Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Shell32.dll and Trojan Blocking all applications on PC


  • This topic is locked This topic is locked
18 replies to this topic

#1 mjcarbonaro

mjcarbonaro

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 15 May 2013 - 07:13 PM

Hello:

 

I am running windows 7, and have been noticing that my computer has been starting up in startup repair mode, and lately has not been finishing, so I have had to power down and back up.  I have run malwarebytes the past few days and it has found malware, but everytime it restarts I find more.  Today, when I started the PC, everything I click on is blocked by a message reading "The program can't start because SHELL32.dll is missing from your computer.  Try reinstalling the program to fix this problem."  I restarted in safe mode and also redownloaded malwarebytes and renamed it, however, this message still comes up so I can't run antimalware or RKILL...I can't do anything.  Please help!

 

 



BC AdBot (Login to Remove)

 


#2 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 16 May 2013 - 08:02 AM

I was able to do a system restore so that I could run my malware again and install the dds scanner for the logs.  Right now I can get on the internet (the shell32 message went away, however, my antivirus is showing a Trojan but is not allowing me to remove it).  Also malwarebytes is not finding anything, but my browser is being redirected in IE and Firefox and pop up boxes are popping up constantly saying I have a TDL4 Trojan.

 

Here are my logs.....

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Mike at 8:40:56 on 2013-05-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6038.3565 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\syswow64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\EscSvc64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\spool\drivers\x64\3\E_IATIICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingApp.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingBar.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\msiexec.exe
C:\Windows\syswow64\MsiExec.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingSurrogate.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://tobyhanna.herndonproducts.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIICE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-300 Series"
uRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe -update activex
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://connect2am.mars.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A6C4C2C6-C3A7-4522-8A6D-2B85EBE45FB1} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6C4C2C6-C3A7-4522-8A6D-2B85EBE45FB1}\34162726F6E61627F6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A6C4C2C6-C3A7-4522-8A6D-2B85EBE45FB1}\34162726F6E61627F643 : DHCPNameServer = 172.16.0.1
TCP: Interfaces\{A6C4C2C6-C3A7-4522-8A6D-2B85EBE45FB1}\84059445951444 : DHCPNameServer = 205.171.3.65 205.171.2.65
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ub16ewgl.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-10-24 171152]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-10-24 125296]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-5-10 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-10 317440]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-5-10 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
.
=============== Created Last 30 ================
.
2013-05-16 12:41:34 4167680 ----a-w- C:\Program Files (x86)\GUT4E3F.tmp
2013-05-16 12:41:34 -------- d-----w- C:\Program Files (x86)\GUM4E3E.tmp
2013-05-16 12:31:02 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{067A419B-5961-4D6E-8FE3-47A01ECBCBA7}\mpengine.dll
2013-05-15 23:50:24 -------- d-----w- C:\Windows\pss
2013-05-15 15:32:10 -------- d-----w- C:\temp_pyx
2013-05-15 15:32:10 -------- d-----w- C:\paychex
2013-05-13 18:56:40 -------- d-----w- C:\57108d54e6eca8002520b6596212f452
2013-05-03 09:48:55 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-03 09:48:55 -------- d-----w- C:\Program Files\iTunes
2013-05-03 09:48:55 -------- d-----w- C:\Program Files\iPod
2013-05-03 09:48:55 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-01 13:42:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-01 13:42:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-01 13:42:01 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-05-01 13:42:01 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-05-01 13:42:00 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-05-01 13:42:00 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-05-01 13:42:00 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-05-01 13:42:00 235520 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-04-24 12:38:29 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-05-02 06:06:08 278800 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-14 14:06:58 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 14:06:58 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
.
============= FINISH:  8:54:09.29 ===============
 



Any my attach log...

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 18 May 2013 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#4 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 08:20 AM

Here is the log from the security check:

 

Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
ESET NOD32 Antivirus 4.2  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Java™ 6 Update 25 
 Java version out of Date!
 Adobe Flash Player 11.7.700.202 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Mozilla Firefox 16.0.2 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 ESET NOD32 Antivirus egui.exe 
 ESET NOD32 Antivirus ekrn.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 20 May 2013 - 08:26 AM

It's a start. Submit the other logs. While I check them run this.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Old versions....

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#6 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 08:28 AM

Log from Adwcleaner:

 

 

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 09:22:07
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Mike - LTH0344
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\ub16ewgl.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1026 octets] - [19/05/2013 19:55:01]
AdwCleaner[R2].txt - [1087 octets] - [20/05/2013 09:21:21]
AdwCleaner[S1].txt - [1286 octets] - [14/05/2013 10:01:56]
AdwCleaner[S2].txt - [1024 octets] - [20/05/2013 09:22:07]

########## EOF - C:\AdwCleaner[S2].txt - [1084 octets] ##########



#7 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 08:49 AM

Combo fix is not completing....it gets to stage 33 or so, and then computer shuts off and restarts.  I will complete the above requested actions now.



#8 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 09:10 AM

Updated Java and Adobe Reader.....computer still wants to start in startup repair mode, and then when I get on, ESET antivirus detects olimark.trojan virus.  Also, I cannot open PDF files in Adobe, says "acrobat failed to load its core DLL" 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 20 May 2013 - 09:54 AM

ESET has a new standalone remover for Win32/Olmarik, located at http://download.eset.com/special/EOlmarikRemover.exe. Please try using it to remove the infestation.

Restart the computer after the removal.

Continue:

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#10 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 10:29 AM

Will not let me download the eset olmarik remover.  Message pops up saying my OS is not supported.



#11 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 10:47 AM

rogue killer downloaded, and got halfway through scan and then stopped working.  Message popped up saying roguekiller.exe has stopped working. 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 20 May 2013 - 01:11 PM


Lets check deeper.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#13 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 01:22 PM

TDSS log...one item cured:

 

14:14:39.0481 10900  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:14:39.0829 10900  ============================================================
14:14:39.0829 10900  Current date / time: 2013/05/20 14:14:39.0829
14:14:39.0829 10900  SystemInfo:
14:14:39.0829 10900 
14:14:39.0829 10900  OS Version: 6.1.7601 ServicePack: 1.0
14:14:39.0829 10900  Product type: Workstation
14:14:39.0830 10900  ComputerName: LTH0344
14:14:39.0830 10900  UserName: Mike
14:14:39.0830 10900  Windows directory: C:\Windows
14:14:39.0830 10900  System windows directory: C:\Windows
14:14:39.0830 10900  Running under WOW64
14:14:39.0830 10900  Processor architecture: Intel x64
14:14:39.0830 10900  Number of processors: 4
14:14:39.0830 10900  Page size: 0x1000
14:14:39.0830 10900  Boot type: Normal boot
14:14:39.0830 10900  ============================================================
14:14:40.0394 10900  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:14:40.0400 10900  ============================================================
14:14:40.0400 10900  \Device\Harddisk0\DR0:
14:14:40.0400 10900  MBR partitions:
14:14:40.0400 10900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
14:14:40.0400 10900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830
14:14:40.0400 10900  ============================================================
14:14:40.0444 10900  C: <-> \Device\Harddisk0\DR0\Partition2
14:14:40.0445 10900  ============================================================
14:14:40.0445 10900  Initialize success
14:14:40.0445 10900  ============================================================
14:15:00.0631 19032  ============================================================
14:15:00.0631 19032  Scan started
14:15:00.0631 19032  Mode: Manual; SigCheck; TDLFS;
14:15:00.0631 19032  ============================================================
14:15:02.0909 19032  ================ Scan system memory ========================
14:15:02.0909 19032  System memory - ok
14:15:02.0910 19032  ================ Scan services =============================
14:15:03.0166 19032  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:15:03.0253 19032  1394ohci - ok
14:15:03.0303 19032  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:15:03.0321 19032  ACPI - ok
14:15:03.0357 19032  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:15:03.0457 19032  AcpiPmi - ok
14:15:03.0581 19032  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:03.0610 19032  AdobeARMservice - ok
14:15:03.0748 19032  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:15:03.0763 19032  AdobeFlashPlayerUpdateSvc - ok
14:15:03.0833 19032  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:15:03.0877 19032  adp94xx - ok
14:15:03.0943 19032  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:15:03.0984 19032  adpahci - ok
14:15:04.0006 19032  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:15:04.0017 19032  adpu320 - ok
14:15:04.0039 19032  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:15:04.0247 19032  AeLookupSvc - ok
14:15:04.0309 19032  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
14:15:04.0317 19032  AERTFilters - ok
14:15:04.0392 19032  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:15:04.0446 19032  AFD - ok
14:15:04.0494 19032  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:15:04.0504 19032  agp440 - ok
14:15:04.0548 19032  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:15:04.0590 19032  ALG - ok
14:15:04.0636 19032  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:15:04.0644 19032  aliide - ok
14:15:04.0681 19032  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:15:04.0711 19032  amdide - ok
14:15:04.0763 19032  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:15:04.0804 19032  AmdK8 - ok
14:15:04.0838 19032  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:15:04.0887 19032  AmdPPM - ok
14:15:04.0951 19032  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:15:04.0974 19032  amdsata - ok
14:15:05.0035 19032  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:15:05.0046 19032  amdsbs - ok
14:15:05.0056 19032  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:15:05.0065 19032  amdxata - ok
14:15:05.0107 19032  [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
14:15:05.0163 19032  AMPPAL - ok
14:15:05.0192 19032  [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
14:15:05.0213 19032  AMPPALP - ok
14:15:05.0310 19032  [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
14:15:05.0372 19032  AMPPALR3 - ok
14:15:05.0438 19032  [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
14:15:05.0452 19032  ApfiltrService - ok
14:15:05.0494 19032  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:15:05.0725 19032  AppID - ok
14:15:05.0757 19032  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:15:05.0822 19032  AppIDSvc - ok
14:15:05.0877 19032  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
14:15:05.0922 19032  Appinfo - ok
14:15:06.0042 19032  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:06.0051 19032  Apple Mobile Device - ok
14:15:06.0114 19032  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:15:06.0169 19032  AppMgmt - ok
14:15:06.0220 19032  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
14:15:06.0233 19032  arc - ok
14:15:06.0247 19032  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:15:06.0258 19032  arcsas - ok
14:15:06.0360 19032  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:15:06.0369 19032  aspnet_state - ok
14:15:06.0392 19032  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:06.0468 19032  AsyncMac - ok
14:15:06.0540 19032  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:15:06.0549 19032  atapi - ok
14:15:06.0610 19032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:15:06.0698 19032  AudioEndpointBuilder - ok
14:15:06.0725 19032  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:15:06.0771 19032  AudioSrv - ok
14:15:06.0831 19032  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:15:06.0916 19032  AxInstSV - ok
14:15:07.0007 19032  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:15:07.0055 19032  b06bdrv - ok
14:15:07.0113 19032  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:07.0143 19032  b57nd60a - ok
14:15:07.0251 19032  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
14:15:07.0265 19032  BBSvc - ok
14:15:07.0280 19032  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
14:15:07.0294 19032  BBUpdate - ok
14:15:07.0318 19032  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:15:07.0363 19032  BDESVC - ok
14:15:07.0426 19032  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:15:07.0500 19032  Beep - ok
14:15:07.0596 19032  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:15:07.0669 19032  BFE - ok
14:15:07.0724 19032  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:15:07.0812 19032  BITS - ok
14:15:07.0862 19032  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:07.0889 19032  blbdrive - ok
14:15:08.0030 19032  [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
14:15:08.0064 19032  Bluetooth Device Monitor - ok
14:15:08.0144 19032  [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
14:15:08.0182 19032  Bluetooth Media Service - ok
14:15:08.0235 19032  [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
14:15:08.0265 19032  Bluetooth OBEX Service - ok
14:15:08.0305 19032  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:15:08.0322 19032  Bonjour Service - ok
14:15:08.0351 19032  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:15:08.0401 19032  bowser - ok
14:15:08.0444 19032  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:15:08.0476 19032  BrFiltLo - ok
14:15:08.0496 19032  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:15:08.0534 19032  BrFiltUp - ok
14:15:08.0558 19032  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:15:08.0619 19032  BridgeMP - ok
14:15:08.0684 19032  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:15:08.0746 19032  Browser - ok
14:15:08.0949 19032  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:15:08.0999 19032  Brserid - ok
14:15:09.0010 19032  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:09.0043 19032  BrSerWdm - ok
14:15:09.0061 19032  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:09.0099 19032  BrUsbMdm - ok
14:15:09.0122 19032  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:09.0159 19032  BrUsbSer - ok
14:15:09.0199 19032  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:15:09.0245 19032  BthEnum - ok
14:15:09.0282 19032  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:15:09.0312 19032  BTHMODEM - ok
14:15:09.0349 19032  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:15:09.0389 19032  BthPan - ok
14:15:09.0440 19032  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:15:09.0479 19032  BTHPORT - ok
14:15:09.0506 19032  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:15:09.0574 19032  bthserv - ok
14:15:09.0638 19032  [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
14:15:09.0650 19032  BTHSSecurityMgr - ok
14:15:09.0673 19032  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:15:09.0705 19032  BTHUSB - ok
14:15:09.0732 19032  [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
14:15:09.0770 19032  btmaux - ok
14:15:09.0795 19032  [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
14:15:09.0835 19032  btmhsf - ok
14:15:09.0999 19032  catchme - ok
14:15:10.0028 19032  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:15:10.0100 19032  cdfs - ok
14:15:10.0156 19032  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:15:10.0187 19032  cdrom - ok
14:15:10.0239 19032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:15:10.0339 19032  CertPropSvc - ok
14:15:10.0408 19032  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
14:15:10.0474 19032  circlass - ok
14:15:10.0516 19032  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:15:10.0530 19032  CLFS - ok
14:15:10.0621 19032  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:10.0644 19032  clr_optimization_v2.0.50727_32 - ok
14:15:10.0691 19032  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:15:10.0699 19032  clr_optimization_v2.0.50727_64 - ok
14:15:10.0781 19032  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:10.0795 19032  clr_optimization_v4.0.30319_32 - ok
14:15:10.0811 19032  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:15:10.0826 19032  clr_optimization_v4.0.30319_64 - ok
14:15:10.0865 19032  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:10.0896 19032  CmBatt - ok
14:15:10.0923 19032  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:15:10.0937 19032  cmdide - ok
14:15:10.0985 19032  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:15:11.0018 19032  CNG - ok
14:15:11.0072 19032  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:15:11.0091 19032  Compbatt - ok
14:15:11.0133 19032  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:15:11.0164 19032  CompositeBus - ok
14:15:11.0176 19032  COMSysApp - ok
14:15:11.0199 19032  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:15:11.0225 19032  crcdisk - ok
14:15:11.0286 19032  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:15:11.0356 19032  CryptSvc - ok
14:15:11.0418 19032  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:15:11.0495 19032  CSC - ok
14:15:11.0540 19032  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:15:11.0596 19032  CscService - ok
14:15:11.0647 19032  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:15:11.0697 19032  CtClsFlt - ok
14:15:11.0770 19032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:15:11.0911 19032  DcomLaunch - ok
14:15:11.0955 19032  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:15:12.0046 19032  defragsvc - ok
14:15:12.0154 19032  [ 18B5C959CBE24D4D4C2381EFB87611DE ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
14:15:12.0181 19032  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
14:15:12.0181 19032  DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
14:15:12.0226 19032  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:15:12.0338 19032  DfsC - ok
14:15:12.0406 19032  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:15:12.0460 19032  Dhcp - ok
14:15:12.0486 19032  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:15:12.0538 19032  discache - ok
14:15:12.0570 19032  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
14:15:12.0582 19032  Disk - ok
14:15:12.0638 19032  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:15:12.0672 19032  dmvsc - ok
14:15:12.0723 19032  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
14:15:12.0754 19032  DNE - ok
14:15:12.0833 19032  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:15:12.0883 19032  Dnscache - ok
14:15:12.0910 19032  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:15:13.0020 19032  dot3svc - ok
14:15:13.0056 19032  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:15:13.0106 19032  DPS - ok
14:15:13.0154 19032  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:15:13.0209 19032  drmkaud - ok
14:15:13.0266 19032  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:15:13.0309 19032  DXGKrnl - ok
14:15:13.0371 19032  [ 1741378CD1534B779757F64D025CF82E ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
14:15:13.0399 19032  eamonm - ok
14:15:13.0465 19032  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:15:13.0551 19032  EapHost - ok
14:15:13.0703 19032  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:15:13.0797 19032  ebdrv - ok
14:15:13.0855 19032  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:15:13.0920 19032  EFS - ok
14:15:13.0976 19032  [ AB220154348DE266FE94BF3387410EF8 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
14:15:13.0985 19032  ehdrv - ok
14:15:14.0050 19032  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:15:14.0135 19032  ehRecvr - ok
14:15:14.0152 19032  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:15:14.0189 19032  ehSched - ok
14:15:14.0273 19032  [ C5518AA30178C5D4107A585CFE7743E0 ] EhttpSrv        C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
14:15:14.0294 19032  EhttpSrv - ok
14:15:14.0377 19032  [ 80D9141FF39B15CD00E29B151EF8C6B8 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
14:15:14.0438 19032  ekrn - ok
14:15:14.0500 19032  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:15:14.0554 19032  elxstor - ok
14:15:14.0600 19032  [ 0C365DC795ABA48395AA8930509C7D4D ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
14:15:14.0611 19032  epfwwfpr - ok
14:15:14.0683 19032  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:15:14.0716 19032  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
14:15:14.0716 19032  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
14:15:14.0757 19032  [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
14:15:14.0775 19032  EpsonCustomerParticipation - ok
14:15:14.0816 19032  [ 20ECD0A490A121CB34F553FAD1DBBD39 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
14:15:14.0824 19032  EpsonScanSvc - ok
14:15:14.0839 19032  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:15:14.0883 19032  ErrDev - ok
14:15:14.0946 19032  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:15:15.0006 19032  EventSystem - ok
14:15:15.0109 19032  [ 532B8FF8E07F3772B086620377654F95 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:15:15.0143 19032  EvtEng - ok
14:15:15.0169 19032  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:15:15.0211 19032  exfat - ok
14:15:15.0239 19032  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:15:15.0295 19032  fastfat - ok
14:15:15.0368 19032  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:15:15.0414 19032  Fax - ok
14:15:15.0433 19032  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
14:15:15.0459 19032  fdc - ok
14:15:15.0490 19032  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:15:15.0526 19032  fdPHost - ok
14:15:15.0536 19032  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:15:15.0601 19032  FDResPub - ok
14:15:15.0633 19032  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:15:15.0646 19032  FileInfo - ok
14:15:15.0662 19032  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:15:15.0697 19032  Filetrace - ok
14:15:15.0713 19032  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:15:15.0723 19032  flpydisk - ok
14:15:15.0746 19032  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:15:15.0762 19032  FltMgr - ok
14:15:15.0852 19032  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
14:15:15.0959 19032  FontCache - ok
14:15:16.0005 19032  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:15:16.0013 19032  FontCache3.0.0.0 - ok
14:15:16.0021 19032  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:15:16.0030 19032  FsDepends - ok
14:15:16.0059 19032  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:15:16.0069 19032  Fs_Rec - ok
14:15:16.0135 19032  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:15:16.0178 19032  fvevol - ok
14:15:16.0206 19032  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:15:16.0233 19032  gagp30kx - ok
14:15:16.0306 19032  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:15:16.0332 19032  GamesAppService - ok
14:15:16.0377 19032  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:16.0396 19032  GEARAspiWDM - ok
14:15:16.0442 19032  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:15:16.0560 19032  gpsvc - ok
14:15:16.0594 19032  [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
14:15:16.0601 19032  grmnusb - ok
14:15:16.0702 19032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:16.0719 19032  gupdate - ok
14:15:16.0746 19032  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:16.0754 19032  gupdatem - ok
14:15:16.0788 19032  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:15:16.0852 19032  hcw85cir - ok
14:15:16.0895 19032  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:15:16.0957 19032  HDAudBus - ok
14:15:16.0980 19032  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:15:17.0020 19032  HidBatt - ok
14:15:17.0042 19032  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:15:17.0099 19032  HidBth - ok
14:15:17.0136 19032  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:15:17.0173 19032  HidIr - ok
14:15:17.0199 19032  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:15:17.0252 19032  hidserv - ok
14:15:17.0295 19032  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:15:17.0306 19032  HidUsb - ok
14:15:17.0327 19032  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:15:17.0440 19032  hkmsvc - ok
14:15:17.0465 19032  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:15:17.0513 19032  HomeGroupListener - ok
14:15:17.0536 19032  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:15:17.0580 19032  HomeGroupProvider - ok
14:15:17.0616 19032  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:15:17.0626 19032  HpSAMD - ok
14:15:17.0674 19032  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:15:17.0734 19032  HTTP - ok
14:15:17.0757 19032  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:15:17.0766 19032  hwpolicy - ok
14:15:17.0808 19032  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:15:17.0839 19032  i8042prt - ok
14:15:17.0906 19032  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:15:17.0945 19032  iaStor - ok
14:15:18.0011 19032  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:15:18.0026 19032  iaStorV - ok
14:15:18.0058 19032  [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
14:15:18.0098 19032  iBtFltCoex - ok
14:15:18.0156 19032  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:15:18.0223 19032  idsvc - ok
14:15:18.0558 19032  [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:15:18.0779 19032  igfx - ok
14:15:18.0799 19032  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:15:18.0808 19032  iirsp - ok
14:15:18.0867 19032  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:15:18.0980 19032  IKEEXT - ok
14:15:19.0053 19032  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\drivers\Impcd.sys
14:15:19.0113 19032  Impcd - ok
14:15:19.0172 19032  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
14:15:19.0196 19032  intaud_WaveExtensible - ok
14:15:19.0321 19032  [ 1B491F385EE96F9D9EE4CB430C8CD29E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:15:19.0394 19032  IntcAzAudAddService - ok
14:15:19.0447 19032  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
14:15:19.0508 19032  IntcDAud - ok
14:15:19.0532 19032  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:15:19.0544 19032  intelide - ok
14:15:19.0584 19032  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:15:19.0609 19032  intelppm - ok
14:15:19.0635 19032  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:15:19.0728 19032  IPBusEnum - ok
14:15:19.0758 19032  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:19.0789 19032  IpFilterDriver - ok
14:15:19.0862 19032  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:15:19.0951 19032  iphlpsvc - ok
14:15:19.0965 19032  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:15:19.0993 19032  IPMIDRV - ok
14:15:20.0040 19032  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:15:20.0141 19032  IPNAT - ok
14:15:20.0234 19032  [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:15:20.0277 19032  iPod Service - ok
14:15:20.0314 19032  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:15:20.0354 19032  IRENUM - ok
14:15:20.0376 19032  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:15:20.0400 19032  isapnp - ok
14:15:20.0421 19032  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:15:20.0442 19032  iScsiPrt - ok
14:15:20.0491 19032  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
14:15:20.0506 19032  iwdbus - ok
14:15:20.0544 19032  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:20.0573 19032  kbdclass - ok
14:15:20.0633 19032  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:20.0680 19032  kbdhid - ok
14:15:20.0699 19032  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:15:20.0731 19032  KeyIso - ok
14:15:20.0774 19032  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:15:20.0783 19032  KSecDD - ok
14:15:20.0799 19032  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:15:20.0812 19032  KSecPkg - ok
14:15:20.0863 19032  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:15:20.0915 19032  ksthunk - ok
14:15:20.0944 19032  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:15:21.0015 19032  KtmRm - ok
14:15:21.0068 19032  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:15:21.0133 19032  LanmanServer - ok
14:15:21.0167 19032  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:15:21.0235 19032  LanmanWorkstation - ok
14:15:21.0276 19032  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:15:21.0325 19032  lltdio - ok
14:15:21.0353 19032  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:15:21.0420 19032  lltdsvc - ok
14:15:21.0465 19032  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:15:21.0505 19032  lmhosts - ok
14:15:21.0580 19032  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:15:21.0591 19032  LMS - ok
14:15:21.0631 19032  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:15:21.0641 19032  LSI_FC - ok
14:15:21.0665 19032  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:15:21.0675 19032  LSI_SAS - ok
14:15:21.0682 19032  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:15:21.0691 19032  LSI_SAS2 - ok
14:15:21.0706 19032  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:15:21.0716 19032  LSI_SCSI - ok
14:15:21.0733 19032  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:15:21.0789 19032  luafv - ok
14:15:21.0827 19032  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:15:21.0841 19032  Mcx2Svc - ok
14:15:21.0867 19032  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:15:21.0875 19032  megasas - ok
14:15:21.0904 19032  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:15:21.0938 19032  MegaSR - ok
14:15:21.0993 19032  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:15:22.0013 19032  MEIx64 - ok
14:15:22.0038 19032  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:15:22.0130 19032  MMCSS - ok
14:15:22.0151 19032  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:15:22.0202 19032  Modem - ok
14:15:22.0245 19032  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:15:22.0272 19032  monitor - ok
14:15:22.0298 19032  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:15:22.0325 19032  mouclass - ok
14:15:22.0358 19032  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:15:22.0389 19032  mouhid - ok
14:15:22.0415 19032  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:15:22.0442 19032  mountmgr - ok
14:15:22.0507 19032  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:15:22.0535 19032  MozillaMaintenance - ok
14:15:22.0558 19032  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:15:22.0568 19032  mpio - ok
14:15:22.0592 19032  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:15:22.0626 19032  mpsdrv - ok
14:15:22.0700 19032  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:15:22.0804 19032  MpsSvc - ok
14:15:22.0829 19032  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:15:22.0867 19032  MRxDAV - ok
14:15:22.0892 19032  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:22.0952 19032  mrxsmb - ok
14:15:22.0978 19032  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:23.0012 19032  mrxsmb10 - ok
14:15:23.0033 19032  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:23.0044 19032  mrxsmb20 - ok
14:15:23.0062 19032  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:15:23.0071 19032  msahci - ok
14:15:23.0093 19032  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:15:23.0103 19032  msdsm - ok
14:15:23.0119 19032  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:15:23.0160 19032  MSDTC - ok
14:15:23.0190 19032  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:15:23.0228 19032  Msfs - ok
14:15:23.0271 19032  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:15:23.0324 19032  mshidkmdf - ok
14:15:23.0348 19032  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:15:23.0374 19032  msisadrv - ok
14:15:23.0400 19032  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:15:23.0501 19032  MSiSCSI - ok
14:15:23.0504 19032  msiserver - ok
14:15:23.0563 19032  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:15:23.0636 19032  MSKSSRV - ok
14:15:23.0653 19032  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:23.0684 19032  MSPCLOCK - ok
14:15:23.0693 19032  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:15:23.0737 19032  MSPQM - ok
14:15:23.0763 19032  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:15:23.0777 19032  MsRPC - ok
14:15:23.0792 19032  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:15:23.0801 19032  mssmbios - ok
14:15:23.0820 19032  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:15:23.0864 19032  MSTEE - ok
14:15:23.0889 19032  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:15:23.0927 19032  MTConfig - ok
14:15:23.0957 19032  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:15:23.0980 19032  Mup - ok
14:15:24.0058 19032  [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
14:15:24.0090 19032  MyWiFiDHCPDNS - ok
14:15:24.0128 19032  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:15:24.0229 19032  napagent - ok
14:15:24.0307 19032  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:15:24.0375 19032  NativeWifiP - ok
14:15:24.0491 19032  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
14:15:24.0535 19032  NAUpdate - ok
14:15:24.0616 19032  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:15:24.0651 19032  NDIS - ok
14:15:24.0693 19032  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:24.0775 19032  NdisCap - ok
14:15:24.0795 19032  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:24.0829 19032  NdisTapi - ok
14:15:24.0862 19032  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:24.0936 19032  Ndisuio - ok
14:15:24.0946 19032  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:24.0994 19032  NdisWan - ok
14:15:25.0013 19032  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:15:25.0052 19032  NDProxy - ok
14:15:25.0093 19032  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
14:15:25.0124 19032  Netaapl - ok
14:15:25.0155 19032  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:15:25.0189 19032  NetBIOS - ok
14:15:25.0210 19032  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:15:25.0243 19032  NetBT - ok
14:15:25.0248 19032  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:15:25.0259 19032  Netlogon - ok
14:15:25.0315 19032  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:15:25.0378 19032  Netman - ok
14:15:25.0433 19032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:25.0443 19032  NetMsmqActivator - ok
14:15:25.0455 19032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:25.0465 19032  NetPipeActivator - ok
14:15:25.0487 19032  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:15:25.0549 19032  netprofm - ok
14:15:25.0565 19032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:25.0573 19032  NetTcpActivator - ok
14:15:25.0578 19032  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:15:25.0587 19032  NetTcpPortSharing - ok
14:15:25.0637 19032  [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
14:15:25.0672 19032  netvsc - ok
14:15:25.0872 19032  [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
14:15:25.0993 19032  NETwNs64 - ok
14:15:26.0027 19032  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:15:26.0037 19032  nfrd960 - ok
14:15:26.0083 19032  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:15:26.0115 19032  NlaSvc - ok
14:15:26.0239 19032  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
14:15:26.0288 19032  NOBU - ok
14:15:26.0298 19032  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:15:26.0334 19032  Npfs - ok
14:15:26.0363 19032  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:15:26.0418 19032  nsi - ok
14:15:26.0447 19032  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:15:26.0495 19032  nsiproxy - ok
14:15:26.0572 19032  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:15:26.0629 19032  Ntfs - ok
14:15:26.0646 19032  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:15:26.0699 19032  Null - ok
14:15:26.0734 19032  [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
14:15:26.0838 19032  nusb3hub - ok
14:15:26.0878 19032  [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:15:26.0899 19032  nusb3xhc - ok
14:15:26.0950 19032  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:15:26.0961 19032  nvraid - ok
14:15:26.0982 19032  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:15:26.0992 19032  nvstor - ok
14:15:27.0030 19032  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:15:27.0040 19032  nv_agp - ok
14:15:27.0044 19032  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:15:27.0054 19032  ohci1394 - ok
14:15:27.0119 19032  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:15:27.0128 19032  ose - ok
14:15:27.0286 19032  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:15:27.0368 19032  osppsvc - ok
14:15:27.0397 19032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:15:27.0446 19032  p2pimsvc - ok
14:15:27.0481 19032  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:15:27.0501 19032  p2psvc - ok
14:15:27.0524 19032  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
14:15:27.0535 19032  Parport - ok
14:15:27.0557 19032  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:15:27.0566 19032  partmgr - ok
14:15:27.0583 19032  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:15:27.0628 19032  PcaSvc - ok
14:15:27.0660 19032  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:15:27.0671 19032  pci - ok
14:15:27.0701 19032  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:15:27.0709 19032  pciide - ok
14:15:27.0727 19032  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:15:27.0739 19032  pcmcia - ok
14:15:27.0754 19032  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:15:27.0782 19032  pcw - ok
14:15:27.0815 19032  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:15:27.0869 19032  PEAUTH - ok
14:15:27.0941 19032  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:15:28.0077 19032  PeerDistSvc - ok
14:15:28.0172 19032  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:15:28.0222 19032  PerfHost - ok
14:15:28.0289 19032  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:15:28.0386 19032  pla - ok
14:15:28.0450 19032  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:15:28.0511 19032  PlugPlay - ok
14:15:28.0545 19032  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:15:28.0582 19032  PNRPAutoReg - ok
14:15:28.0609 19032  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:15:28.0635 19032  PNRPsvc - ok
14:15:28.0676 19032  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:15:28.0777 19032  PolicyAgent - ok
14:15:28.0798 19032  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
14:15:28.0859 19032  Power - ok
14:15:28.0901 19032  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:15:28.0953 19032  PptpMiniport - ok
14:15:28.0980 19032  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
14:15:29.0020 19032  Processor - ok
14:15:29.0053 19032  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:15:29.0114 19032  ProfSvc - ok
14:15:29.0129 19032  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:15:29.0159 19032  ProtectedStorage - ok
14:15:29.0210 19032  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:15:29.0263 19032  Psched - ok
14:15:29.0336 19032  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:15:29.0392 19032  ql2300 - ok
14:15:29.0403 19032  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:15:29.0413 19032  ql40xx - ok
14:15:29.0433 19032  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:15:29.0454 19032  QWAVE - ok
14:15:29.0469 19032  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:15:29.0518 19032  QWAVEdrv - ok
14:15:29.0544 19032  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:15:29.0584 19032  RasAcd - ok
14:15:29.0611 19032  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:29.0644 19032  RasAgileVpn - ok
14:15:29.0662 19032  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:15:29.0711 19032  RasAuto - ok
14:15:29.0730 19032  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:29.0775 19032  Rasl2tp - ok
14:15:29.0803 19032  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:15:29.0842 19032  RasMan - ok
14:15:29.0857 19032  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:29.0905 19032  RasPppoe - ok
14:15:29.0928 19032  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:15:29.0982 19032  RasSstp - ok
14:15:30.0008 19032  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:15:30.0101 19032  rdbss - ok
14:15:30.0125 19032  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:30.0158 19032  rdpbus - ok
14:15:30.0194 19032  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:30.0283 19032  RDPCDD - ok
14:15:30.0324 19032  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:15:30.0364 19032  RDPDR - ok
14:15:30.0410 19032  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:15:30.0517 19032  RDPENCDD - ok
14:15:30.0537 19032  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:15:30.0569 19032  RDPREFMP - ok
14:15:30.0601 19032  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:15:30.0627 19032  RDPWD - ok
14:15:30.0685 19032  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:15:30.0718 19032  rdyboost - ok
14:15:30.0774 19032  [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:15:30.0792 19032  RegSrvc - ok
14:15:30.0834 19032  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:15:30.0919 19032  RemoteAccess - ok
14:15:30.0951 19032  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:15:30.0987 19032  RemoteRegistry - ok
14:15:31.0027 19032  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:15:31.0074 19032  RFCOMM - ok
14:15:31.0095 19032  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:15:31.0209 19032  RpcEptMapper - ok
14:15:31.0239 19032  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:15:31.0270 19032  RpcLocator - ok
14:15:31.0295 19032  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:15:31.0371 19032  RpcSs - ok
14:15:31.0410 19032  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:15:31.0482 19032  rspndr - ok
14:15:31.0527 19032  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:15:31.0539 19032  RSUSBSTOR - ok
14:15:31.0608 19032  [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:15:31.0650 19032  RTL8167 - ok
14:15:31.0681 19032  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:15:31.0705 19032  s3cap - ok
14:15:31.0727 19032  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:15:31.0759 19032  SamSs - ok
14:15:31.0795 19032  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:15:31.0805 19032  sbp2port - ok
14:15:31.0832 19032  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:15:31.0870 19032  SCardSvr - ok
14:15:31.0877 19032  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:15:31.0940 19032  scfilter - ok
14:15:31.0974 19032  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:15:32.0079 19032  Schedule - ok
14:15:32.0105 19032  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:15:32.0152 19032  SCPolicySvc - ok
14:15:32.0166 19032  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:15:32.0226 19032  SDRSVC - ok
14:15:32.0277 19032  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:15:32.0343 19032  secdrv - ok
14:15:32.0371 19032  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:15:32.0406 19032  seclogon - ok
14:15:32.0428 19032  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
14:15:32.0494 19032  SENS - ok
14:15:32.0517 19032  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:15:32.0560 19032  SensrSvc - ok
14:15:32.0616 19032  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:15:32.0648 19032  Serenum - ok
14:15:32.0653 19032  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
14:15:32.0672 19032  Serial - ok
14:15:32.0714 19032  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:15:32.0743 19032  sermouse - ok
14:15:32.0788 19032  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:15:32.0857 19032  SessionEnv - ok
14:15:32.0872 19032  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:15:32.0901 19032  sffdisk - ok
14:15:32.0905 19032  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:15:32.0929 19032  sffp_mmc - ok
14:15:32.0933 19032  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:15:32.0954 19032  sffp_sd - ok
14:15:32.0958 19032  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:15:32.0974 19032  sfloppy - ok
14:15:33.0047 19032  [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:15:33.0088 19032  SftService - ok
14:15:33.0169 19032  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:15:33.0217 19032  SharedAccess - ok
14:15:33.0254 19032  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:15:33.0309 19032  ShellHWDetection - ok
14:15:33.0326 19032  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:15:33.0335 19032  SiSRaid2 - ok
14:15:33.0355 19032  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:15:33.0364 19032  SiSRaid4 - ok
14:15:33.0403 19032  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:15:33.0462 19032  Smb - ok
14:15:33.0509 19032  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:15:33.0540 19032  SNMPTRAP - ok
14:15:33.0567 19032  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:15:33.0579 19032  spldr - ok
14:15:33.0621 19032  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:15:33.0651 19032  Spooler - ok
14:15:33.0731 19032  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:15:33.0868 19032  sppsvc - ok
14:15:33.0889 19032  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:15:33.0923 19032  sppuinotify - ok
14:15:33.0947 19032  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:15:33.0995 19032  srv - ok
14:15:34.0019 19032  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:15:34.0054 19032  srv2 - ok
14:15:34.0085 19032  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:15:34.0096 19032  srvnet - ok
14:15:34.0154 19032  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:15:34.0246 19032  SSDPSRV - ok
14:15:34.0265 19032  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:15:34.0300 19032  SstpSvc - ok
14:15:34.0325 19032  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:15:34.0334 19032  stexstor - ok
14:15:34.0389 19032  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:15:34.0472 19032  stisvc - ok
14:15:34.0494 19032  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
14:15:34.0549 19032  StorSvc - ok
14:15:34.0587 19032  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:15:34.0601 19032  storvsc - ok
14:15:34.0626 19032  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:15:34.0635 19032  swenum - ok
14:15:34.0707 19032  [ BA41A448446FDF839A32E27A8DCB7C9D ] SWGVCSvc        C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
14:15:34.0725 19032  SWGVCSvc - ok
14:15:34.0753 19032  [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec         C:\Windows\system32\Drivers\SWIPsec.sys
14:15:34.0777 19032  SWIPsec - ok
14:15:34.0806 19032  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:15:34.0906 19032  swprv - ok
14:15:34.0949 19032  [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC          C:\Windows\system32\DRIVERS\swvnic.sys
14:15:34.0958 19032  SWVNIC - ok
14:15:34.0985 19032  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
14:15:35.0012 19032  SynthVid - ok
14:15:35.0057 19032  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:15:35.0197 19032  SysMain - ok
14:15:35.0216 19032  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:15:35.0235 19032  TabletInputService - ok
14:15:35.0249 19032  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:15:35.0361 19032  TapiSrv - ok
14:15:35.0382 19032  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:15:35.0420 19032  TBS - ok
14:15:35.0501 19032  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:15:35.0573 19032  Tcpip - ok
14:15:35.0657 19032  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:15:35.0744 19032  TCPIP6 - ok
14:15:35.0777 19032  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:15:35.0788 19032  tcpipreg - ok
14:15:35.0807 19032  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:15:35.0875 19032  TDPIPE - ok
14:15:35.0899 19032  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:15:35.0937 19032  TDTCP - ok
14:15:35.0957 19032  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:15:35.0990 19032  tdx - ok
14:15:36.0035 19032  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:15:36.0045 19032  TermDD - ok
14:15:36.0081 19032  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:15:36.0218 19032  TermService - ok
14:15:36.0238 19032  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:15:36.0274 19032  Themes - ok
14:15:36.0300 19032  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:15:36.0396 19032  THREADORDER - ok
14:15:36.0415 19032  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:15:36.0503 19032  TrkWks - ok
14:15:36.0547 19032  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:15:36.0588 19032  TrustedInstaller - ok
14:15:36.0613 19032  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:36.0661 19032  tssecsrv - ok
14:15:36.0705 19032  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:15:36.0739 19032  TsUsbFlt - ok
14:15:36.0763 19032  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:15:36.0788 19032  TsUsbGD - ok
14:15:36.0817 19032  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:15:36.0929 19032  tunnel - ok
14:15:36.0938 19032  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:15:36.0947 19032  uagp35 - ok
14:15:36.0977 19032  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:15:37.0065 19032  udfs - ok
14:15:37.0095 19032  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:15:37.0107 19032  UI0Detect - ok
14:15:37.0162 19032  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:15:37.0171 19032  uliagpkx - ok
14:15:37.0206 19032  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:15:37.0246 19032  umbus - ok
14:15:37.0264 19032  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:15:37.0296 19032  UmPass - ok
14:15:37.0333 19032  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:15:37.0387 19032  UmRdpService - ok
14:15:37.0563 19032  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:15:37.0629 19032  UNS - ok
14:15:37.0658 19032  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:15:37.0713 19032  upnphost - ok
14:15:37.0749 19032  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:15:37.0771 19032  USBAAPL64 - ok
14:15:37.0797 19032  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:37.0860 19032  usbccgp - ok
14:15:37.0901 19032  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:15:37.0942 19032  usbcir - ok
14:15:37.0965 19032  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:15:37.0989 19032  usbehci - ok
14:15:38.0044 19032  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:15:38.0093 19032  usbhub - ok
14:15:38.0129 19032  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:15:38.0157 19032  usbohci - ok
14:15:38.0185 19032  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:15:38.0230 19032  usbprint - ok
14:15:38.0273 19032  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:15:38.0310 19032  usbscan - ok
14:15:38.0337 19032  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:38.0403 19032  USBSTOR - ok
14:15:38.0427 19032  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:15:38.0473 19032  usbuhci - ok
14:15:38.0497 19032  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:15:38.0537 19032  usbvideo - ok
14:15:38.0575 19032  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:15:38.0642 19032  UxSms - ok
14:15:38.0670 19032  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:15:38.0685 19032  VaultSvc - ok
14:15:38.0725 19032  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:15:38.0734 19032  vdrvroot - ok
14:15:38.0767 19032  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:15:38.0841 19032  vds - ok
14:15:38.0857 19032  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:38.0870 19032  vga - ok
14:15:38.0882 19032  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:15:38.0965 19032  VgaSave - ok
14:15:38.0989 19032  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:15:39.0000 19032  vhdmp - ok
14:15:39.0007 19032  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:15:39.0016 19032  viaide - ok
14:15:39.0043 19032  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:15:39.0064 19032  VMBusHID - ok
14:15:39.0083 19032  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:15:39.0094 19032  volmgr - ok
14:15:39.0108 19032  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:15:39.0122 19032  volmgrx - ok
14:15:39.0139 19032  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:15:39.0152 19032  volsnap - ok
14:15:39.0164 19032  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:15:39.0175 19032  vsmraid - ok
14:15:39.0244 19032  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:15:39.0334 19032  VSS - ok
14:15:39.0352 19032  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:39.0378 19032  vwifibus - ok
14:15:39.0413 19032  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:39.0473 19032  vwififlt - ok
14:15:39.0532 19032  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:15:39.0547 19032  vwifimp - ok
14:15:39.0584 19032  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:15:39.0622 19032  W32Time - ok
14:15:39.0638 19032  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:15:39.0660 19032  WacomPen - ok
14:15:39.0705 19032  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:15:39.0768 19032  WANARP - ok
14:15:39.0771 19032  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:15:39.0813 19032  Wanarpv6 - ok
14:15:39.0880 19032  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:39.0916 19032  WatAdminSvc - ok
14:15:39.0963 19032  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:15:40.0033 19032  wbengine - ok
14:15:40.0049 19032  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:15:40.0076 19032  WbioSrvc - ok
14:15:40.0096 19032  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:15:40.0145 19032  wcncsvc - ok
14:15:40.0169 19032  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:15:40.0201 19032  WcsPlugInService - ok
14:15:40.0223 19032  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
14:15:40.0236 19032  Wd - ok
14:15:40.0265 19032  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:15:40.0294 19032  Wdf01000 - ok
14:15:40.0306 19032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:15:40.0404 19032  WdiServiceHost - ok
14:15:40.0408 19032  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:15:40.0432 19032  WdiSystemHost - ok
14:15:40.0462 19032  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:15:40.0507 19032  WebClient - ok
14:15:40.0537 19032  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:15:40.0613 19032  Wecsvc - ok
14:15:40.0639 19032  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:15:40.0690 19032  wercplsupport - ok
14:15:40.0728 19032  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:15:40.0781 19032  WerSvc - ok
14:15:40.0791 19032  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:40.0839 19032  WfpLwf - ok
14:15:40.0894 19032  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
14:15:40.0909 19032  WimFltr - ok
14:15:40.0934 19032  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:15:40.0947 19032  WIMMount - ok
14:15:40.0988 19032  WinDefend - ok
14:15:41.0008 19032  WinHttpAutoProxySvc - ok
14:15:41.0067 19032  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:15:41.0119 19032  Winmgmt - ok
14:15:41.0197 19032  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:15:41.0302 19032  WinRM - ok
14:15:41.0372 19032  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:41.0389 19032  WinUsb - ok
14:15:41.0425 19032  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:15:41.0493 19032  Wlansvc - ok
14:15:41.0539 19032  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:15:41.0550 19032  wlcrasvc - ok
14:15:41.0672 19032  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:15:41.0714 19032  wlidsvc - ok
14:15:41.0725 19032  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
14:15:41.0751 19032  WmiAcpi - ok
14:15:41.0791 19032  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:15:41.0823 19032  wmiApSrv - ok
14:15:41.0873 19032  WMPNetworkSvc - ok
14:15:41.0897 19032  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:15:41.0931 19032  WPCSvc - ok
14:15:41.0951 19032  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:15:41.0966 19032  WPDBusEnum - ok
14:15:41.0994 19032  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:15:42.0027 19032  ws2ifsl - ok
14:15:42.0088 19032  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:15:42.0147 19032  wscsvc - ok
14:15:42.0154 19032  WSearch - ok
14:15:42.0245 19032  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:15:42.0381 19032  wuauserv - ok
14:15:42.0428 19032  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:15:42.0487 19032  WudfPf - ok
14:15:42.0536 19032  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:42.0579 19032  WUDFRd - ok
14:15:42.0606 19032  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:15:42.0642 19032  wudfsvc - ok
14:15:42.0676 19032  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:15:42.0709 19032  WwanSvc - ok
14:15:42.0755 19032  ================ Scan global ===============================
14:15:42.0791 19032  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:15:42.0842 19032  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:15:42.0865 19032  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:15:42.0896 19032  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:15:42.0922 19032  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:15:42.0925 19032  [Global] - ok
14:15:42.0926 19032  ================ Scan MBR ==================================
14:15:42.0944 19032  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:15:42.0945 19032  Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:15:43.0012 19032  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:15:43.0012 19032  \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:15:43.0106 19032  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:15:43.0106 19032  \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:15:43.0109 19032  ================ Scan VBR ==================================
14:15:43.0111 19032  [ 16C7890A83B9C6B77606404D453A170F ] \Device\Harddisk0\DR0\Partition1
14:15:43.0114 19032  \Device\Harddisk0\DR0\Partition1 - ok
14:15:43.0153 19032  [ 94E3A9D1F06424214BAE0DEC5ECED9A7 ] \Device\Harddisk0\DR0\Partition2
14:15:43.0155 19032  \Device\Harddisk0\DR0\Partition2 - ok
14:15:43.0157 19032  ============================================================
14:15:43.0157 19032  Scan finished
14:15:43.0157 19032  ============================================================
14:15:43.0166 16956  Detected object count: 4
14:15:43.0166 16956  Actual detected object count: 4
14:16:26.0362 16956  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:26.0362 16956  DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:16:26.0363 16956  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:26.0363 16956  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:16:27.0256 16956  \Device\Harddisk0\DR0\# - copied to quarantine
14:16:27.0257 16956  \Device\Harddisk0\DR0 - copied to quarantine
14:16:27.0371 16956  \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:16:27.0376 16956  \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
14:16:27.0382 16956  \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:16:27.0412 16956  \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:16:27.0427 16956  \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:16:27.0429 16956  \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:16:27.0430 16956  \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:16:27.0432 16956  \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:16:27.0436 16956  \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:16:27.0440 16956  \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:16:27.0441 16956  \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:16:27.0443 16956  \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:16:27.0444 16956  \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:16:27.0478 16956  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:16:27.0484 16956  \Device\Harddisk0\DR0 - ok
14:16:27.0485 16956  \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:16:27.0487 16956  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:16:27.0487 16956  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:16:47.0163 4396  Deinitialize success
 



#14 mjcarbonaro

mjcarbonaro
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:36 AM

Posted 20 May 2013 - 01:28 PM

ASW Scan log below....zipped file attached:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-20 14:24:32
-----------------------------
14:24:32.170    OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:32.171    Number of processors: 4 586 0x2A07
14:24:32.171    ComputerName: LTH0344  UserName: Mike
14:24:33.637    Initialize success
14:24:43.660    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:24:43.665    Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
14:24:43.852    Disk 0 MBR read successfully
14:24:43.858    Disk 0 MBR scan
14:24:43.863    Disk 0 Windows VISTA default MBR code
14:24:43.871    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
14:24:43.886    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        20000 MB offset 212992
14:24:43.905    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       456835 MB offset 41172992
14:24:44.137    Disk 0 scanning C:\Windows\system32\drivers
14:25:03.435    Service scanning
14:25:36.757    Modules scanning
14:25:36.774    Disk 0 trace - called modules:
14:25:36.816    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:25:36.827    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007df2060]
14:25:37.172    3 CLASSPNP.SYS[fffff88000fc243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062cf050]
14:25:37.183    Scan finished successfully
14:26:09.155    Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\MBR.dat"
14:26:09.161    The log file has been saved successfully to "C:\Users\Mike\Desktop\aswMBR.txt"

 

Attached Files

  • Attached File  MBR.zip   567bytes   1 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 20 May 2013 - 01:40 PM

That was a good clean-up any remaining issues?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users