26:12.0019 98976 WebClient - ok
19:26:12.0032 98976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:26:12.0034 98976 Wecsvc - ok
19:26:12.0047 98976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:26:12.0049 98976 wercplsupport - ok
19:26:12.0069 98976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:26:12.0071 98976 WerSvc - ok
19:26:12.0082 98976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:26:12.0083 98976 WfpLwf - ok
19:26:12.0112 98976 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:26:12.0114 98976 WimFltr - ok
19:26:12.0125 98976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:26:12.0127 98976 WIMMount - ok
19:26:12.0140 98976 WinDefend - ok
19:26:12.0144 98976 WinHttpAutoProxySvc - ok
19:26:12.0175 98976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:26:12.0178 98976 Winmgmt - ok
19:26:12.0223 98976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:26:12.0237 98976 WinRM - ok
19:26:12.0283 98976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:26:12.0284 98976 WinUsb - ok
19:26:12.0308 98976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:26:12.0317 98976 Wlansvc - ok
19:26:12.0361 98976 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:26:12.0362 98976 wlcrasvc - ok
19:26:12.0442 98976 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:26:12.0459 98976 wlidsvc - ok
19:26:12.0465 98976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:26:12.0466 98976 WmiAcpi - ok
19:26:12.0491 98976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:26:12.0492 98976 wmiApSrv - ok
19:26:12.0495 98976 WMPNetworkSvc - ok
19:26:12.0514 98976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:26:12.0517 98976 WPCSvc - ok
19:26:12.0529 98976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:26:12.0533 98976 WPDBusEnum - ok
19:26:12.0545 98976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:26:12.0546 98976 ws2ifsl - ok
19:26:12.0558 98976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:26:12.0561 98976 wscsvc - ok
19:26:12.0564 98976 WSearch - ok
19:26:12.0633 98976 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:26:12.0648 98976 wuauserv - ok
19:26:12.0676 98976 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:26:12.0678 98976 WudfPf - ok
19:26:12.0692 98976 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:26:12.0694 98976 WUDFRd - ok
19:26:12.0699 98976 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:26:12.0703 98976 wudfsvc - ok
19:26:12.0720 98976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:26:12.0723 98976 WwanSvc - ok
19:26:12.0733 98976 ================ Scan global ===============================
19:26:12.0743 98976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:26:12.0772 98976 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:26:12.0781 98976 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:26:12.0796 98976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:26:12.0816 98976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:26:12.0820 98976 [Global] - ok
19:26:12.0820 98976 ================ Scan MBR ==================================
19:26:12.0828 98976 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:26:13.0195 98976 \Device\Harddisk0\DR0 - ok
19:26:13.0195 98976 ================ Scan VBR ==================================
19:26:13.0197 98976 [ E8690C76751A43C9FCC4668301F6E0F5 ] \Device\Harddisk0\DR0\Partition1
19:26:13.0198 98976 \Device\Harddisk0\DR0\Partition1 - ok
19:26:13.0223 98976 [ 928B52D04644569FDD924F0FF6DE4CA4 ] \Device\Harddisk0\DR0\Partition2
19:26:13.0226 98976 \Device\Harddisk0\DR0\Partition2 - ok
19:26:13.0226 98976 ============================================================
19:26:13.0226 98976 Scan finished
19:26:13.0226 98976 ============================================================
19:26:13.0231 100796 Detected object count: 0
19:26:13.0231 100796 Actual detected object count: 0
19:27:45.0409 95740 Deinitialize success





Here is 'aswMBR'....and I am telling you, that I cannot run this program gracefully to save my life lol. Here is the log that survived the onslaught:


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-11 19:29:31
-----------------------------
19:29:31.713 OS Version: Windows x64 6.1.7601 Service Pack 1
19:29:31.713 Number of processors: 8 586 0x2A07
19:29:31.714 ComputerName: EDJEN-PC UserName: EdJen
19:29:40.279 Initialze error C000010E - driver not loaded
19:29:40.316 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
19:31:56.571 AVAST engine defs: 12121101
19:32:20.884 Service scanning
19:32:33.110 Modules scanning
19:32:33.115 Disk 0 trace - called modules:
19:32:33.117
19:32:44.924 AVAST engine scan C:\Windows
19:32:55.849 AVAST engine scan C:\Windows\system32
19:35:10.263 AVAST engine scan C:\Windows\system32\drivers
19:35:29.256 AVAST engine scan C:\Users\EdJen
19:47:05.889 AVAST engine scan C:\ProgramData
19:49:24.743 Scan finished successfully
19:49:45.509 The log file has been saved successfully to "C:\Users\EdJen\Desktop\aswMBR.txt"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 AM

Posted 11 December 2012 - 09:46 PM

Not much there.. Is there any way you can copy/paste the portion of the Spybot log that lists the rootkits? I cannot find a tutorial on the tool.


MBR Check
Download

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

Double click MBRCheck.exe

It will show a Black screen with some information that will contain either the below line if no problem is found:

Press ENTER to exit...

Or

you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Edited by boopme, 11 December 2012 - 09:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:57 AM

Posted 11 December 2012 - 10:38 PM

Okay....here is the MBR Check:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: XPS 8300
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 193):
0x02E00000 \SystemRoot\system32\ntoskrnl.exe
0x033E8000 \SystemRoot\system32\hal.dll
0x00BAC000 \SystemRoot\system32\kdcom.dll
0x00C14000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C63000 \SystemRoot\system32\PSHED.dll
0x00C77000 \SystemRoot\system32\CLFS.SYS
0x00CD5000 \SystemRoot\system32\CI.dll
0x00EF9000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FBB000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x0105D000 \SystemRoot\system32\DRIVERS\kl1.sys
0x017BC000 \SystemRoot\System32\drivers\partmgr.sys
0x017D1000 \SystemRoot\system32\drivers\volmgr.sys
0x01000000 \SystemRoot\System32\drivers\volmgrx.sys
0x017E6000 \SystemRoot\System32\drivers\mountmgr.sys
0x01859000 \SystemRoot\system32\drivers\iaStor.sys
0x01800000 \SystemRoot\system32\drivers\amdxata.sys
0x0180B000 \SystemRoot\system32\drivers\fltmgr.sys
0x00EAA000 \SystemRoot\system32\drivers\fileinfo.sys
0x00EBE000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01C3E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x00D95000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DE1000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01E50000 \SystemRoot\System32\Drivers\cng.sys
0x01EC2000 \SystemRoot\System32\drivers\pcw.sys
0x01ED3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EDD000 \SystemRoot\system32\drivers\ndis.sys
0x020FD000 \SystemRoot\system32\drivers\NETIO.SYS
0x0215D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x022DB000 \SystemRoot\System32\drivers\tcpip.sys
0x024DC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x02526000 \SystemRoot\system32\drivers\volsnap.sys
0x02572000 \SystemRoot\System32\Drivers\spldr.sys
0x0257A000 \SystemRoot\System32\drivers\rdyboost.sys
0x025B4000 \SystemRoot\System32\Drivers\Saibad64.sys
0x025BD000 \SystemRoot\System32\Drivers\Sahdad64.sys
0x025C8000 \SystemRoot\System32\Drivers\mup.sys
0x025DA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0223A000 \SystemRoot\system32\drivers\disk.sys
0x02250000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x04C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02000000 \SystemRoot\system32\DRIVERS\klif.sys
0x04C2A000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0x04C38000 \SystemRoot\System32\Drivers\Null.SYS
0x04FF8000 \SystemRoot\System32\Drivers\Beep.SYS
0x0228E000 \SystemRoot\System32\drivers\vga.sys
0x0229C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x022C1000 \SystemRoot\System32\drivers\watchdog.sys
0x022D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x025E3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x025EC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x025F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x020A7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x020B8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x020DA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x020E7000 \SystemRoot\system32\DRIVERS\kl2.sys
0x02187000 \SystemRoot\System32\DRIVERS\netbt.sys
0x038AA000 \SystemRoot\system32\drivers\afd.sys
0x03933000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0393C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03962000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x03976000 \SystemRoot\system32\DRIVERS\klim6.sys
0x0397F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0398E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x039A9000 \SystemRoot\system32\drivers\vpcvmm.sys
0x03800000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03814000 \SystemRoot\System32\Drivers\SaibVdAd64.sys
0x0381E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x0386F000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0387B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03886000 \SystemRoot\System32\drivers\discache.sys
0x05096000 \SystemRoot\system32\drivers\csc.sys
0x05119000 \SystemRoot\System32\Drivers\dfsc.sys
0x05137000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x05148000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0516E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x05689000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x06282000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x06376000 \SystemRoot\System32\drivers\dxgmms1.sys
0x063BC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x063E0000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x06200000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x06211000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05600000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x06267000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05666000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05FCC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x051BF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x063F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05FE2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0502F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05050000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05676000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0506A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05079000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x063FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x01E00000 \SystemRoot\system32\DRIVERS\ks.sys
0x051E3000 \SystemRoot\system32\DRIVERS\umbus.sys
0x021CC000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x03895000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x0627D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x01C00000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x06602000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0665C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06671000 \SystemRoot\system32\drivers\AtihdW76.sys
0x066AF000 \SystemRoot\system32\drivers\portcls.sys
0x066EC000 \SystemRoot\system32\drivers\drmk.sys
0x0670E000 \SystemRoot\system32\drivers\ksthunk.sys
0x06A1C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06C65000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x06CB8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04C41000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x06CC6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x06CD9000 \SystemRoot\System32\drivers\Dxapi.sys
0x06CE5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06D02000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06D10000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06D29000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06D32000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x06D40000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06D4D000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x06D57000 \SystemRoot\system32\DRIVERS\monitor.sys
0x06D65000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x00490000 \SystemRoot\System32\TSDDD.dll
0x00620000 \SystemRoot\System32\cdd.dll
0x06D80000 \SystemRoot\system32\drivers\luafv.sys
0x06DA3000 \SystemRoot\system32\drivers\WudfPf.sys
0x06DBC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06DD1000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06714000 \SystemRoot\system32\drivers\HTTP.sys
0x067DD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06A00000 \SystemRoot\System32\drivers\mpsdrv.sys
0x01FCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x048A1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x048EF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x04913000 \SystemRoot\system32\drivers\peauth.sys
0x049B9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x049C4000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04812000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CA3000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D3B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x08D71000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08C71000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x08C82000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x08DDE000 \??\C:\Users\EdJen\AppData\Local\Temp\aswMBR.sys
0x77990000 \Windows\System32\ntdll.dll
0x47D40000 \Windows\System32\smss.exe
0xFFCB0000 \Windows\System32\apisetschema.dll
0xFF200000 \Windows\System32\autochk.exe
0xFFC90000 \Windows\System32\lpk.dll
0x77780000 \Windows\System32\iertutil.dll
0x77B60000 \Windows\System32\normaliz.dll
0xFFC70000 \Windows\System32\imagehlp.dll
0xFFBD0000 \Windows\System32\comdlg32.dll
0xFFAF0000 \Windows\System32\oleaut32.dll
0xFFA70000 \Windows\System32\shlwapi.dll
0xFF860000 \Windows\System32\ole32.dll
0xFF790000 \Windows\System32\usp10.dll
0x77660000 \Windows\System32\kernel32.dll
0xFF5B0000 \Windows\System32\setupapi.dll
0xFF590000 \Windows\System32\sechost.dll
0xFF520000 \Windows\System32\gdi32.dll
0xFF440000 \Windows\System32\advapi32.dll
0x77B50000 \Windows\System32\psapi.dll
0x77560000 \Windows\System32\user32.dll
0xFF430000 \Windows\System32\nsi.dll
0xFF390000 \Windows\System32\clbcatq.dll
0xFE600000 \Windows\System32\shell32.dll
0xFE4F0000 \Windows\System32\msctf.dll
0x77410000 \Windows\System32\urlmon.dll
0xFE3C0000 \Windows\System32\rpcrt4.dll
0xFE360000 \Windows\System32\Wldap32.dll
0xFE310000 \Windows\System32\ws2_32.dll
0xFE290000 \Windows\System32\difxapi.dll
0x772B0000 \Windows\System32\wininet.dll
0xFE260000 \Windows\System32\imm32.dll
0xFE1C0000 \Windows\System32\msvcrt.dll
0xFE120000 \Windows\System32\comctl32.dll
0xFE0B0000 \Windows\System32\KernelBase.dll
0xFE090000 \Windows\System32\devobj.dll
0xFDF20000 \Windows\System32\crypt32.dll
0xFDEE0000 \Windows\System32\cfgmgr32.dll
0xFDEA0000 \Windows\System32\wintrust.dll
0xFDE90000 \Windows\System32\msasn1.dll
0x75B70000 \Windows\SysWOW64\normaliz.dll

Processes (total 81):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
628 csrss.exe
708 C:\Windows\System32\wininit.exe
716 csrss.exe
764 C:\Windows\System32\winlogon.exe
812 C:\Windows\System32\services.exe
820 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
924 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
508 C:\Windows\System32\atiesrxx.exe
704 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\atieclxx.exe
1552 C:\Windows\System32\spoolsv.exe
1604 C:\Windows\System32\svchost.exe
1724 C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
1780 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1804 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
1832 C:\Windows\SysWOW64\bgsvcgen.exe
1876 C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
1944 C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
2600 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
2676 C:\Windows\System32\svchost.exe
2716 C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
2788 C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
2836 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2904 C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
2980 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2504 C:\Windows\System32\svchost.exe
3088 WUDFHost.exe
3132 C:\Windows\System32\svchost.exe
3360 C:\Windows\System32\taskhost.exe
3500 C:\Windows\System32\dwm.exe
3524 C:\Windows\explorer.exe
3688 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
3728 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3768 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
3848 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3864 C:\Windows\System32\rundll32.exe
3904 C:\Windows\System32\rundll32.exe
3984 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
4040 C:\Program Files\Windows Sidebar\sidebar.exe
3340 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
3460 C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
2120 C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
2136 C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
3404 C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
3420 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4520 C:\Windows\System32\SearchIndexer.exe
4540 C:\Program Files (x86)\Roxio 2011\5.0\CPMonitor.exe
4572 C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
4608 C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
4628 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
4648 C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
3484 C:\Windows\splwow64.exe
1916 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5816 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
220 C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
4320 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
5924 C:\Program Files (x86)\Nero\Update\NASvc.exe
54816 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
55088 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
54388 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
53988 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
54328 C:\Windows\System32\taskeng.exe
54804 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
118440 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
119428 C:\Windows\System32\SearchProtocolHost.exe
119448 C:\Windows\System32\SearchFilterHost.exe
118880 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
116940 C:\Windows\System32\audiodg.exe
118344 dllhost.exe
118404 dllhost.exe
118168 C:\Users\EdJen\Downloads\MBRCheck.exe
118240 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000004`30400000 (NTFS)

PhysicalDrive0 Model Number: ST32000641AS, Rev: CC44

Size Device Name MBR Status
--------------------------------------------
1863 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!








And I can't believe I found these, but here are the log files from Spybot! Yay! :)


First, was a quick rootkit scan:


RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
100 files were tested.
No hidden files detected.
========================================

Files in System folder
----------------------------------------
2368 files were tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------

No hidden entries detected.
========================================

Winlogon entries
----------------------------------------

No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
0 handle process IDs for 79 processes.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
79 processes tested.
No hidden processes detected.
========================================

Master Boot Records
----------------------------------------
5 MBRs checked.
Unkown MBRs: PhysicalDrive1,PhysicalDrive2,PhysicalDrive3,PhysicalDrive4
PhysicalDrive1
PhysicalDrive2
PhysicalDrive3
PhysicalDrive4
========================================






And here is the rootkit 'deep scan' (I hope):



// info: Rootkit removal help file
// copyright: © 2008-2012 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"No admin in ACL","C:\System Recovery"
File:"Unknown ADS","C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\cabundle.crt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\usagestatsinstall.log"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\Facebook"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\Flickr"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\browseVideoItem.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\createLocalReferer.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\featuredList.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\getUserNameResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\itemDetails.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\loginResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\logoutResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\myVideoItem.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\searchList.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\streamUrl.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\translateUrl.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\uploadResonse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getEntity.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getMyToken.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getUserNameResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\itemDetails.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\itemList.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\loginResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\logoutResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\streamUrl.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\translateUrl.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadResponse.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\getUploadUris.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\getUserNameResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\itemDetailsList.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\loginRequest.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\loginResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\logoutResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\rssItemDetailsList.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\searchRequest.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\uploadRequest.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\uploadResponse.xslt"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\Flickr\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\NOSWebConfig\Facebook\config.xml"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData\cddbplm.gcf"
File:"No admin in ACL","C:\Users\All Users\Nero\Nero 10\OnlineServices\MetaData\elists.db"
File:"Unknown ADS","C:\Users\All Users\Kaspersky Lab\AVP12\Report:kisextended:$DATA"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\cabundle.crt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\usagestatsinstall.log"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\Facebook"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\Flickr"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\browseVideoItem.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\createLocalReferer.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\featuredList.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\getUserNameResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\itemDetails.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\loginResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\logoutResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\myVideoItem.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\searchList.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\streamUrl.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\translateUrl.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\YouTube\uploadResonse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getEntity.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getMyToken.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\getUserNameResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\itemDetails.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\itemList.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\loginResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\logoutResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\streamUrl.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\translateUrl.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadError.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadResponse.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MySpace\uploadResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\getUploadUris.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\getUserNameResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\itemDetailsList.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\loginRequest.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\loginResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\logoutResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\rssItemDetailsList.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\searchRequest.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\uploadRequest.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\MyNero\uploadResponse.xslt"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\Flickr\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\NOSWebConfig\Facebook\config.xml"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData\cddbplm.gcf"
File:"No admin in ACL","C:\ProgramData\Nero\Nero 10\OnlineServices\MetaData\elists.db"
File:"Unknown ADS","C:\ProgramData\Kaspersky Lab\AVP12\Report:kisextended:$DATA"






Also, there is now a 'Nero' icon on my desktop, and it wasn't there before.

The file name attached to the icon (?), or the name of the icon, is: Desktop-20121211-171939.png

Under 'properties' of the icon, it says that it was created today, four hours ago....and I did not download or 'create' anything four hours ago. *worried face*

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 AM

Posted 11 December 2012 - 10:54 PM

Hello, The machine is clean.

File: "Unknown ADS", "C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT:$DATA"
This is a registration information from Ahead Nero, the CD/DVD burning suite that uses this "rootkit" method to hide it.
The are are Nero files and are OK.

Not certain why it dumped an icon on the desktop but you can delete it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 dingdingding

dingdingding
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:57 AM

Posted 11 December 2012 - 11:17 PM

Thank you so much Boopme! You are, indeed, an awesome genius!!! :) :) :)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:57 AM

Posted 12 December 2012 - 11:27 AM

:wizardball: LOL,,havea great day!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users