Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 ryanwills

ryanwills

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 05 June 2013 - 05:23 AM

Hello all, I have a sirefef virus and I guess the quickest way to sum it up is in this post :

http://www.bleepingcomputer.com/forums/t/496853/sirefef-infection/#entry3069673

I ran dds last night. At around the 20 minute mark it hadn't finished, or moved for that matter, in 19 minutes. I cancelled it and went to bed. I'm now running it before I go to work, and will post the log when I get home. Hopefully.

BC AdBot (Login to Remove)

 


#2 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 05 June 2013 - 04:03 PM

No luck. Before I left this morning, the scan jumped to over three quarters finished. It is in the same spot now, over 11 hours later.

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 05 June 2013 - 10:16 PM

Please do the following:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 June 2013 - 05:36 AM

I noticed n the scanner there is an option for md5 drivers. I don't know if you read my previous topic, but yorkyt.exe moved something or removed something to do with md5. I do not know if this is relevant. Here are requested logs

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-05-2013 02 (ATTENTION: FRST version is 16 days old)
Ran by Carolyn (administrator) on 06-06-2013 07:26:38
Running from C:\Users\Carolyn\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Farbar) C:\Users\Carolyn\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [411768 2006-12-12] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [55416 2006-12-07] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [448632 2006-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [530552 2006-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\RunOnce: [yorkyt.exe] cmd.exe /c start C:\Users\Carolyn\Desktop\yorkyt.exe [1415784 2013-05-21] ()
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [SHIM LINK FREE BALL] "C:\ProgramData\coal store comp.9hjfshr" [x]
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\Carolyn\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-30] (Google Inc.)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2007-06-27] (Nero AG)
HKCU\...\Run: [PCSpeedUp] C:\Program Files\PC Speed Up\PCSpeedUp.lnk [2080 2011-09-26] ()
HKCU\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [20480 2012-01-08] (Logitech)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Facebook Update] "C:\Users\Carolyn\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-14] (SUPERAntiSpyware.com)
MountPoints2: {486b51a3-5489-11e0-bdb7-00a0d16e32d9} - F:\AutoRunBloodmoon.exe
MountPoints2: {7753e55f-eed6-11e1-851b-00a0d16e32d9} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Carolyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-divx
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
PDF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
PDF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll [62464] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 01 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll [19968] (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll [19968] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: onlinehdtv - C:\Users\Carolyn\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\onlinehdtv@onlinehd.tv.xpi

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Carolyn\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Carolyn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Chrome for a Cause) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbfammmagchhaohncbhghoohcfoeckdi\1.5.3_0
CHR Extension: (YouTube) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Online HD TV) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih\1.2_0
CHR Extension: (Gmail) - C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

S1 AFD; C:\Windows\system32\drivers\20130521204521.afd.sys [273408 2013-05-21] (Microsoft Corporation)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [19968 2004-05-21] ()
S3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [471232 2004-05-21] ()
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [685816 2011-03-22] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 iscFlash; \??\C:\Users\Carolyn\AppData\Local\Temp\isc72FEtmp\iscflash.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 awa0jdgh; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 07:26 - 2013-06-06 07:26 - 00000000 ____D C:\FRST
2013-06-06 07:26 - 2013-05-21 22:05 - 01318319 ____A (Farbar) C:\Users\Carolyn\Desktop\FRST.exe
2013-06-05 07:18 - 2013-06-04 23:22 - 00688992 ____R (Swearware) C:\Users\Carolyn\Desktop\dds.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00001811 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\SUPERAntiSpyware.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-04 15:21 - 2013-06-04 15:21 - 00000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Malwarebytes
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 15:21 - 2013-04-04 14:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-21 22:47 - 2013-05-21 22:47 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-05-21 22:39 - 2013-06-05 20:47 - 00000000 ____D C:\Windows\Minidump
2013-05-21 20:45 - 2013-05-21 20:39 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\20130521204521.afd.sys
2013-05-21 20:36 - 2013-05-21 20:45 - 00000000 ____D C:\Windows\System32\DBBK
2013-05-21 20:35 - 2013-05-21 22:46 - 00155026 ____A C:\Users\Carolyn\Desktop\yorkyt.exe.log
2013-05-21 20:35 - 2013-05-21 20:33 - 01415784 ____A C:\Users\Carolyn\Desktop\yorkyt.exe
2013-05-21 19:31 - 2013-05-21 19:31 - 00000748 ____A C:\Users\Carolyn\Desktop\eset paswords.txt
2013-05-21 18:53 - 2013-05-21 18:53 - 00000000 ____D C:\ProgramData\ESET
2013-05-21 18:53 - 2013-05-21 18:53 - 00000000 ____D C:\Program Files\ESET
2013-05-19 23:53 - 2013-05-19 23:53 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-19 23:44 - 2013-05-21 22:48 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-05-16 03:16 - 2013-05-05 16:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 03:16 - 2013-05-05 16:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 03:01 - 2013-04-04 19:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 03:01 - 2013-04-04 19:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 03:01 - 2013-04-04 19:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 03:01 - 2013-04-04 19:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 03:01 - 2013-04-04 19:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 03:01 - 2013-04-04 19:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 03:01 - 2013-04-04 18:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 03:01 - 2013-04-04 18:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 03:01 - 2013-04-04 18:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 03:01 - 2013-04-04 18:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 03:01 - 2013-04-04 18:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 03:01 - 2013-04-04 18:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 03:01 - 2013-04-04 18:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 03:01 - 2013-04-04 18:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 20:09 - 2013-04-15 11:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 20:09 - 2013-04-13 07:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 20:09 - 2013-04-08 22:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== One Month Modified Files and Folders ========

2013-06-06 07:26 - 2013-06-06 07:26 - 00000000 ____D C:\FRST
2013-06-05 20:48 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-05 20:47 - 2013-05-21 22:39 - 00000000 ____D C:\Windows\Minidump
2013-06-04 23:22 - 2013-06-05 07:18 - 00688992 ____R (Swearware) C:\Users\Carolyn\Desktop\dds.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00001811 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\SUPERAntiSpyware.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-04 15:30 - 2013-06-04 15:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-04 15:21 - 2013-06-04 15:21 - 00000917 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Malwarebytes
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-06-04 15:21 - 2013-06-04 15:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 18:06 - 2010-12-01 21:53 - 00001356 ____A C:\Users\Carolyn\AppData\Local\d3d9caps.dat
2013-05-22 02:20 - 2011-08-16 18:56 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-05-21 22:48 - 2013-05-19 23:44 - 00000000 ____D C:\Program Files\x264 Video Codec
2013-05-21 22:47 - 2013-05-21 22:47 - 00000069 ____A C:\Windows\NeroDigital.ini
2013-05-21 22:47 - 2012-04-08 01:25 - 00000105 ____A C:\Users\Carolyn\AppData\default.pls
2013-05-21 22:46 - 2013-05-21 20:35 - 00155026 ____A C:\Users\Carolyn\Desktop\yorkyt.exe.log
2013-05-21 22:05 - 2013-06-06 07:26 - 01318319 ____A (Farbar) C:\Users\Carolyn\Desktop\FRST.exe
2013-05-21 20:48 - 2006-11-02 10:01 - 00032644 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-21 20:48 - 2006-11-02 10:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-21 20:48 - 2006-11-02 09:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-21 20:48 - 2006-11-02 09:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-21 20:45 - 2013-05-21 20:36 - 00000000 ____D C:\Windows\System32\DBBK
2013-05-21 20:39 - 2013-05-21 20:45 - 00273408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\20130521204521.afd.sys
2013-05-21 20:39 - 2011-01-26 19:29 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-21 20:33 - 2013-05-21 20:35 - 01415784 ____A C:\Users\Carolyn\Desktop\yorkyt.exe
2013-05-21 20:29 - 2011-01-26 19:29 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-21 20:29 - 2010-11-30 19:53 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929418559-3031327181-2361236060-1000UA.job
2013-05-21 20:14 - 2012-04-10 08:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-21 20:06 - 2008-07-20 05:38 - 00000000 ____D C:\users\Carolyn
2013-05-21 19:40 - 2006-11-02 08:18 - 00000000 __RHD C:\users\Default
2013-05-21 19:33 - 2011-03-05 01:36 - 00000314 ____A C:\Windows\Tasks\At1.job
2013-05-21 19:31 - 2013-05-21 19:31 - 00000748 ____A C:\Users\Carolyn\Desktop\eset paswords.txt
2013-05-21 19:18 - 2012-01-09 23:08 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2929418559-3031327181-2361236060-1000UA.job
2013-05-21 19:18 - 2012-01-09 23:08 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2929418559-3031327181-2361236060-1000Core.job
2013-05-21 19:14 - 2011-09-26 16:37 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\Winamp
2013-05-21 19:14 - 2010-12-02 12:33 - 00000000 ____D C:\Users\Carolyn\AppData\Roaming\BitTorrent
2013-05-21 19:00 - 2011-03-05 01:36 - 00000390 ____A C:\Windows\Tasks\At3.job
2013-05-21 19:00 - 2011-03-05 01:36 - 00000382 ____A C:\Windows\Tasks\At4.job
2013-05-21 18:53 - 2013-05-21 18:53 - 00000000 ____D C:\ProgramData\ESET
2013-05-21 18:53 - 2013-05-21 18:53 - 00000000 ____D C:\Program Files\ESET
2013-05-21 09:36 - 2012-04-10 08:57 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-21 09:36 - 2012-01-13 01:28 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-21 07:29 - 2010-11-30 19:53 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929418559-3031327181-2361236060-1000Core.job
2013-05-20 18:29 - 2010-12-05 11:24 - 00000478 ___AH C:\Windows\Tasks\Norton Security Scan for Carolyn.job
2013-05-19 23:53 - 2013-05-19 23:53 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-05-19 18:47 - 2006-11-02 07:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-16 03:53 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-16 03:18 - 2011-01-17 10:16 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 03:04 - 2006-11-02 07:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

Other Malware:
===========
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-05 19:54

==================== End Of Log ============================


____________________________________________
____________________________________________

Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-05-2013 02
Ran by Carolyn at 2013-06-06 07:27:24 Run:
Running from C:\Users\Carolyn\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Applet
Atheros Driver Installation Program (Version: 5.0)
BitTorrent (Version: 7.7.0.27987)
Bluetooth Stack for Windows by Toshiba (Version: v5.00.10(T))
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.16)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FrostWire 4.21.3 (Version: 4.21.3.0)
Google Chrome (Version: 26.0.1410.64)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.1.12)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Runtime Environment 6 (Version: 1.6.0.0)
K-Lite Mega Codec Pack 9.7.5 (Version: 9.7.5)
Logitech Desktop Messenger
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Map Button (Windows Live Toolbar) (Version: 03.01.0146)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works 6-9 Converter (Version: 14.0.6120.5002)
Microsoft XML Parser (Version: 8.20.8730.4)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 7 Premium (Version: 7.02.9753)
neroxml (Version: 1.0.0)
OnlineHDTV (Version: 2.1 Build 26473)
Peggle Nights Deluxe
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver (Version: 6.0.1.5326)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146)
SUPERAntiSpyware (Version: 5.6.1020)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
TOSHIBA Assist (Version: 2.00.00)
TOSHIBA ConfigFree (Version: 7.00.22)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.00.00)
TOSHIBA Hardware Setup (Version: 2.00.04STV)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA SD Memory Utilities (Version: 1.6)
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.04STV)
TOSHIBA Value Added Package (Version: 1.0.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.5 (Version: 1.1.5)
Winamp (Version: 5.621 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Favorites for Windows Live Toolbar (Version: 03.01.0146)
Windows Live Toolbar Extension (Windows Live Toolbar) (Version: 03.01.0146)
WinRAR 4.00 beta 2 (32-bit) (Version: 4.00.2)
Wondershare Video Converter Ultimate(Build 6.0.3.2) (Version: 6.0.3.2)

==================== Restore Points =========================

21-05-2013 23:35:53 Panda ZAcccess init

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost


==================== Faulty Device Manager Devices =============

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/05/2013 07:34:20 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2013 11:59:33 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2013 03:43:49 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2013 03:29:21 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/04/2013 03:12:52 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/02/2013 01:50:59 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/21/2013 10:40:29 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/21/2013 08:35:52 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2c64880c-bf3d-48bc-b982-632bfd996bb5}

Error: (05/21/2013 07:44:34 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (05/21/2013 07:39:45 PM) (Source: MsiInstaller) (User: RYANANDMELISSA)
Description: Product: ESET NOD32 Antivirus -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.


System errors:
=============
Error: (12/08/2010 06:48:34 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 8:42:50 PM on 07/12/2010 was unexpected.

Error: (12/06/2010 10:21:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:20:38 PM on 06/12/2010 was unexpected.

Error: (12/06/2010 05:23:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:22:38 PM on 06/12/2010 was unexpected.

Error: (12/05/2010 06:35:05 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:33:37 PM on 05/12/2010 was unexpected.

Error: (12/05/2010 04:40:47 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:38:55 PM on 05/12/2010 was unexpected.

Error: (12/05/2010 01:49:44 PM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (12/05/2010 01:45:51 PM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (12/05/2010 01:45:51 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/05/2010 01:44:21 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (12/05/2010 01:44:21 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue67.201.86.83:63331


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-06-05 20:40:40.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:40.347
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:40.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:39.769
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:39.489
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:39.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:38.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:38.553
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:38.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-05 20:40:37.975
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 1013.31 MB
Available physical RAM: 566.11 MB
Total Pagefile: 2304.93 MB
Available Pagefile: 2050.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.31 MB

==================== Drives ================================

Drive c: (S3A6022D501) (Fixed) (Total:63.06 GB) (Free:3.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:10 GB) (Free:2.49 GB) NTFS
Drive g: () (Removable) (Total:29.81 GB) (Free:15.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows Vista) (Size: 75 GB) (Disk ID: 123437EE)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=63 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 06 June 2013 - 08:47 AM

Download attached fixlist.txt file and save it to the Desktop.

[attachment=138470:FixList.txt]

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


NEXT


Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.
Verify that your system is now functioning normally.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 June 2013 - 06:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-05-2013 02
Ran by Carolyn at 2013-06-06 19:29:52 Run:1
Running from C:\Users\Carolyn\Desktop
Boot Mode: Safe Mode (minimal)

==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SHIM LINK FREE BALL => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Value deleted successfully.
HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll
awa0jdgh => Service not found.

========= del /a/f/q c:\windows\tasks\at*.job =========


========= End of CMD: =========


==== End of Fixlog ====

#7 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 June 2013 - 07:16 PM

So as with before, when attempting to post an Mbam log a couple of days ago, neither of the mbar logs will post. With the mbam log, even just trying to post the two file directories for the two Trojans found, I am unable to post .There were 16 infected files, all were removed successfully. A second scan after a restart turned up nothing.

#8 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 06 June 2013 - 07:24 PM

I attempted a normal restart, but still crash. The blue screen displays the file 20130521204521.afd.sys

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 06 June 2013 - 07:30 PM

Please run the following:


Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.




NEXT

Please download Farbar Service Scanner and run it
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 June 2013 - 02:19 PM

Combofix has been running for about 9 hours. It said my eset antivirus is running, but it isn't even listed in my add/remove programs. Before I was stuck in safe mode, my antivirus told me it was corrupted and needs to be re installed. I uninstalled and reinstalled, but when I restarted the laptop, it was removed and not running at all. At that point it wouldn't let me open the install wizard. I deleted everything to do with e set(except the installer) but it is still running apparently. I ran combofix anyway. The first message that popped up said access denied need administrator signature( sorry I don't remember exactly what it said) and that it was creating a system restore point. It then changed to the familiar scanning for infected files screen,. I left for work at this point, and when i got home there was a box that said a rootkit was detected. I clicked okay ( half hour ago now) and there has been no progress. My computer clock is also 9 hours behind, and not changing at all.

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 07 June 2013 - 02:49 PM

Please X out of ComboFix, it's stalled it shouldn't take that long.

Please run the following (as well as the Farbar Service Scanner)



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
NEXT
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 07 June 2013 - 04:30 PM

Here are the requested logs. I am pleased to say i am posting this on my laptop, in normal mode. I won't be as hasty to say everything is back to normal, but enough to thank you so much for your help.

 

17:47:21.0745 1660  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:47:21.0760 1660  ============================================================
17:47:21.0760 1660  Current date / time: 2013/06/07 17:47:21.0760
17:47:21.0760 1660  SystemInfo:
17:47:21.0760 1660 
17:47:21.0760 1660  OS Version: 6.0.6002 ServicePack: 2.0
17:47:21.0760 1660  Product type: Workstation
17:47:21.0760 1660  ComputerName: RYANANDMELISSA
17:47:21.0760 1660  UserName: Carolyn
17:47:21.0760 1660  Windows directory: C:\Windows
17:47:21.0760 1660  System windows directory: C:\Windows
17:47:21.0760 1660  Processor architecture: Intel x86
17:47:21.0760 1660  Number of processors: 2
17:47:21.0760 1660  Page size: 0x1000
17:47:21.0760 1660  Boot type: Safe boot
17:47:21.0760 1660  ============================================================
17:47:23.0039 1660  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:47:23.0039 1660  Drive \Device\Harddisk1\DR1 - Size: 0x774700000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:47:23.0039 1660  ============================================================
17:47:23.0039 1660  \Device\Harddisk0\DR0:
17:47:23.0055 1660  MBR partitions:
17:47:23.0055 1660  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x7E21000
17:47:23.0055 1660  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x810F800, BlocksNum 0x1400000
17:47:23.0055 1660  \Device\Harddisk1\DR1:
17:47:23.0055 1660  MBR partitions:
17:47:23.0055 1660  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x3BA1800
17:47:23.0055 1660  ============================================================
17:47:23.0117 1660  C: <-> \Device\Harddisk0\DR0\Partition1
17:47:23.0305 1660  D: <-> \Device\Harddisk0\DR0\Partition2
17:47:23.0305 1660  ============================================================
17:47:23.0305 1660  Initialize success
17:47:23.0305 1660  ============================================================
17:47:39.0201 1840  ============================================================
17:47:39.0201 1840  Scan started
17:47:39.0201 1840  Mode: Manual; TDLFS;
17:47:39.0201 1840  ============================================================
17:47:39.0575 1840  ================ Scan system memory ========================
17:47:39.0575 1840  System memory - ok
17:47:39.0575 1840  ================ Scan services =============================
17:47:39.0653 1840  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:47:39.0653 1840  !SASCORE - ok
17:47:39.0809 1840  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:47:39.0809 1840  ACPI - ok
17:47:39.0903 1840  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:47:39.0903 1840  AdobeARMservice - ok
17:47:39.0981 1840  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:47:40.0028 1840  AdobeFlashPlayerUpdateSvc - ok
17:47:40.0090 1840  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:47:40.0090 1840  adp94xx - ok
17:47:40.0137 1840  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:47:40.0137 1840  adpahci - ok
17:47:40.0168 1840  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:47:40.0184 1840  adpu160m - ok
17:47:40.0215 1840  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:47:40.0215 1840  adpu320 - ok
17:47:40.0277 1840  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:47:40.0277 1840  AeLookupSvc - ok
17:47:40.0340 1840  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:47:40.0355 1840  AFD - ok
17:47:40.0402 1840  [ 1CB677BF1DABD3BAF4F944E2C90D6C73 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:47:40.0402 1840  AgereModemAudio - ok
17:47:40.0465 1840  [ 4E6294A06BE883C9BD685A8DFD9FCD4E ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:47:40.0496 1840  AgereSoftModem - ok
17:47:40.0543 1840  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:47:40.0543 1840  agp440 - ok
17:47:40.0605 1840  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:47:40.0605 1840  aic78xx - ok
17:47:40.0636 1840  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:47:40.0636 1840  ALG - ok
17:47:40.0652 1840  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:47:40.0667 1840  aliide - ok
17:47:40.0683 1840  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:47:40.0683 1840  amdagp - ok
17:47:40.0714 1840  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
17:47:40.0714 1840  amdide - ok
17:47:40.0745 1840  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:47:40.0745 1840  AmdK7 - ok
17:47:40.0761 1840  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:47:40.0761 1840  AmdK8 - ok
17:47:40.0823 1840  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:47:40.0823 1840  Appinfo - ok
17:47:40.0901 1840  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:47:40.0901 1840  Apple Mobile Device - ok
17:47:40.0948 1840  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
17:47:40.0948 1840  arc - ok
17:47:40.0979 1840  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:47:40.0995 1840  arcsas - ok
17:47:41.0026 1840  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:47:41.0026 1840  AsyncMac - ok
17:47:41.0057 1840  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:47:41.0057 1840  atapi - ok
17:47:41.0151 1840  [ 8BE56F8300E1C37B578DA23C71816B7A ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:47:41.0198 1840  athr - ok
17:47:41.0276 1840  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:47:41.0291 1840  AudioEndpointBuilder - ok
17:47:41.0307 1840  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:47:41.0307 1840  Audiosrv - ok
17:47:41.0354 1840  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:47:41.0354 1840  Beep - ok
17:47:41.0416 1840  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:47:41.0416 1840  BFE - ok
17:47:41.0510 1840  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:47:41.0572 1840  BITS - ok
17:47:41.0588 1840  blbdrive - ok
17:47:41.0681 1840  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:47:41.0681 1840  Bonjour Service - ok
17:47:41.0713 1840  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:47:41.0728 1840  bowser - ok
17:47:41.0759 1840  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:47:41.0759 1840  BrFiltLo - ok
17:47:41.0806 1840  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:47:41.0806 1840  BrFiltUp - ok
17:47:41.0853 1840  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:47:41.0853 1840  Browser - ok
17:47:41.0884 1840  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:47:41.0900 1840  Brserid - ok
17:47:41.0915 1840  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:47:41.0931 1840  BrSerWdm - ok
17:47:41.0947 1840  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:47:41.0947 1840  BrUsbMdm - ok
17:47:41.0947 1840  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:47:41.0962 1840  BrUsbSer - ok
17:47:41.0978 1840  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:47:41.0993 1840  BTHMODEM - ok
17:47:42.0071 1840  catchme - ok
17:47:42.0134 1840  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:47:42.0134 1840  cdfs - ok
17:47:42.0181 1840  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:47:42.0181 1840  cdrom - ok
17:47:42.0227 1840  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:47:42.0227 1840  CertPropSvc - ok
17:47:42.0305 1840  [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
17:47:42.0305 1840  CFSvcs - ok
17:47:42.0337 1840  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:47:42.0337 1840  circlass - ok
17:47:42.0399 1840  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:47:42.0399 1840  CLFS - ok
17:47:42.0477 1840  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:47:42.0539 1840  clr_optimization_v2.0.50727_32 - ok
17:47:42.0633 1840  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:47:42.0742 1840  clr_optimization_v4.0.30319_32 - ok
17:47:42.0805 1840  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:47:42.0805 1840  CmBatt - ok
17:47:42.0851 1840  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:47:42.0851 1840  cmdide - ok
17:47:42.0898 1840  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:47:42.0898 1840  Compbatt - ok
17:47:42.0914 1840  COMSysApp - ok
17:47:42.0945 1840  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:47:42.0945 1840  crcdisk - ok
17:47:42.0976 1840  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:47:42.0976 1840  Crusoe - ok
17:47:43.0054 1840  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:47:43.0054 1840  CryptSvc - ok
17:47:43.0117 1840  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:47:43.0132 1840  DcomLaunch - ok
17:47:43.0179 1840  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:47:43.0179 1840  DfsC - ok
17:47:43.0304 1840  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:47:43.0351 1840  DFSR - ok
17:47:43.0413 1840  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:47:43.0413 1840  Dhcp - ok
17:47:43.0460 1840  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:47:43.0460 1840  disk - ok
17:47:43.0491 1840  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:47:43.0507 1840  Dnscache - ok
17:47:43.0553 1840  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:47:43.0553 1840  dot3svc - ok
17:47:43.0600 1840  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:47:43.0600 1840  DPS - ok
17:47:43.0647 1840  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:47:43.0647 1840  drmkaud - ok
17:47:43.0756 1840  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:47:43.0850 1840  DXGKrnl - ok
17:47:43.0881 1840  [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
17:47:43.0881 1840  E100B - ok
17:47:43.0928 1840  [ 7505290504C8E2D172FA378CC0497BCC ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
17:47:43.0928 1840  e1express - ok
17:47:43.0990 1840  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:47:43.0990 1840  E1G60 - ok
17:47:44.0068 1840  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:47:44.0068 1840  EapHost - ok
17:47:44.0131 1840  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:47:44.0131 1840  Ecache - ok
17:47:44.0209 1840  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:47:44.0209 1840  ehRecvr - ok
17:47:44.0240 1840  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:47:44.0240 1840  ehSched - ok
17:47:44.0255 1840  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:47:44.0255 1840  ehstart - ok
17:47:44.0302 1840  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:47:44.0302 1840  elxstor - ok
17:47:44.0365 1840  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:47:44.0380 1840  EMDMgmt - ok
17:47:44.0443 1840  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:47:44.0443 1840  EventSystem - ok
17:47:44.0489 1840  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:47:44.0489 1840  exfat - ok
17:47:44.0521 1840  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:47:44.0521 1840  fastfat - ok
17:47:44.0567 1840  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:47:44.0567 1840  fdc - ok
17:47:44.0599 1840  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:47:44.0599 1840  fdPHost - ok
17:47:44.0630 1840  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:47:44.0645 1840  FDResPub - ok
17:47:44.0708 1840  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:47:44.0708 1840  FileInfo - ok
17:47:44.0739 1840  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:47:44.0739 1840  Filetrace - ok
17:47:44.0755 1840  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:47:44.0755 1840  flpydisk - ok
17:47:44.0817 1840  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:47:44.0817 1840  FltMgr - ok
17:47:44.0926 1840  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
17:47:44.0942 1840  FontCache - ok
17:47:44.0989 1840  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:47:44.0989 1840  FontCache3.0.0.0 - ok
17:47:45.0035 1840  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:47:45.0035 1840  Fs_Rec - ok
17:47:45.0082 1840  [ CBC22823628544735625B280665E434E ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
17:47:45.0082 1840  FwLnk - ok
17:47:45.0113 1840  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:47:45.0113 1840  gagp30kx - ok
17:47:45.0191 1840  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:47:45.0191 1840  GEARAspiWDM - ok
17:47:45.0238 1840  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:47:45.0254 1840  gpsvc - ok
17:47:45.0347 1840  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:47:45.0347 1840  gupdate - ok
17:47:45.0363 1840  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:47:45.0363 1840  gupdatem - ok
17:47:45.0410 1840  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:47:45.0410 1840  HdAudAddService - ok
17:47:45.0472 1840  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:47:45.0488 1840  HDAudBus - ok
17:47:45.0503 1840  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:47:45.0503 1840  HidBth - ok
17:47:45.0535 1840  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:47:45.0535 1840  HidIr - ok
17:47:45.0566 1840  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
17:47:45.0566 1840  hidserv - ok
17:47:45.0581 1840  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:47:45.0581 1840  HidUsb - ok
17:47:45.0628 1840  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:47:45.0628 1840  hkmsvc - ok
17:47:45.0659 1840  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:47:45.0659 1840  HpCISSs - ok
17:47:45.0722 1840  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:47:45.0722 1840  HTTP - ok
17:47:45.0737 1840  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:47:45.0753 1840  i2omp - ok
17:47:45.0784 1840  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:47:45.0784 1840  i8042prt - ok
17:47:45.0893 1840  [ 9378D57E2B96C0A185D844770AD49948 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:47:45.0940 1840  ialm - ok
17:47:45.0971 1840  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:47:45.0987 1840  iaStorV - ok
17:47:46.0065 1840  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:47:46.0065 1840  IDriverT - ok
17:47:46.0143 1840  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:47:46.0174 1840  idsvc - ok
17:47:46.0252 1840  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:47:46.0268 1840  igfx - ok
17:47:46.0330 1840  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:47:46.0346 1840  iirsp - ok
17:47:46.0408 1840  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:47:46.0408 1840  IKEEXT - ok
17:47:46.0517 1840  [ 2690BE9907B36B7C3EA2859C74926FA1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:47:46.0564 1840  IntcAzAudAddService - ok
17:47:46.0611 1840  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:47:46.0611 1840  intelide - ok
17:47:46.0642 1840  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:47:46.0642 1840  intelppm - ok
17:47:46.0689 1840  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:47:46.0689 1840  IPBusEnum - ok
17:47:46.0720 1840  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:46.0720 1840  IpFilterDriver - ok
17:47:46.0814 1840  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:47:46.0814 1840  iphlpsvc - ok
17:47:46.0829 1840  IpInIp - ok
17:47:46.0876 1840  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:47:46.0876 1840  IPMIDRV - ok
17:47:46.0907 1840  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:47:46.0923 1840  IPNAT - ok
17:47:46.0985 1840  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:47:47.0001 1840  iPod Service - ok
17:47:47.0032 1840  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:47:47.0032 1840  IRENUM - ok
17:47:47.0048 1840  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:47:47.0048 1840  isapnp - ok
17:47:47.0079 1840  iscFlash - ok
17:47:47.0126 1840  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:47:47.0126 1840  iScsiPrt - ok
17:47:47.0173 1840  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:47:47.0173 1840  iteatapi - ok
17:47:47.0204 1840  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:47:47.0204 1840  iteraid - ok
17:47:47.0235 1840  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:47.0235 1840  kbdclass - ok
17:47:47.0251 1840  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:47:47.0251 1840  kbdhid - ok
17:47:47.0313 1840  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:47:47.0313 1840  KeyIso - ok
17:47:47.0375 1840  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:47:47.0391 1840  KSecDD - ok
17:47:47.0453 1840  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:47:47.0469 1840  KtmRm - ok
17:47:47.0500 1840  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:47:47.0500 1840  LanmanServer - ok
17:47:47.0547 1840  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:47:47.0563 1840  LanmanWorkstation - ok
17:47:47.0609 1840  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:47:47.0609 1840  lltdio - ok
17:47:47.0656 1840  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:47:47.0656 1840  lltdsvc - ok
17:47:47.0687 1840  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:47:47.0687 1840  lmhosts - ok
17:47:47.0734 1840  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:47:47.0750 1840  LSI_FC - ok
17:47:47.0765 1840  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:47:47.0765 1840  LSI_SAS - ok
17:47:47.0797 1840  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:47:47.0797 1840  LSI_SCSI - ok
17:47:47.0843 1840  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:47:47.0843 1840  luafv - ok
17:47:47.0890 1840  [ 65994B84DD34E2B8FE2CBE4A077FA2F1 ] LVUSBSta        C:\Windows\system32\drivers\lvusbsta.sys
17:47:47.0890 1840  LVUSBSta - ok
17:47:47.0921 1840  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:47:47.0921 1840  Mcx2Svc - ok
17:47:47.0968 1840  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
17:47:47.0984 1840  megasas - ok
17:47:48.0109 1840  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:47:48.0109 1840  Microsoft Office Groove Audit Service - ok
17:47:48.0140 1840  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:47:48.0140 1840  MMCSS - ok
17:47:48.0155 1840  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:47:48.0171 1840  Modem - ok
17:47:48.0218 1840  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:47:48.0218 1840  monitor - ok
17:47:48.0249 1840  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:47:48.0249 1840  mouclass - ok
17:47:48.0280 1840  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:47:48.0280 1840  mouhid - ok
17:47:48.0311 1840  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:47:48.0311 1840  MountMgr - ok
17:47:48.0343 1840  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:47:48.0343 1840  mpio - ok
17:47:48.0374 1840  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:47:48.0389 1840  mpsdrv - ok
17:47:48.0452 1840  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:47:48.0467 1840  MpsSvc - ok
17:47:48.0483 1840  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:47:48.0483 1840  Mraid35x - ok
17:47:48.0530 1840  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:47:48.0530 1840  MRxDAV - ok
17:47:48.0592 1840  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:48.0592 1840  mrxsmb - ok
17:47:48.0623 1840  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:48.0623 1840  mrxsmb10 - ok
17:47:48.0639 1840  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:48.0639 1840  mrxsmb20 - ok
17:47:48.0686 1840  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:47:48.0686 1840  msahci - ok
17:47:48.0701 1840  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:47:48.0701 1840  msdsm - ok
17:47:48.0733 1840  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:47:48.0748 1840  MSDTC - ok
17:47:48.0795 1840  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:47:48.0795 1840  Msfs - ok
17:47:48.0826 1840  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:47:48.0826 1840  msisadrv - ok
17:47:48.0873 1840  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:47:48.0904 1840  MSiSCSI - ok
17:47:48.0904 1840  msiserver - ok
17:47:48.0935 1840  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:47:48.0951 1840  MSKSSRV - ok
17:47:48.0998 1840  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:48.0998 1840  MSPCLOCK - ok
17:47:49.0029 1840  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:47:49.0029 1840  MSPQM - ok
17:47:49.0060 1840  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:47:49.0060 1840  MsRPC - ok
17:47:49.0091 1840  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:47:49.0091 1840  mssmbios - ok
17:47:49.0107 1840  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:47:49.0107 1840  MSTEE - ok
17:47:49.0154 1840  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:47:49.0154 1840  Mup - ok
17:47:49.0201 1840  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:47:49.0216 1840  napagent - ok
17:47:49.0263 1840  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:47:49.0263 1840  NativeWifiP - ok
17:47:49.0388 1840  [ B498A14133BD09AD0817590ACE4470AD ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:47:49.0404 1840  NBService - ok
17:47:49.0466 1840  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:47:49.0466 1840  NDIS - ok
17:47:49.0513 1840  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:49.0513 1840  NdisTapi - ok
17:47:49.0560 1840  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:49.0560 1840  Ndisuio - ok
17:47:49.0606 1840  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:49.0606 1840  NdisWan - ok
17:47:49.0653 1840  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:47:49.0653 1840  NDProxy - ok
17:47:49.0669 1840  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:47:49.0669 1840  NetBIOS - ok
17:47:49.0716 1840  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:47:49.0716 1840  netbt - ok
17:47:49.0731 1840  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:47:49.0731 1840  Netlogon - ok
17:47:49.0778 1840  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:47:49.0778 1840  Netman - ok
17:47:49.0825 1840  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:47:49.0825 1840  netprofm - ok
17:47:49.0872 1840  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:49.0872 1840  NetTcpPortSharing - ok
17:47:49.0918 1840  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:47:49.0918 1840  nfrd960 - ok
17:47:49.0950 1840  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:47:49.0965 1840  NlaSvc - ok
17:47:50.0074 1840  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:47:50.0074 1840  NMIndexingService - ok
17:47:50.0121 1840  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:47:50.0121 1840  Npfs - ok
17:47:50.0152 1840  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:47:50.0168 1840  nsi - ok
17:47:50.0199 1840  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:47:50.0199 1840  nsiproxy - ok
17:47:50.0293 1840  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:47:50.0308 1840  Ntfs - ok
17:47:50.0371 1840  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:47:50.0371 1840  ntrigdigi - ok
17:47:50.0402 1840  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:47:50.0402 1840  Null - ok
17:47:50.0433 1840  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:47:50.0433 1840  nvraid - ok
17:47:50.0464 1840  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:47:50.0464 1840  nvstor - ok
17:47:50.0496 1840  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:47:50.0496 1840  nv_agp - ok
17:47:50.0496 1840  NwlnkFlt - ok
17:47:50.0511 1840  NwlnkFwd - ok
17:47:50.0605 1840  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:47:50.0620 1840  odserv - ok
17:47:50.0667 1840  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:47:50.0667 1840  ohci1394 - ok
17:47:50.0730 1840  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:50.0730 1840  ose - ok
17:47:50.0808 1840  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:47:50.0823 1840  p2pimsvc - ok
17:47:50.0854 1840  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:47:50.0854 1840  p2psvc - ok
17:47:50.0886 1840  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:47:50.0901 1840  Parport - ok
17:47:50.0948 1840  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:47:50.0948 1840  partmgr - ok
17:47:50.0979 1840  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:47:50.0979 1840  Parvdm - ok
17:47:51.0010 1840  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:47:51.0010 1840  PcaSvc - ok
17:47:51.0057 1840  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:47:51.0057 1840  pci - ok
17:47:51.0088 1840  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:47:51.0104 1840  pciide - ok
17:47:51.0166 1840  [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:47:51.0166 1840  pcmcia - ok
17:47:51.0229 1840  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:47:51.0244 1840  PEAUTH - ok
17:47:51.0338 1840  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:47:51.0369 1840  pla - ok
17:47:51.0416 1840  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:47:51.0432 1840  PlugPlay - ok
17:47:51.0478 1840  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:47:51.0478 1840  PNRPAutoReg - ok
17:47:51.0494 1840  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:47:51.0494 1840  PNRPsvc - ok
17:47:51.0541 1840  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:47:51.0556 1840  PolicyAgent - ok
17:47:51.0588 1840  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:47:51.0588 1840  PptpMiniport - ok
17:47:51.0619 1840  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
17:47:51.0619 1840  Processor - ok
17:47:51.0666 1840  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:47:51.0666 1840  ProfSvc - ok
17:47:51.0697 1840  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:47:51.0697 1840  ProtectedStorage - ok
17:47:51.0728 1840  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:47:51.0728 1840  PSched - ok
17:47:51.0759 1840  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:47:51.0759 1840  PxHelp20 - ok
17:47:51.0822 1840  [ A5D52C11EFF8B133432D98B2C2A4AEE6 ] QCMerced        C:\Windows\system32\DRIVERS\LVCM.sys
17:47:51.0837 1840  QCMerced - ok
17:47:51.0900 1840  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:47:51.0931 1840  ql2300 - ok
17:47:51.0962 1840  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:47:51.0962 1840  ql40xx - ok
17:47:52.0009 1840  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:47:52.0009 1840  QWAVE - ok
17:47:52.0040 1840  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:47:52.0040 1840  QWAVEdrv - ok
17:47:52.0071 1840  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:47:52.0087 1840  RasAcd - ok
17:47:52.0118 1840  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:47:52.0134 1840  RasAuto - ok
17:47:52.0180 1840  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:52.0180 1840  Rasl2tp - ok
17:47:52.0227 1840  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:47:52.0227 1840  RasMan - ok
17:47:52.0274 1840  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:52.0274 1840  RasPppoe - ok
17:47:52.0321 1840  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:47:52.0321 1840  RasSstp - ok
17:47:52.0368 1840  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:47:52.0368 1840  rdbss - ok
17:47:52.0414 1840  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:52.0414 1840  RDPCDD - ok
17:47:52.0477 1840  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:47:52.0477 1840  rdpdr - ok
17:47:52.0492 1840  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:47:52.0492 1840  RDPENCDD - ok
17:47:52.0524 1840  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:47:52.0539 1840  RDPWD - ok
17:47:52.0586 1840  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:47:52.0586 1840  RemoteAccess - ok
17:47:52.0617 1840  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:47:52.0617 1840  RemoteRegistry - ok
17:47:52.0664 1840  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
17:47:52.0664 1840  RimUsb - ok
17:47:52.0711 1840  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:47:52.0711 1840  RpcLocator - ok
17:47:52.0742 1840  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:47:52.0742 1840  RpcSs - ok
17:47:52.0804 1840  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:47:52.0804 1840  rspndr - ok
17:47:52.0820 1840  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:47:52.0820 1840  SamSs - ok
17:47:52.0867 1840  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:47:52.0867 1840  SASDIFSV - ok
17:47:52.0898 1840  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:47:52.0898 1840  SASKUTIL - ok
17:47:52.0945 1840  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:47:52.0945 1840  sbp2port - ok
17:47:52.0992 1840  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:47:53.0007 1840  SCardSvr - ok
17:47:53.0054 1840  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:47:53.0070 1840  Schedule - ok
17:47:53.0101 1840  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:47:53.0101 1840  SCPolicySvc - ok
17:47:53.0148 1840  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:47:53.0148 1840  sdbus - ok
17:47:53.0194 1840  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:47:53.0194 1840  SDRSVC - ok
17:47:53.0272 1840  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:47:53.0288 1840  SeaPort - ok
17:47:53.0319 1840  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:47:53.0335 1840  secdrv - ok
17:47:53.0366 1840  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:47:53.0382 1840  seclogon - ok
17:47:53.0397 1840  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:47:53.0397 1840  SENS - ok
17:47:53.0428 1840  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:47:53.0428 1840  Serenum - ok
17:47:53.0460 1840  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:47:53.0460 1840  Serial - ok
17:47:53.0475 1840  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:47:53.0491 1840  sermouse - ok
17:47:53.0538 1840  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:47:53.0538 1840  SessionEnv - ok
17:47:53.0569 1840  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:47:53.0569 1840  sffdisk - ok
17:47:53.0584 1840  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:47:53.0600 1840  sffp_mmc - ok
17:47:53.0631 1840  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:47:53.0631 1840  sffp_sd - ok
17:47:53.0647 1840  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:47:53.0662 1840  sfloppy - ok
17:47:53.0709 1840  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:47:53.0725 1840  SharedAccess - ok
17:47:53.0756 1840  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:47:53.0772 1840  ShellHWDetection - ok
17:47:53.0787 1840  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:47:53.0787 1840  sisagp - ok
17:47:53.0803 1840  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:47:53.0818 1840  SiSRaid2 - ok
17:47:53.0850 1840  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:47:53.0850 1840  SiSRaid4 - ok
17:47:53.0974 1840  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:47:54.0052 1840  slsvc - ok
17:47:54.0084 1840  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:47:54.0084 1840  SLUINotify - ok
17:47:54.0130 1840  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:47:54.0130 1840  Smb - ok
17:47:54.0177 1840  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:47:54.0177 1840  SNMPTRAP - ok
17:47:54.0208 1840  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:47:54.0224 1840  spldr - ok
17:47:54.0271 1840  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:47:54.0271 1840  Spooler - ok
17:47:54.0333 1840  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
17:47:54.0333 1840  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
17:47:54.0349 1840  sptd ( LockedFile.Multi.Generic ) - warning
17:47:54.0349 1840  sptd - detected LockedFile.Multi.Generic (1)
17:47:54.0396 1840  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:47:54.0396 1840  srv - ok
17:47:54.0442 1840  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:47:54.0458 1840  srv2 - ok
17:47:54.0489 1840  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:47:54.0489 1840  srvnet - ok
17:47:54.0536 1840  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:47:54.0536 1840  SSDPSRV - ok
17:47:54.0598 1840  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:47:54.0614 1840  SstpSvc - ok
17:47:54.0676 1840  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:47:54.0692 1840  stisvc - ok
17:47:54.0708 1840  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:47:54.0708 1840  swenum - ok
17:47:54.0754 1840  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:47:54.0754 1840  swprv - ok
17:47:54.0801 1840  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:47:54.0801 1840  Symc8xx - ok
17:47:54.0817 1840  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:47:54.0817 1840  Sym_hi - ok
17:47:54.0848 1840  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:47:54.0848 1840  Sym_u3 - ok
17:47:54.0895 1840  [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:47:54.0895 1840  SynTP - ok
17:47:54.0957 1840  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:47:54.0973 1840  SysMain - ok
17:47:55.0004 1840  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:47:55.0004 1840  TabletInputService - ok
17:47:55.0051 1840  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:47:55.0051 1840  TapiSrv - ok
17:47:55.0098 1840  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:47:55.0098 1840  TBS - ok
17:47:55.0176 1840  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:47:55.0191 1840  Tcpip - ok
17:47:55.0222 1840  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:47:55.0222 1840  Tcpip6 - ok
17:47:55.0269 1840  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:47:55.0269 1840  tcpipreg - ok
17:47:55.0285 1840  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:47:55.0285 1840  TDPIPE - ok
17:47:55.0316 1840  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:47:55.0316 1840  TDTCP - ok
17:47:55.0347 1840  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:47:55.0347 1840  tdx - ok
17:47:55.0378 1840  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:47:55.0378 1840  TermDD - ok
17:47:55.0441 1840  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:47:55.0441 1840  TermService - ok
17:47:55.0472 1840  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:47:55.0472 1840  Themes - ok
17:47:55.0503 1840  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:47:55.0503 1840  THREADORDER - ok
17:47:55.0550 1840  [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
17:47:55.0550 1840  tifm21 - ok
17:47:55.0644 1840  [ E6A7A8FDE1CD4DD943A5EA7437CFC5C0 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
17:47:55.0659 1840  TosCoSrv - ok
17:47:55.0706 1840  [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:47:55.0706 1840  TOSHIBA Bluetooth Service - ok
17:47:55.0753 1840  [ B758FDA2E4389DC41688E4B8CEE832A0 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
17:47:55.0753 1840  tosrfbd - ok
17:47:55.0800 1840  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\Windows\system32\drivers\Tosrfcom.sys
17:47:55.0800 1840  Tosrfcom - ok
17:47:55.0815 1840  [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
17:47:55.0831 1840  tosrfec - ok
17:47:55.0862 1840  [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:47:55.0878 1840  Tosrfhid - ok
17:47:55.0893 1840  [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
17:47:55.0909 1840  Tosrfusb - ok
17:47:55.0940 1840  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:47:55.0940 1840  TrkWks - ok
17:47:56.0002 1840  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:47:56.0002 1840  TrustedInstaller - ok
17:47:56.0034 1840  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:56.0049 1840  tssecsrv - ok
17:47:56.0080 1840  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:47:56.0080 1840  tunmp - ok
17:47:56.0112 1840  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:47:56.0112 1840  tunnel - ok
17:47:56.0174 1840  [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:47:56.0174 1840  TVALZ - ok
17:47:56.0205 1840  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:47:56.0205 1840  uagp35 - ok
17:47:56.0252 1840  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:47:56.0268 1840  udfs - ok
17:47:56.0314 1840  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:47:56.0314 1840  UI0Detect - ok
17:47:56.0361 1840  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:47:56.0361 1840  uliagpkx - ok
17:47:56.0377 1840  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:47:56.0392 1840  uliahci - ok
17:47:56.0408 1840  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:47:56.0408 1840  UlSata - ok
17:47:56.0439 1840  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:47:56.0439 1840  ulsata2 - ok
17:47:56.0486 1840  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:47:56.0486 1840  umbus - ok
17:47:56.0533 1840  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:47:56.0548 1840  upnphost - ok
17:47:56.0595 1840  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:47:56.0595 1840  USBAAPL - ok
17:47:56.0658 1840  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:47:56.0658 1840  usbaudio - ok
17:47:56.0720 1840  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:47:56.0720 1840  usbccgp - ok
17:47:56.0767 1840  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:47:56.0767 1840  usbcir - ok
17:47:56.0814 1840  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:47:56.0814 1840  usbehci - ok
17:47:56.0860 1840  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:47:56.0860 1840  usbhub - ok
17:47:56.0876 1840  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:47:56.0876 1840  usbohci - ok
17:47:56.0892 1840  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:47:56.0907 1840  usbprint - ok
17:47:56.0923 1840  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:56.0938 1840  USBSTOR - ok
17:47:56.0970 1840  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:47:56.0970 1840  usbuhci - ok
17:47:57.0001 1840  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:47:57.0001 1840  UxSms - ok
17:47:57.0048 1840  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:47:57.0063 1840  vds - ok
17:47:57.0094 1840  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:57.0094 1840  vga - ok
17:47:57.0110 1840  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:47:57.0110 1840  VgaSave - ok
17:47:57.0141 1840  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:47:57.0141 1840  viaagp - ok
17:47:57.0157 1840  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:47:57.0157 1840  ViaC7 - ok
17:47:57.0172 1840  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:47:57.0172 1840  viaide - ok
17:47:57.0219 1840  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:47:57.0219 1840  volmgr - ok
17:47:57.0266 1840  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:47:57.0266 1840  volmgrx - ok
17:47:57.0313 1840  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:47:57.0313 1840  volsnap - ok
17:47:57.0344 1840  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:47:57.0375 1840  vsmraid - ok
17:47:57.0422 1840  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:47:57.0453 1840  VSS - ok
17:47:57.0484 1840  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:47:57.0500 1840  W32Time - ok
17:47:57.0516 1840  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:47:57.0516 1840  WacomPen - ok
17:47:57.0562 1840  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:47:57.0562 1840  Wanarp - ok
17:47:57.0562 1840  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:47:57.0562 1840  Wanarpv6 - ok
17:47:57.0625 1840  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:47:57.0625 1840  wcncsvc - ok
17:47:57.0672 1840  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:47:57.0672 1840  WcsPlugInService - ok
17:47:57.0703 1840  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:47:57.0703 1840  Wd - ok
17:47:57.0750 1840  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:47:57.0765 1840  Wdf01000 - ok
17:47:57.0812 1840  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:47:57.0812 1840  WdiServiceHost - ok
17:47:57.0812 1840  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:47:57.0828 1840  WdiSystemHost - ok
17:47:57.0859 1840  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:47:57.0859 1840  WebClient - ok
17:47:57.0906 1840  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:47:57.0921 1840  Wecsvc - ok
17:47:57.0952 1840  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:47:57.0952 1840  wercplsupport - ok
17:47:57.0984 1840  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:47:57.0984 1840  WerSvc - ok
17:47:58.0046 1840  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:47:58.0062 1840  WinDefend - ok
17:47:58.0077 1840  WinHttpAutoProxySvc - ok
17:47:58.0140 1840  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:47:58.0140 1840  Winmgmt - ok
17:47:58.0218 1840  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:47:58.0249 1840  WinRM - ok
17:47:58.0311 1840  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:47:58.0311 1840  Wlansvc - ok
17:47:58.0342 1840  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:47:58.0342 1840  WmiAcpi - ok
17:47:58.0389 1840  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:47:58.0389 1840  wmiApSrv - ok
17:47:58.0467 1840  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:47:58.0483 1840  WMPNetworkSvc - ok
17:47:58.0514 1840  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:47:58.0514 1840  WPCSvc - ok
17:47:58.0561 1840  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:47:58.0561 1840  WPDBusEnum - ok
17:47:58.0608 1840  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:47:58.0608 1840  WpdUsb - ok
17:47:58.0748 1840  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:58.0764 1840  WPFFontCache_v0400 - ok
17:47:58.0779 1840  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:47:58.0779 1840  ws2ifsl - ok
17:47:58.0842 1840  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
17:47:58.0842 1840  wscsvc - ok
17:47:58.0857 1840  WSearch - ok
17:47:58.0982 1840  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:47:59.0013 1840  wuauserv - ok
17:47:59.0076 1840  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:47:59.0076 1840  WudfPf - ok
17:47:59.0107 1840  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:59.0107 1840  WUDFRd - ok
17:47:59.0154 1840  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:47:59.0154 1840  wudfsvc - ok
17:47:59.0169 1840  ================ Scan global ===============================
17:47:59.0200 1840  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:47:59.0263 1840  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:47:59.0278 1840  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:47:59.0325 1840  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:47:59.0341 1840  [Global] - ok
17:47:59.0341 1840  ================ Scan MBR ==================================
17:47:59.0356 1840  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:47:59.0793 1840  \Device\Harddisk0\DR0 - ok
17:47:59.0793 1840  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:47:59.0996 1840  \Device\Harddisk1\DR1 - ok
17:47:59.0996 1840  ================ Scan VBR ==================================
17:47:59.0996 1840  [ D3638188E9E3E4FBFE92AD20374BAAE9 ] \Device\Harddisk0\DR0\Partition1
17:47:59.0996 1840  \Device\Harddisk0\DR0\Partition1 - ok
17:48:00.0027 1840  [ 282A420C2F3A5064B0D30766570596D9 ] \Device\Harddisk0\DR0\Partition2
17:48:00.0027 1840  \Device\Harddisk0\DR0\Partition2 - ok
17:48:00.0027 1840  [ 651874EEE7C1243E81F6573C28B53261 ] \Device\Harddisk1\DR1\Partition1
17:48:00.0043 1840  \Device\Harddisk1\DR1\Partition1 - ok
17:48:00.0043 1840  ============================================================
17:48:00.0043 1840  Scan finished
17:48:00.0043 1840  ============================================================
17:48:00.0058 2008  Detected object count: 1
17:48:00.0058 2008  Actual detected object count: 1
17:49:41.0475 2008  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
17:49:41.0475 2008  sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
17:49:58.0931 0356  ============================================================
17:49:58.0931 0356  Scan started
17:49:58.0931 0356  Mode: Manual; TDLFS;
17:49:58.0931 0356  ============================================================
17:49:59.0134 0356  ================ Scan system memory ========================
17:49:59.0134 0356  System memory - ok
17:49:59.0134 0356  ================ Scan services =============================
17:49:59.0196 0356  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
17:49:59.0196 0356  !SASCORE - ok
17:49:59.0352 0356  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:49:59.0368 0356  ACPI - ok
17:49:59.0430 0356  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:59.0430 0356  AdobeARMservice - ok
17:49:59.0493 0356  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:59.0493 0356  AdobeFlashPlayerUpdateSvc - ok
17:49:59.0540 0356  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:49:59.0540 0356  adp94xx - ok
17:49:59.0586 0356  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:49:59.0586 0356  adpahci - ok
17:49:59.0602 0356  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:49:59.0618 0356  adpu160m - ok
17:49:59.0633 0356  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:49:59.0633 0356  adpu320 - ok
17:49:59.0680 0356  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:49:59.0680 0356  AeLookupSvc - ok
17:49:59.0727 0356  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:49:59.0727 0356  AFD - ok
17:49:59.0758 0356  [ 1CB677BF1DABD3BAF4F944E2C90D6C73 ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:49:59.0758 0356  AgereModemAudio - ok
17:49:59.0820 0356  [ 4E6294A06BE883C9BD685A8DFD9FCD4E ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:49:59.0836 0356  AgereSoftModem - ok
17:49:59.0852 0356  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:49:59.0852 0356  agp440 - ok
17:49:59.0914 0356  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:49:59.0914 0356  aic78xx - ok
17:49:59.0945 0356  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:49:59.0945 0356  ALG - ok
17:49:59.0961 0356  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:49:59.0961 0356  aliide - ok
17:49:59.0992 0356  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:49:59.0992 0356  amdagp - ok
17:50:00.0008 0356  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
17:50:00.0008 0356  amdide - ok
17:50:00.0039 0356  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:50:00.0039 0356  AmdK7 - ok
17:50:00.0054 0356  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:50:00.0054 0356  AmdK8 - ok
17:50:00.0086 0356  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:50:00.0086 0356  Appinfo - ok
17:50:00.0148 0356  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:50:00.0148 0356  Apple Mobile Device - ok
17:50:00.0179 0356  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
17:50:00.0179 0356  arc - ok
17:50:00.0210 0356  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:50:00.0210 0356  arcsas - ok
17:50:00.0242 0356  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:50:00.0242 0356  AsyncMac - ok
17:50:00.0273 0356  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:50:00.0273 0356  atapi - ok
17:50:00.0335 0356  [ 8BE56F8300E1C37B578DA23C71816B7A ] athr            C:\Windows\system32\DRIVERS\athr.sys
17:50:00.0351 0356  athr - ok
17:50:00.0398 0356  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:50:00.0398 0356  AudioEndpointBuilder - ok
17:50:00.0413 0356  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:50:00.0413 0356  Audiosrv - ok
17:50:00.0460 0356  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:50:00.0460 0356  Beep - ok
17:50:00.0507 0356  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:50:00.0507 0356  BFE - ok
17:50:00.0585 0356  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:50:00.0585 0356  BITS - ok
17:50:00.0600 0356  blbdrive - ok
17:50:00.0663 0356  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:50:00.0678 0356  Bonjour Service - ok
17:50:00.0710 0356  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:50:00.0710 0356  bowser - ok
17:50:00.0741 0356  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:50:00.0741 0356  BrFiltLo - ok
17:50:00.0756 0356  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:50:00.0756 0356  BrFiltUp - ok
17:50:00.0803 0356  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:50:00.0803 0356  Browser - ok
17:50:00.0834 0356  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:50:00.0834 0356  Brserid - ok
17:50:00.0866 0356  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:50:00.0866 0356  BrSerWdm - ok
17:50:00.0881 0356  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:50:00.0881 0356  BrUsbMdm - ok
17:50:00.0897 0356  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:50:00.0897 0356  BrUsbSer - ok
17:50:00.0928 0356  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:50:00.0928 0356  BTHMODEM - ok
17:50:01.0006 0356  catchme - ok
17:50:01.0053 0356  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:50:01.0053 0356  cdfs - ok
17:50:01.0084 0356  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:50:01.0084 0356  cdrom - ok
17:50:01.0115 0356  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:50:01.0115 0356  CertPropSvc - ok
17:50:01.0178 0356  [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs          C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
17:50:01.0178 0356  CFSvcs - ok
17:50:01.0209 0356  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:50:01.0209 0356  circlass - ok
17:50:01.0256 0356  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:50:01.0256 0356  CLFS - ok
17:50:01.0302 0356  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:01.0302 0356  clr_optimization_v2.0.50727_32 - ok
17:50:01.0365 0356  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:50:01.0365 0356  clr_optimization_v4.0.30319_32 - ok
17:50:01.0412 0356  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:50:01.0412 0356  CmBatt - ok
17:50:01.0443 0356  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:50:01.0443 0356  cmdide - ok
17:50:01.0458 0356  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:50:01.0458 0356  Compbatt - ok
17:50:01.0474 0356  COMSysApp - ok
17:50:01.0490 0356  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:50:01.0490 0356  crcdisk - ok
17:50:01.0521 0356  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:50:01.0521 0356  Crusoe - ok
17:50:01.0599 0356  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:50:01.0599 0356  CryptSvc - ok
17:50:01.0661 0356  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:50:01.0677 0356  DcomLaunch - ok
17:50:01.0739 0356  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:50:01.0739 0356  DfsC - ok
17:50:01.0848 0356  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:50:01.0864 0356  DFSR - ok
17:50:01.0911 0356  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:50:01.0911 0356  Dhcp - ok
17:50:01.0942 0356  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:50:01.0942 0356  disk - ok
17:50:01.0973 0356  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:50:01.0973 0356  Dnscache - ok
17:50:02.0020 0356  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:50:02.0020 0356  dot3svc - ok
17:50:02.0051 0356  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:50:02.0051 0356  DPS - ok
17:50:02.0098 0356  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:50:02.0098 0356  drmkaud - ok
17:50:02.0160 0356  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:50:02.0176 0356  DXGKrnl - ok
17:50:02.0207 0356  [ D00EEAE1CACD77A1A8396BBC19140BBA ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
17:50:02.0207 0356  E100B - ok
17:50:02.0238 0356  [ 7505290504C8E2D172FA378CC0497BCC ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
17:50:02.0238 0356  e1express - ok
17:50:02.0254 0356  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:50:02.0270 0356  E1G60 - ok
17:50:02.0316 0356  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:50:02.0316 0356  EapHost - ok
17:50:02.0348 0356  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:50:02.0348 0356  Ecache - ok
17:50:02.0426 0356  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:50:02.0426 0356  ehRecvr - ok
17:50:02.0441 0356  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:50:02.0457 0356  ehSched - ok
17:50:02.0472 0356  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:50:02.0472 0356  ehstart - ok
17:50:02.0519 0356  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:50:02.0519 0356  elxstor - ok
17:50:02.0582 0356  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:50:02.0582 0356  EMDMgmt - ok
17:50:02.0644 0356  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:50:02.0644 0356  EventSystem - ok
17:50:02.0691 0356  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:50:02.0691 0356  exfat - ok
17:50:02.0738 0356  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:50:02.0738 0356  fastfat - ok
17:50:02.0769 0356  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:50:02.0769 0356  fdc - ok
17:50:02.0816 0356  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:50:02.0816 0356  fdPHost - ok
17:50:02.0847 0356  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:50:02.0847 0356  FDResPub - ok
17:50:02.0894 0356  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:50:02.0894 0356  FileInfo - ok
17:50:02.0925 0356  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:50:02.0925 0356  Filetrace - ok
17:50:02.0972 0356  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:50:02.0972 0356  flpydisk - ok
17:50:03.0003 0356  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:50:03.0018 0356  FltMgr - ok
17:50:03.0096 0356  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
17:50:03.0096 0356  FontCache - ok
17:50:03.0159 0356  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:50:03.0159 0356  FontCache3.0.0.0 - ok
17:50:03.0190 0356  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:50:03.0190 0356  Fs_Rec - ok
17:50:03.0221 0356  [ CBC22823628544735625B280665E434E ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
17:50:03.0221 0356  FwLnk - ok
17:50:03.0252 0356  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:50:03.0252 0356  gagp30kx - ok
17:50:03.0299 0356  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:50:03.0299 0356  GEARAspiWDM - ok
17:50:03.0346 0356  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:50:03.0346 0356  gpsvc - ok
17:50:03.0424 0356  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:03.0424 0356  gupdate - ok
17:50:03.0440 0356  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:03.0440 0356  gupdatem - ok
17:50:03.0471 0356  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:50:03.0471 0356  HdAudAddService - ok
17:50:03.0533 0356  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:50:03.0533 0356  HDAudBus - ok
17:50:03.0564 0356  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:50:03.0564 0356  HidBth - ok
17:50:03.0596 0356  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:50:03.0596 0356  HidIr - ok
17:50:03.0627 0356  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
17:50:03.0627 0356  hidserv - ok
17:50:03.0642 0356  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:50:03.0642 0356  HidUsb - ok
17:50:03.0689 0356  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:50:03.0689 0356  hkmsvc - ok
17:50:03.0705 0356  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:50:03.0705 0356  HpCISSs - ok
17:50:03.0767 0356  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:50:03.0767 0356  HTTP - ok
17:50:03.0798 0356  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:50:03.0798 0356  i2omp - ok
17:50:03.0830 0356  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:50:03.0830 0356  i8042prt - ok
17:50:03.0939 0356  [ 9378D57E2B96C0A185D844770AD49948 ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:50:03.0954 0356  ialm - ok
17:50:04.0001 0356  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:50:04.0001 0356  iaStorV - ok
17:50:04.0079 0356  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:50:04.0079 0356  IDriverT - ok
17:50:04.0173 0356  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:50:04.0173 0356  idsvc - ok
17:50:04.0266 0356  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
17:50:04.0298 0356  igfx - ok
17:50:04.0329 0356  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:50:04.0329 0356  iirsp - ok
17:50:04.0376 0356  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:50:04.0376 0356  IKEEXT - ok
17:50:04.0454 0356  [ 2690BE9907B36B7C3EA2859C74926FA1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:50:04.0469 0356  IntcAzAudAddService - ok
17:50:04.0500 0356  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:50:04.0500 0356  intelide - ok
17:50:04.0516 0356  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:50:04.0516 0356  intelppm - ok
17:50:04.0547 0356  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:50:04.0547 0356  IPBusEnum - ok
17:50:04.0594 0356  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:50:04.0594 0356  IpFilterDriver - ok
17:50:04.0656 0356  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:50:04.0656 0356  iphlpsvc - ok
17:50:04.0656 0356  IpInIp - ok
17:50:04.0703 0356  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:50:04.0703 0356  IPMIDRV - ok
17:50:04.0734 0356  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:50:04.0734 0356  IPNAT - ok
17:50:04.0797 0356  [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:50:04.0797 0356  iPod Service - ok
17:50:04.0828 0356  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:50:04.0844 0356  IRENUM - ok
17:50:04.0859 0356  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:50:04.0859 0356  isapnp - ok
17:50:04.0859 0356  iscFlash - ok
17:50:04.0906 0356  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:50:04.0906 0356  iScsiPrt - ok
17:50:04.0937 0356  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:50:04.0937 0356  iteatapi - ok
17:50:04.0968 0356  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:50:04.0968 0356  iteraid - ok
17:50:04.0984 0356  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:50:05.0000 0356  kbdclass - ok
17:50:05.0015 0356  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
17:50:05.0015 0356  kbdhid - ok
17:50:05.0078 0356  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:50:05.0078 0356  KeyIso - ok
17:50:05.0140 0356  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:50:05.0140 0356  KSecDD - ok
17:50:05.0187 0356  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:50:05.0187 0356  KtmRm - ok
17:50:05.0218 0356  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:50:05.0218 0356  LanmanServer - ok
17:50:05.0265 0356  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:50:05.0265 0356  LanmanWorkstation - ok
17:50:05.0312 0356  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:50:05.0312 0356  lltdio - ok
17:50:05.0343 0356  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:50:05.0343 0356  lltdsvc - ok
17:50:05.0374 0356  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:50:05.0374 0356  lmhosts - ok
17:50:05.0436 0356  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:50:05.0436 0356  LSI_FC - ok
17:50:05.0452 0356  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:50:05.0452 0356  LSI_SAS - ok
17:50:05.0468 0356  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:50:05.0468 0356  LSI_SCSI - ok
17:50:05.0514 0356  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:50:05.0514 0356  luafv - ok
17:50:05.0546 0356  [ 65994B84DD34E2B8FE2CBE4A077FA2F1 ] LVUSBSta        C:\Windows\system32\drivers\lvusbsta.sys
17:50:05.0546 0356  LVUSBSta - ok
17:50:05.0577 0356  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:50:05.0577 0356  Mcx2Svc - ok
17:50:05.0592 0356  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
17:50:05.0592 0356  megasas - ok
17:50:05.0702 0356  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
17:50:05.0702 0356  Microsoft Office Groove Audit Service - ok
17:50:05.0717 0356  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:50:05.0717 0356  MMCSS - ok
17:50:05.0748 0356  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:50:05.0748 0356  Modem - ok
17:50:05.0811 0356  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:50:05.0811 0356  monitor - ok
17:50:05.0842 0356  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:50:05.0842 0356  mouclass - ok
17:50:05.0873 0356  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:50:05.0873 0356  mouhid - ok
17:50:05.0904 0356  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:50:05.0904 0356  MountMgr - ok
17:50:05.0936 0356  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:50:05.0936 0356  mpio - ok
17:50:05.0951 0356  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:50:05.0951 0356  mpsdrv - ok
17:50:05.0998 0356  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:50:06.0014 0356  MpsSvc - ok
17:50:06.0029 0356  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:50:06.0029 0356  Mraid35x - ok
17:50:06.0076 0356  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:50:06.0076 0356  MRxDAV - ok
17:50:06.0138 0356  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:50:06.0138 0356  mrxsmb - ok
17:50:06.0170 0356  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:50:06.0170 0356  mrxsmb10 - ok
17:50:06.0185 0356  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:50:06.0185 0356  mrxsmb20 - ok
17:50:06.0232 0356  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:50:06.0232 0356  msahci - ok
17:50:06.0248 0356  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:50:06.0248 0356  msdsm - ok
17:50:06.0294 0356  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:50:06.0294 0356  MSDTC - ok
17:50:06.0341 0356  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:50:06.0341 0356  Msfs - ok
17:50:06.0372 0356  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:50:06.0372 0356  msisadrv - ok
17:50:06.0419 0356  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:50:06.0435 0356  MSiSCSI - ok
17:50:06.0435 0356  msiserver - ok
17:50:06.0497 0356  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:50:06.0497 0356  MSKSSRV - ok
17:50:06.0528 0356  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:50:06.0528 0356  MSPCLOCK - ok
17:50:06.0544 0356  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:50:06.0544 0356  MSPQM - ok
17:50:06.0591 0356  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:50:06.0591 0356  MsRPC - ok
17:50:06.0606 0356  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:50:06.0606 0356  mssmbios - ok
17:50:06.0622 0356  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:50:06.0622 0356  MSTEE - ok
17:50:06.0669 0356  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:50:06.0669 0356  Mup - ok
17:50:06.0731 0356  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:50:06.0731 0356  napagent - ok
17:50:06.0778 0356  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:50:06.0778 0356  NativeWifiP - ok
17:50:06.0872 0356  [ B498A14133BD09AD0817590ACE4470AD ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
17:50:06.0887 0356  NBService - ok
17:50:06.0934 0356  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:50:06.0950 0356  NDIS - ok
17:50:06.0996 0356  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:50:06.0996 0356  NdisTapi - ok
17:50:07.0043 0356  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:50:07.0043 0356  Ndisuio - ok
17:50:07.0090 0356  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:50:07.0090 0356  NdisWan - ok
17:50:07.0121 0356  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:50:07.0137 0356  NDProxy - ok
17:50:07.0152 0356  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:50:07.0152 0356  NetBIOS - ok
17:50:07.0199 0356  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:50:07.0199 0356  netbt - ok
17:50:07.0215 0356  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:50:07.0215 0356  Netlogon - ok
17:50:07.0262 0356  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:50:07.0262 0356  Netman - ok
17:50:07.0308 0356  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:50:07.0308 0356  netprofm - ok
17:50:07.0355 0356  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:07.0355 0356  NetTcpPortSharing - ok
17:50:07.0386 0356  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:50:07.0386 0356  nfrd960 - ok
17:50:07.0433 0356  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:50:07.0433 0356  NlaSvc - ok
17:50:07.0527 0356  [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:50:07.0527 0356  NMIndexingService - ok
17:50:07.0574 0356  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:50:07.0574 0356  Npfs - ok
17:50:07.0620 0356  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:50:07.0620 0356  nsi - ok
17:50:07.0652 0356  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:50:07.0652 0356  nsiproxy - ok
17:50:07.0745 0356  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:50:07.0745 0356  Ntfs - ok
17:50:07.0792 0356  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:50:07.0792 0356  ntrigdigi - ok
17:50:07.0823 0356  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:50:07.0823 0356  Null - ok
17:50:07.0839 0356  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:50:07.0854 0356  nvraid - ok
17:50:07.0870 0356  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:50:07.0870 0356  nvstor - ok
17:50:07.0886 0356  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:50:07.0886 0356  nv_agp - ok
17:50:07.0901 0356  NwlnkFlt - ok
17:50:07.0901 0356  NwlnkFwd - ok
17:50:08.0010 0356  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:50:08.0010 0356  odserv - ok
17:50:08.0042 0356  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:50:08.0042 0356  ohci1394 - ok
17:50:08.0088 0356  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:50:08.0088 0356  ose - ok
17:50:08.0151 0356  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:50:08.0151 0356  p2pimsvc - ok
17:50:08.0182 0356  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:50:08.0182 0356  p2psvc - ok
17:50:08.0213 0356  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:50:08.0213 0356  Parport - ok
17:50:08.0276 0356  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:50:08.0276 0356  partmgr - ok
17:50:08.0291 0356  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:50:08.0291 0356  Parvdm - ok
17:50:08.0322 0356  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:50:08.0338 0356  PcaSvc - ok
17:50:08.0369 0356  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:50:08.0369 0356  pci - ok
17:50:08.0416 0356  [ 3B1901E401473E03EB8C874271E50C26 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:50:08.0416 0356  pciide - ok
17:50:08.0463 0356  [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:50:08.0463 0356  pcmcia - ok
17:50:08.0510 0356  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:50:08.0510 0356  PEAUTH - ok
17:50:08.0603 0356  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:50:08.0619 0356  pla - ok
17:50:08.0650 0356  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:50:08.0666 0356  PlugPlay - ok
17:50:08.0697 0356  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:50:08.0697 0356  PNRPAutoReg - ok
17:50:08.0728 0356  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:50:08.0728 0356  PNRPsvc - ok
17:50:08.0759 0356  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:50:08.0775 0356  PolicyAgent - ok
17:50:08.0822 0356  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:50:08.0822 0356  PptpMiniport - ok
17:50:08.0853 0356  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
17:50:08.0853 0356  Processor - ok
17:50:08.0868 0356  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:50:08.0884 0356  ProfSvc - ok
17:50:08.0900 0356  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:50:08.0900 0356  ProtectedStorage - ok
17:50:08.0946 0356  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:50:08.0946 0356  PSched - ok
17:50:08.0978 0356  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:50:08.0978 0356  PxHelp20 - ok
17:50:09.0024 0356  [ A5D52C11EFF8B133432D98B2C2A4AEE6 ] QCMerced        C:\Windows\system32\DRIVERS\LVCM.sys
17:50:09.0024 0356  QCMerced - ok
17:50:09.0071 0356  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:50:09.0087 0356  ql2300 - ok
17:50:09.0102 0356  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:50:09.0102 0356  ql40xx - ok
17:50:09.0149 0356  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:50:09.0149 0356  QWAVE - ok
17:50:09.0196 0356  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:50:09.0196 0356  QWAVEdrv - ok
17:50:09.0243 0356  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:50:09.0243 0356  RasAcd - ok
17:50:09.0290 0356  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:50:09.0290 0356  RasAuto - ok
17:50:09.0321 0356  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:50:09.0321 0356  Rasl2tp - ok
17:50:09.0368 0356  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:50:09.0368 0356  RasMan - ok
17:50:09.0399 0356  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:50:09.0399 0356  RasPppoe - ok
17:50:09.0446 0356  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:50:09.0446 0356  RasSstp - ok
17:50:09.0492 0356  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:50:09.0492 0356  rdbss - ok
17:50:09.0539 0356  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:50:09.0539 0356  RDPCDD - ok
17:50:09.0586 0356  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:50:09.0586 0356  rdpdr - ok
17:50:09.0602 0356  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:50:09.0602 0356  RDPENCDD - ok
17:50:09.0648 0356  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:50:09.0648 0356  RDPWD - ok
17:50:09.0680 0356  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:50:09.0680 0356  RemoteAccess - ok
17:50:09.0726 0356  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:50:09.0726 0356  RemoteRegistry - ok
17:50:09.0758 0356  [ F17713D108ACA124A139FDE877EEF68A ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
17:50:09.0758 0356  RimUsb - ok
17:50:09.0804 0356  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:50:09.0804 0356  RpcLocator - ok
17:50:09.0851 0356  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:50:09.0867 0356  RpcSs - ok
17:50:09.0898 0356  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:50:09.0898 0356  rspndr - ok
17:50:09.0914 0356  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:50:09.0914 0356  SamSs - ok
17:50:09.0960 0356  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:50:09.0960 0356  SASDIFSV - ok
17:50:09.0976 0356  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:50:09.0976 0356  SASKUTIL - ok
17:50:10.0007 0356  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:50:10.0023 0356  sbp2port - ok
17:50:10.0054 0356  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:50:10.0054 0356  SCardSvr - ok
17:50:10.0101 0356  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:50:10.0116 0356  Schedule - ok
17:50:10.0148 0356  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:50:10.0148 0356  SCPolicySvc - ok
17:50:10.0179 0356  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:50:10.0179 0356  sdbus - ok
17:50:10.0226 0356  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:50:10.0226 0356  SDRSVC - ok
17:50:10.0288 0356  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:50:10.0288 0356  SeaPort - ok
17:50:10.0335 0356  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:50:10.0335 0356  secdrv - ok
17:50:10.0382 0356  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:50:10.0382 0356  seclogon - ok
17:50:10.0397 0356  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:50:10.0397 0356  SENS - ok
17:50:10.0428 0356  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:50:10.0428 0356  Serenum - ok
17:50:10.0444 0356  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:50:10.0444 0356  Serial - ok
17:50:10.0460 0356  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:50:10.0460 0356  sermouse - ok
17:50:10.0506 0356  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:50:10.0522 0356  SessionEnv - ok
17:50:10.0538 0356  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:50:10.0538 0356  sffdisk - ok
17:50:10.0584 0356  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:50:10.0584 0356  sffp_mmc - ok
17:50:10.0616 0356  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:50:10.0616 0356  sffp_sd - ok
17:50:10.0616 0356  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:50:10.0631 0356  sfloppy - ok
17:50:10.0662 0356  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:50:10.0678 0356  SharedAccess - ok
17:50:10.0709 0356  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:50:10.0709 0356  ShellHWDetection - ok
17:50:10.0740 0356  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:50:10.0740 0356  sisagp - ok
17:50:10.0756 0356  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:50:10.0756 0356  SiSRaid2 - ok
17:50:10.0787 0356  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:50:10.0787 0356  SiSRaid4 - ok
17:50:10.0928 0356  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:50:10.0959 0356  slsvc - ok
17:50:10.0990 0356  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:50:10.0990 0356  SLUINotify - ok
17:50:11.0021 0356  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:50:11.0021 0356  Smb - ok
17:50:11.0052 0356  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:50:11.0052 0356  SNMPTRAP - ok
17:50:11.0099 0356  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:50:11.0099 0356  spldr - ok
17:50:11.0130 0356  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:50:11.0146 0356  Spooler - ok
17:50:11.0193 0356  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\system32\Drivers\sptd.sys
17:50:11.0193 0356  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
17:50:11.0193 0356  sptd ( LockedFile.Multi.Generic ) - warning
17:50:11.0193 0356  sptd - detected LockedFile.Multi.Generic (1)
17:50:11.0224 0356  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:50:11.0240 0356  srv - ok
17:50:11.0286 0356  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:50:11.0286 0356  srv2 - ok
17:50:11.0302 0356  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:50:11.0302 0356  srvnet - ok
17:50:11.0364 0356  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:50:11.0364 0356  SSDPSRV - ok
17:50:11.0411 0356  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:50:11.0427 0356  SstpSvc - ok
17:50:11.0474 0356  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:50:11.0474 0356  stisvc - ok
17:50:11.0489 0356  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:50:11.0489 0356  swenum - ok
17:50:11.0552 0356  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:50:11.0552 0356  swprv - ok
17:50:11.0567 0356  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:50:11.0583 0356  Symc8xx - ok
17:50:11.0598 0356  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:50:11.0598 0356  Sym_hi - ok
17:50:11.0630 0356  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:50:11.0630 0356  Sym_u3 - ok
17:50:11.0661 0356  [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:50:11.0676 0356  SynTP - ok
17:50:11.0723 0356  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:50:11.0723 0356  SysMain - ok
17:50:11.0786 0356  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:50:11.0786 0356  TabletInputService - ok
17:50:11.0832 0356  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:50:11.0832 0356  TapiSrv - ok
17:50:11.0864 0356  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:50:11.0864 0356  TBS - ok
17:50:11.0926 0356  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:50:11.0942 0356  Tcpip - ok
17:50:11.0973 0356  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:50:11.0973 0356  Tcpip6 - ok
17:50:12.0020 0356  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:50:12.0020 0356  tcpipreg - ok
17:50:12.0035 0356  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:50:12.0035 0356  TDPIPE - ok
17:50:12.0066 0356  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:50:12.0066 0356  TDTCP - ok
17:50:12.0098 0356  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:50:12.0098 0356  tdx - ok
17:50:12.0129 0356  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:50:12.0129 0356  TermDD - ok
17:50:12.0191 0356  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:50:12.0191 0356  TermService - ok
17:50:12.0222 0356  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:50:12.0222 0356  Themes - ok
17:50:12.0238 0356  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:50:12.0238 0356  THREADORDER - ok
17:50:12.0285 0356  [ F779BA4CD37963AB4600C9871B7752A3 ] tifm21          C:\Windows\system32\drivers\tifm21.sys
17:50:12.0285 0356  tifm21 - ok
17:50:12.0363 0356  [ E6A7A8FDE1CD4DD943A5EA7437CFC5C0 ] TosCoSrv        C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
17:50:12.0378 0356  TosCoSrv - ok
17:50:12.0410 0356  [ 76148C3159718B701252F87B067904A6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:50:12.0410 0356  TOSHIBA Bluetooth Service - ok
17:50:12.0441 0356  [ B758FDA2E4389DC41688E4B8CEE832A0 ] tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
17:50:12.0456 0356  tosrfbd - ok
17:50:12.0472 0356  [ 5BA1CA3B3CDDB1DDC67DF473F05D1EC2 ] Tosrfcom        C:\Windows\system32\drivers\Tosrfcom.sys
17:50:12.0472 0356  Tosrfcom - ok
17:50:12.0488 0356  [ 5C4103544612E5011EF46301B93D1AA6 ] tosrfec         C:\Windows\system32\DRIVERS\tosrfec.sys
17:50:12.0488 0356  tosrfec - ok
17:50:12.0534 0356  [ 28099A4E52148319AFA685D93A2244D0 ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:50:12.0534 0356  Tosrfhid - ok
17:50:12.0566 0356  [ 20CC46C5D3326122E1A0A8C9DAD00E0D ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
17:50:12.0566 0356  Tosrfusb - ok
17:50:12.0612 0356  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:50:12.0612 0356  TrkWks - ok
17:50:12.0675 0356  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:50:12.0675 0356  TrustedInstaller - ok
17:50:12.0722 0356  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:12.0722 0356  tssecsrv - ok
17:50:12.0753 0356  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:50:12.0753 0356  tunmp - ok
17:50:12.0800 0356  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:50:12.0800 0356  tunnel - ok
17:50:12.0846 0356  [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:50:12.0846 0356  TVALZ - ok
17:50:12.0878 0356  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:50:12.0878 0356  uagp35 - ok
17:50:12.0909 0356  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:50:12.0909 0356  udfs - ok
17:50:12.0971 0356  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:50:12.0971 0356  UI0Detect - ok
17:50:12.0987 0356  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:50:12.0987 0356  uliagpkx - ok
17:50:13.0034 0356  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:50:13.0034 0356  uliahci - ok
17:50:13.0065 0356  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:50:13.0065 0356  UlSata - ok
17:50:13.0080 0356  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:50:13.0080 0356  ulsata2 - ok
17:50:13.0127 0356  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:50:13.0127 0356  umbus - ok
17:50:13.0174 0356  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:50:13.0174 0356  upnphost - ok
17:50:13.0221 0356  [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:50:13.0221 0356  USBAAPL - ok
17:50:13.0268 0356  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:50:13.0268 0356  usbaudio - ok
17:50:13.0314 0356  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:13.0314 0356  usbccgp - ok
17:50:13.0361 0356  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:50:13.0361 0356  usbcir - ok
17:50:13.0392 0356  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:50:13.0392 0356  usbehci - ok
17:50:13.0424 0356  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:50:13.0424 0356  usbhub - ok
17:50:13.0455 0356  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:50:13.0455 0356  usbohci - ok
17:50:13.0470 0356  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
17:50:13.0470 0356  usbprint - ok
17:50:13.0502 0356  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:13.0502 0356  USBSTOR - ok
17:50:13.0533 0356  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:13.0533 0356  usbuhci - ok
17:50:13.0564 0356  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:50:13.0580 0356  UxSms - ok
17:50:13.0626 0356  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:50:13.0626 0356  vds - ok
17:50:13.0658 0356  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:13.0658 0356  vga - ok
17:50:13.0689 0356  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:50:13.0689 0356  VgaSave - ok
17:50:13.0720 0356  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:50:13.0720 0356  viaagp - ok
17:50:13.0736 0356  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:50:13.0736 0356  ViaC7 - ok
17:50:13.0751 0356  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:50:13.0751 0356  viaide - ok
17:50:13.0782 0356  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:50:13.0782 0356  volmgr - ok
17:50:13.0829 0356  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:50:13.0829 0356  volmgrx - ok
17:50:13.0892 0356  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:50:13.0892 0356  volsnap - ok
17:50:13.0923 0356  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:50:13.0923 0356  vsmraid - ok
17:50:14.0001 0356  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:50:14.0016 0356  VSS - ok
17:50:14.0048 0356  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:50:14.0048 0356  W32Time - ok
17:50:14.0079 0356  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:50:14.0079 0356  WacomPen - ok
17:50:14.0110 0356  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:50:14.0110 0356  Wanarp - ok
17:50:14.0126 0356  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:50:14.0126 0356  Wanarpv6 - ok
17:50:14.0172 0356  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:50:14.0188 0356  wcncsvc - ok
17:50:14.0219 0356  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:14.0219 0356  WcsPlugInService - ok
17:50:14.0250 0356  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:50:14.0266 0356  Wd - ok
17:50:14.0313 0356  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:50:14.0328 0356  Wdf01000 - ok
17:50:14.0360 0356  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:50:14.0375 0356  WdiServiceHost - ok
17:50:14.0375 0356  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:50:14.0391 0356  WdiSystemHost - ok
17:50:14.0422 0356  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:50:14.0422 0356  WebClient - ok
17:50:14.0484 0356  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:50:14.0484 0356  Wecsvc - ok
17:50:14.0516 0356  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:50:14.0516 0356  wercplsupport - ok
17:50:14.0547 0356  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:50:14.0562 0356  WerSvc - ok
17:50:14.0625 0356  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:50:14.0625 0356  WinDefend - ok
17:50:14.0640 0356  WinHttpAutoProxySvc - ok
17:50:14.0687 0356  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:50:14.0703 0356  Winmgmt - ok
17:50:14.0765 0356  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:50:14.0781 0356  WinRM - ok
17:50:14.0843 0356  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:50:14.0843 0356  Wlansvc - ok
17:50:14.0874 0356  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:50:14.0874 0356  WmiAcpi - ok
17:50:14.0906 0356  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:50:14.0906 0356  wmiApSrv - ok
17:50:14.0984 0356  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:50:14.0984 0356  WMPNetworkSvc - ok
17:50:15.0015 0356  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:50:15.0015 0356  WPCSvc - ok
17:50:15.0046 0356  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:50:15.0046 0356  WPDBusEnum - ok
17:50:15.0093 0356  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:50:15.0093 0356  WpdUsb - ok
17:50:15.0218 0356  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:50:15.0218 0356  WPFFontCache_v0400 - ok
17:50:15.0249 0356  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:50:15.0249 0356  ws2ifsl - ok
17:50:15.0296 0356  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
17:50:15.0296 0356  wscsvc - ok
17:50:15.0296 0356  WSearch - ok
17:50:15.0420 0356  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:50:15.0436 0356  wuauserv - ok
17:50:15.0483 0356  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:50:15.0483 0356  WudfPf - ok
17:50:15.0514 0356  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:15.0514 0356  WUDFRd - ok
17:50:15.0561 0356  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:50:15.0561 0356  wudfsvc - ok
17:50:15.0576 0356  ================ Scan global ===============================
17:50:15.0608 0356  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:50:15.0670 0356  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:50:15.0686 0356  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
17:50:15.0732 0356  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:50:15.0732 0356  [Global] - ok
17:50:15.0732 0356  ================ Scan MBR ==================================
17:50:15.0748 0356  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:50:16.0060 0356  \Device\Harddisk0\DR0 - ok
17:50:16.0060 0356  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:50:16.0247 0356  \Device\Harddisk1\DR1 - ok
17:50:16.0247 0356  ================ Scan VBR ==================================
17:50:16.0263 0356  [ D3638188E9E3E4FBFE92AD20374BAAE9 ] \Device\Harddisk0\DR0\Partition1
17:50:16.0263 0356  \Device\Harddisk0\DR0\Partition1 - ok
17:50:16.0294 0356  [ 282A420C2F3A5064B0D30766570596D9 ] \Device\Harddisk0\DR0\Partition2
17:50:16.0294 0356  \Device\Harddisk0\DR0\Partition2 - ok
17:50:16.0294 0356  [ 651874EEE7C1243E81F6573C28B53261 ] \Device\Harddisk1\DR1\Partition1
17:50:16.0310 0356  \Device\Harddisk1\DR1\Partition1 - ok
17:50:16.0310 0356  ============================================================
17:50:16.0310 0356  Scan finished
17:50:16.0310 0356  ============================================================
17:50:16.0325 0164  Detected object count: 1
17:50:16.0325 0164  Actual detected object count: 1
17:50:40.0802 0164  C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
17:50:40.0802 0164  HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
17:50:40.0833 0164  HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
17:50:40.0849 0164  C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
17:50:40.0849 0164  sptd ( LockedFile.Multi.Generic ) - User select action: Delete
17:50:47.0120 1936  Deinitialize success
 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Carolyn [Admin rights]
Mode : Scan -- Date : 06/07/2013 17:56:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : yorkyt.exe (cmd.exe /c start C:\Users\Carolyn\Desktop\yorkyt.exe) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\RunOnce : 4D308393-5578-4E94-B487-7FB5E0268193 (cmd.exe /C start /D "C:\Users\Carolyn\AppData\Local\Temp" /B 4D308393-5578-4E94-B487-7FB5E0268193.exe -postboot) [x] -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] 53cd9f8c160c987abda150e45b132dbd
[BSP] 0154306f8c8af1ff7e1b27b9d6d546d2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 64578 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 135329792 | Size: 10240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Mass Storage Device USB Device +++++
--- User ---
[MBR] 0db16a93b2fa46b7fe3e1f4ce97e9857
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30531 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_06072013_02d1756.txt >>
RKreport[1]_S_06072013_02d1756.txt

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Carolyn [Admin rights]
Mode : Remove -- Date : 06/07/2013 17:57:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\RunOnce : yorkyt.exe (cmd.exe /c start C:\Users\Carolyn\Desktop\yorkyt.exe) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\RunOnce : 4D308393-5578-4E94-B487-7FB5E0268193 (cmd.exe /C start /D "C:\Users\Carolyn\AppData\Local\Temp" /B 4D308393-5578-4E94-B487-7FB5E0268193.exe -postboot) [x] -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8037GSX ATA Device +++++
--- User ---
[MBR] 53cd9f8c160c987abda150e45b132dbd
[BSP] 0154306f8c8af1ff7e1b27b9d6d546d2 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 64578 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 135329792 | Size: 10240 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Mass Storage Device USB Device +++++
--- User ---
[MBR] 0db16a93b2fa46b7fe3e1f4ce97e9857
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8192 | Size: 30531 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06072013_02d1757.txt >>
RKreport[1]_S_06072013_02d1756.txt ; RKreport[2]_D_06072013_02d1757.txt

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode
User : Carolyn [Admin rights]
Mode : Shortcuts HJfix -- Date : 06/07/2013 17:59:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 155 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 88 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume4 -- 0x2 --> Restored

Finished : << RKreport[3]_SC_06072013_02d1759.txt >>
RKreport[1]_S_06072013_02d1756.txt ; RKreport[2]_D_06072013_02d1757.txt ; RKreport[3]_SC_06072013_02d1759.txt



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 07 June 2013 - 06:32 PM

very good,

there are a couple more scans I would like you to run just to make certain there are no leftovers,

Please run the following:

Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
NEXT
  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 ryanwills

ryanwills
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 08 June 2013 - 10:45 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Carolyn on 07/06/2013 at 21:01:45.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Carolyn\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Carolyn\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Carolyn\appdata\local\wondershare"
Successfully deleted: [Folder] "C:\Program Files\pc speed up"
Successfully deleted: [Folder] "C:\Program Files\wondershare"
Successfully deleted: [Folder] "C:\Program Files\Common Files\Wondershare"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/06/2013 at 21:03:35.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

# AdwCleaner v2.302 - Logfile created 06/07/2013 at 21:05:06
# Updated 06/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Carolyn - RYANANDMELISSA
# Boot Mode : Normal
# Running from : C:\Users\Carolyn\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Carolyn\AppData\Local\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Carolyn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1790 octets] - [07/06/2013 21:05:06]

########## EOF - C:\AdwCleaner[S1].txt - [1850 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.07.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carolyn :: RYANANDMELISSA [administrator]

07/06/2013 9:18:39 PM
mbam-log-2013-06-07 (21-18-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203357
Time elapsed: 10 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

C:\Users\Carolyn\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe multiple threats
 



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:59 PM

Posted 08 June 2013 - 06:44 PM

I would consider removing FrostWire from your computer. Peer to Peer and torrents are a certain way to get infected as you can't rely on the source of the files. (remove BitTorrent as well)

Please do the following:


Visit ADOBE and download the latest version of Acrobat Reader (version XI)
Having the latest updates ensures there are no security vulnerabilities in your system.
Decline any additional installs that may be offered.

NEXT

javaicon.jpg
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.
  • Scroll down to where it says Java SE 7u21
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u21-windows-i586.exe to install the newest version.
  • Decline any additional installs that may be offered.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are three options in the window to clear the cache - Leave these two Checked

      • Trace and Log Files
        Cached Applications and Applets
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.
NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users