Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Vista BOX has virus..


  • This topic is locked This topic is locked
18 replies to this topic

#1 Weaver1

Weaver1

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 10:44 AM

I have a couple of post dealing with what seems like a virus that has infected multiple systems.

 

This is a spare parts box that I built to get my family back online however it to seems to have been infected.

 

DDS log as of 8:42 arizona time 6/5/2013

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16483
Run by HomeOffice at 8:42:54 on 2013-06-05
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.1022.89 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0B256F45-033B-44B2-84C6-EAA006B02657} : DHCPNameServer = 192.168.1.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-4 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-4 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-4 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-4 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-4 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-4 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-4 46808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-05 14:45:44 0 ----a-w- c:\windows\system32\w32apiw.dll
2013-06-05 14:45:21 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-05 05:39:04 -------- d-----w- c:\users\homeoffice\appdata\local\temp
2013-06-05 05:30:13 98816 ----a-w- c:\windows\sed.exe
2013-06-05 05:30:13 256000 ----a-w- c:\windows\PEV.exe
2013-06-05 05:30:13 208896 ----a-w- c:\windows\MBR.exe
2013-06-05 05:06:07 -------- d-----w- c:\windows\system32\appmgmt
2013-06-05 05:01:23 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-05 05:01:23 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-05 05:01:23 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-05 05:01:23 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-05 05:00:53 41664 ----a-w- c:\windows\avastSS.scr
2013-06-05 05:00:34 -------- d-----w- c:\program files\AVAST Software
2013-06-05 05:00:12 -------- d-----w- c:\programdata\AVAST Software
2013-06-05 04:23:59 -------- d-----w- c:\program files\Windows Portable Devices
2013-06-05 04:04:55 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-05 04:04:54 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-06-05 04:04:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-06-05 03:58:51 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-06-05 03:58:47 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{482d6e8c-f03b-4707-b452-32da5fd6eeea}\mpengine.dll
2013-06-05 03:58:46 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-05 03:56:44 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-05 03:56:44 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-05 03:56:44 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-05 03:42:59 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-06-05 03:41:45 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-06-05 03:41:45 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-05 03:41:45 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-06-05 03:41:45 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-06-05 03:41:45 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-06-05 03:41:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-05 03:41:44 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-05 03:38:21 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-06-05 03:38:21 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-06-05 03:38:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-05 03:38:20 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-06-05 03:38:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-06-05 03:34:19 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2013-06-05 03:21:38 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2013-06-05 03:20:27 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2013-06-05 03:19:23 105984 ----a-w- c:\windows\system32\netiohlp.dll
2013-06-05 03:19:22 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2013-06-05 03:19:22 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2013-06-05 03:19:22 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2013-06-05 03:19:22 19968 ----a-w- c:\windows\system32\ARP.EXE
2013-06-05 03:19:22 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2013-06-05 03:19:22 17920 ----a-w- c:\windows\system32\netevent.dll
2013-06-05 03:19:22 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2013-06-05 03:19:22 10240 ----a-w- c:\windows\system32\finger.exe
2013-06-05 03:19:01 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2013-06-05 03:19:01 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-06-05 03:17:59 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-06-05 03:16:59 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-06-05 03:08:46 -------- d-----w- c:\users\homeoffice\appdata\roaming\nCleaner
2013-06-05 03:08:41 -------- d-----w- c:\program files\NKProds
2013-06-05 03:08:14 -------- d-----w- c:\windows\pss
2013-06-05 03:07:00 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-06-05 03:05:48 -------- d-----w- c:\program files\CCleaner
2013-06-05 02:53:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-06-05 02:53:55 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-06-05 02:53:54 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-06-05 02:53:54 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-04 16:07:55 -------- d-----w- c:\users\homeoffice\appdata\local\Google
2013-06-04 16:07:50 -------- d-----w- c:\users\homeoffice\appdata\local\Deployment
2013-06-04 16:07:50 -------- d-----w- c:\users\homeoffice\appdata\local\Apps
2013-06-04 16:04:06 -------- d-----w- c:\program files\Realtek
2013-06-04 15:49:41 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2013-06-04 15:36:15 -------- d-----w- C:\dell
2013-06-04 15:19:47 -------- d-sh--w- c:\windows\Installer
2013-06-04 15:19:41 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-06-04 15:19:29 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2013-06-04 15:19:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2013-06-04 15:19:22 57960 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-04 15:19:03 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-06-04 15:18:36 -------- d-----w- c:\program files\NVIDIA Corporation
2013-06-04 03:21:37 -------- d-----w- c:\windows\Panther
2013-06-04 03:21:22 -------- d-----w- C:\Boot
2013-06-04 03:21:03 -------- d-----w- c:\windows\system32\OEM
.
==================== Find3M  ====================
.
2013-06-05 03:43:01 161792 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 03:43:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-06-05 03:43:00 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-05 03:43:00 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 03:43:00 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-05 03:43:00 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-06-05 03:43:00 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 03:43:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 03:43:00 367104 ----a-w- c:\windows\system32\html.iec
2013-06-05 03:43:00 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 03:43:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 03:41:45 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-03-11 13:25:50 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-11 13:25:50 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-09 03:45:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-09 01:28:08 64000 ----a-w- c:\windows\system32\smss.exe
2013-03-08 03:53:50 376320 ----a-w- c:\windows\system32\winsrv.dll
2013-03-08 03:52:22 2067968 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH:  8:43:17.85 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 10:45 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Business 
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2013 7:24:17 PM
System Uptime: 6/5/2013 7:06:24 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0P301D
Processor: Intel® Core™2 CPU          4400  @ 2.00GHz | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 14.981 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 74 GiB total, 58.379 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_02851028&REV_00\3&11583659&0&FB
Manufacturer: 
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_3A30&SUBSYS_02851028&REV_00\3&11583659&0&FB
Service: 
.
==== System Restore Points ===================
.
RP11: 6/4/2013 8:51:16 AM - Removed Realtek Ethernet Diagnostic Utility
.
==== Installed Programs ======================
.
avast! Free Antivirus
CCleaner
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
nCleaner second 2.3.4.0
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Realtek 8169 8168 8101E 8102E Ethernet Driver
.
==== Event Viewer Messages From Past Week ========
.
6/5/2013 7:08:24 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
6/5/2013 7:06:41 AM, Error: EventLog [6008]  - The previous system shutdown at 7:04:39 AM on 6/5/2013 was unexpected.
6/5/2013 7:03:10 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
6/5/2013 6:34:42 AM, Error: EventLog [6008]  - The previous system shutdown at 10:51:45 PM on 6/4/2013 was unexpected.
6/4/2013 8:22:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86.
.
==== End Of File ===========================


#3 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 10:47 AM

Here is the FSS log:

 

Farbar Service Scanner Version: 31-05-2013 01
Ran by HomeOffice (administrator) on 05-06-2013 at 08:46:53
Running from "E:\programs and downloads"
Windows Vista ™ Business Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 05 June 2013 - 12:40 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

The logs are clean. Lets continue.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 01:24 PM

Thank you for the help.... I ran all of thew tools you requested. Combofix did not generate a log. The tool shut the system down then started back up but no log. I did watch it while it was running and it found infections but no log saved. Below are the logs that did generate. I await instructions....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Business x86
Ran by HomeOffice on Wed 06/05/2013 at 11:10:30.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/05/2013 at 11:11:31.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v2.301 - Logfile created 06/05/2013 at 11:08:59
# Updated 16/05/2013 by Xplode
# Operating system : Windows Vista ™ Business Service Pack 2 (32 bits)
# User : HomeOffice - HOMEOFFICE-PC
# Boot Mode : Normal
# Running from : C:\Users\HomeOffice\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16483
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [809 octets] - [05/06/2013 10:48:17]
AdwCleaner[S2].txt - [741 octets] - [05/06/2013 11:08:59]
 
########## EOF - C:\AdwCleaner[S2].txt - [800 octets] ##########
 
 

 Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 nCleaner second 2.3.4.0   
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 

 



#6 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 02:12 PM

So you know I have tried couple different ideas to get combofix running like unistalling avast completely, unistalling and reinstalling combofix on desktop .. and it seems to reboot my system once running and no log to see. I was able to run it before nothing changed as far as setting atleast I have not changed anything other than downloading tools as requested so has to be something remotley hacking my windows sessions??? Anyway again I await your instructions



#7 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 05 June 2013 - 02:44 PM

ran CF in safemode not sure if that helps but it did get a log ...:

 

 

 

ComboFix 13-06-05.02 - HomeOffice 06/05/2013  12:35:16.7.2 - x86 MINIMAL
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.1.1033.18.1022.671 [GMT -7:00]
Running from: c:\users\HomeOffice\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-05 to 2013-06-05  )))))))))))))))))))))))))))))))
.
.
2013-06-05 19:37 . 2013-06-05 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-05 05:01 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-05 05:00 . 2013-06-05 05:00 -------- d-----w- c:\program files\AVAST Software
2013-06-05 05:00 . 2013-06-05 18:08 -------- d-----w- c:\programdata\AVAST Software
2013-06-05 04:40 . 2013-06-05 04:40 -------- d-----w- c:\program files\Microsoft.NET
2013-06-05 04:23 . 2013-06-05 04:23 -------- d-----w- c:\program files\Windows Portable Devices
2013-06-05 04:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-05 04:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2013-06-05 04:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2013-06-05 03:58 . 2013-05-14 08:49 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{482D6E8C-F03B-4707-B452-32DA5FD6EEEA}\mpengine.dll
2013-06-05 03:58 . 2013-05-02 09:06 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-06-05 03:56 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2013-06-05 03:56 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2013-06-05 03:56 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-06-05 03:42 . 2013-06-05 03:42 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-06-05 03:41 . 2013-06-05 03:41 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-06-05 03:41 . 2013-06-05 03:41 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-05 03:41 . 2013-06-05 03:41 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-06-05 03:41 . 2013-06-05 03:41 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-06-05 03:41 . 2013-06-05 03:41 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-06-05 03:41 . 2013-06-05 03:41 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-05 03:41 . 2013-06-05 03:41 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-05 03:38 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-06-05 03:38 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-06-05 03:38 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-06-05 03:38 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-06-05 03:38 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-06-05 03:34 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2013-06-05 03:31 . 2013-06-05 03:31 -------- d-----w- c:\users\UpdatusUser
2013-06-05 03:21 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2013-06-05 03:20 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2013-06-05 03:19 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2013-06-05 03:19 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2013-06-05 03:19 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2013-06-05 03:19 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2013-06-05 03:19 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2013-06-05 03:19 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2013-06-05 03:19 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2013-06-05 03:19 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2013-06-05 03:19 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2013-06-05 03:19 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-06-05 03:19 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2013-06-05 03:17 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2013-06-05 03:16 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-06-05 03:08 . 2013-06-05 03:08 -------- d-----w- c:\program files\NKProds
2013-06-05 03:07 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2013-06-05 03:05 . 2013-06-05 03:05 -------- d-----w- c:\program files\CCleaner
2013-06-05 02:53 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2013-06-05 02:53 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2013-06-05 02:53 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2013-06-05 02:53 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-06-05 02:53 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2013-06-05 02:53 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2013-06-05 02:53 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-06-05 02:53 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-06-05 02:53 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-06-04 16:21 . 2013-06-04 16:21 -------- d-----w- c:\program files\ImgBurn
2013-06-04 16:07 . 2013-06-05 05:06 -------- d-----w- c:\program files\Google
2013-06-04 16:04 . 2013-06-04 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2013-06-04 16:04 . 2013-06-04 16:04 -------- d-----w- c:\program files\Realtek
2013-06-04 15:49 . 2009-07-20 17:26 27648 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys
2013-06-04 15:36 . 2013-06-04 15:36 -------- d-----w- C:\dell
2013-06-04 15:21 . 2013-06-05 19:24 -------- d-----w- c:\programdata\NVIDIA
2013-06-04 15:19 . 2013-06-05 05:06 -------- d-sh--w- c:\windows\Installer
2013-06-04 15:19 . 2013-06-04 15:19 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-06-04 15:19 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2013-06-04 15:19 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2013-06-04 15:19 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-04 15:19 . 2013-02-26 07:22 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-06-04 15:18 . 2013-06-05 03:31 -------- d-----w- c:\program files\NVIDIA Corporation
2013-06-04 03:25 . 2013-06-05 03:39 -------- d-----w- c:\users\HomeOffice
2013-06-04 03:21 . 2013-06-05 04:27 -------- d-----w- c:\windows\Panther
2013-06-04 03:21 . 2013-06-05 17:49 -------- d-----w- c:\windows\Debug
2013-06-04 03:21 . 2013-06-04 03:21 -------- d-----w- C:\Boot
2013-06-04 03:21 . 2013-06-04 03:21 -------- d-----w- c:\windows\system32\OEM
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-05 03:41 . 2013-06-05 03:41 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 13:19 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ   PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 03:16 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-04 16:07]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-04 16:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 12:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-06-05  12:38:35
ComboFix-quarantined-files.txt  2013-06-05 19:38
ComboFix2.txt  2013-06-05 19:33
ComboFix3.txt  2013-06-05 05:39
.
Pre-Run: 14,967,250,944 bytes free
Post-Run: 14,926,163,968 bytes free
.
- - End Of File - - 3C437674931B98B839DFDB81FB919794


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 06 June 2013 - 08:05 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    Download OTL to your desktop.
    Double click on the icon to run it.
    Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
  • netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT


    Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Post both logs DO NOT ATTACH THEM.


#9 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 June 2013 - 10:17 AM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : HomeOffice [Admin rights]
Mode : Remove -- Date : 06/06/2013 08:18:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: SanDisk SDSSDRC032G ATA Device +++++
--- User ---
[MBR] b467f0b3c46896491fee6f238fa85226
[BSP] 6a25b4a9e16788f20334e222513e076b : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 30531 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: WDC WD800JD-75MSA3 ATA Device +++++
--- User ---
[MBR] 6456b0db3e5afb09d1e5f353d2c1f3dc
[BSP] 4eafeca3ac04a91b49a69f98c0ad58dc : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_06062013_02d0818.txt >>
RKreport[1]_S_06062013_02d0816.txt ; RKreport[2]_D_06062013_02d0818.txt

Edited by Weaver1, 06 June 2013 - 10:19 AM.


#10 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 June 2013 - 10:31 AM

Only one logs was created... otl.txt.. nothing called "etxras.txt" was created... thanks again for the hard work ....
 
 
OTL logfile created on: 6/6/2013 8:22:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\HomeOffice\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.26 Mb Total Physical Memory | 551.53 Mb Available Physical Memory | 53.95% Memory free
16.58 Gb Paging File | 16.07 Gb Available in Paging File | 96.92% Paging File free
Paging file location(s): e:\pagefile.sys 16000 16000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 29.82 Gb Total Space | 14.05 Gb Free Space | 47.11% Space Free | Partition Type: NTFS
Drive E: | 74.38 Gb Total Space | 58.38 Gb Free Space | 78.49% Space Free | Partition Type: NTFS
 
Computer Name: HOMEOFFICE-PC | User Name: HomeOffice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/06 08:12:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HomeOffice\Desktop\OTL.exe
PRC - [2013/06/06 08:11:30 | 000,816,128 | ---- | M] () -- C:\Users\HomeOffice\Desktop\RogueKiller.exe
PRC - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/01/18 07:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2013/01/18 07:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2009/04/11 06:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtVLAN60.sys -- (VLAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtTeam60.sys -- (TEAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\HOMEOF~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/02/18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2049169822-2191912002-2157948434-1001\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Docs = C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\HomeOffice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/06/05 12:32:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKU\S-1-5-21-2049169822-2191912002-2157948434-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2049169822-2191912002-2157948434-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-2049169822-2191912002-2157948434-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B256F45-033B-44B2-84C6-EAA006B02657}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/06 08:15:39 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\Desktop\RK_Quarantine
[2013/06/06 08:12:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HomeOffice\Desktop\OTL.exe
[2013/06/05 14:15:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/05 14:15:56 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\temp
[2013/06/05 14:15:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/05 10:50:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/05 10:50:44 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/05 10:45:01 | 005,077,544 | R--- | C] (Swearware) -- C:\Users\HomeOffice\Desktop\ComboFix.exe
[2013/06/05 10:44:38 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\HomeOffice\Desktop\JRT.exe
[2013/06/05 10:34:49 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\Desktop\phone move
[2013/06/04 22:30:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/04 22:30:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/04 22:30:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/04 22:29:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/04 22:29:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/04 22:06:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/06/04 22:01:23 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/06/04 22:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/04 22:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/04 21:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/06/04 21:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/06/04 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2013/06/04 21:23:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2013/06/04 21:04:55 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/06/04 21:04:54 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2013/06/04 21:04:54 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2013/06/04 21:03:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2013/06/04 21:03:39 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2013/06/04 21:03:38 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2013/06/04 21:03:37 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2013/06/04 21:03:37 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2013/06/04 21:03:37 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013/06/04 21:03:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2013/06/04 21:03:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2013/06/04 21:03:37 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2013/06/04 20:58:46 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/06/04 20:43:01 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/06/04 20:43:01 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/06/04 20:43:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/04 20:43:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/06/04 20:43:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/04 20:43:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/06/04 20:43:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/06/04 20:43:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/06/04 20:43:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/06/04 20:43:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/04 20:43:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/06/04 20:43:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/04 20:43:00 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/04 20:43:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/06/04 20:43:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/06/04 20:43:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/04 20:43:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/04 20:43:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/04 20:43:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/06/04 20:43:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/04 20:43:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/06/04 20:42:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/04 20:42:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/04 20:42:59 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/04 20:42:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/06/04 20:42:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/06/04 20:42:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/06/04 20:42:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/06/04 20:42:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/04 20:42:59 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/06/04 20:42:59 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/06/04 20:42:59 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/06/04 20:42:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/06/04 20:42:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/06/04 20:42:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/06/04 20:42:59 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/06/04 20:42:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/06/04 20:42:20 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/06/04 20:42:20 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2013/06/04 20:42:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2013/06/04 20:42:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2013/06/04 20:42:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013/06/04 20:42:20 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013/06/04 20:42:20 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/06/04 20:42:19 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/06/04 20:42:19 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/06/04 20:42:19 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/06/04 20:42:19 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013/06/04 20:42:18 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013/06/04 20:42:18 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/06/04 20:42:18 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/06/04 20:42:18 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013/06/04 20:42:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013/06/04 20:42:18 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/06/04 20:42:18 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/06/04 20:42:18 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/06/04 20:42:18 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/06/04 20:42:18 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013/06/04 20:41:45 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/06/04 20:41:45 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/06/04 20:41:45 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/06/04 20:41:45 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2013/06/04 20:41:45 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013/06/04 20:41:45 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/06/04 20:38:21 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2013/06/04 20:38:21 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2013/06/04 20:38:20 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2013/06/04 20:34:19 | 000,675,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpprefcl.dll
[2013/06/04 20:24:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2013/06/04 20:24:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/06/04 20:24:08 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/06/04 20:24:08 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/06/04 20:24:08 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/06/04 20:24:08 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/06/04 20:24:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/06/04 20:21:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2013/06/04 20:21:34 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2013/06/04 20:21:34 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2013/06/04 20:21:34 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2013/06/04 20:21:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2013/06/04 20:21:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2013/06/04 20:21:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2013/06/04 20:21:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2013/06/04 20:21:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2013/06/04 20:21:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2013/06/04 20:21:31 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2013/06/04 20:21:29 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2013/06/04 20:21:29 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2013/06/04 20:21:29 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2013/06/04 20:21:29 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2013/06/04 20:21:29 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2013/06/04 20:21:03 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/06/04 20:21:03 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/06/04 20:21:02 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/06/04 20:21:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/06/04 20:20:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013/06/04 20:20:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013/06/04 20:20:26 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013/06/04 20:20:26 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013/06/04 20:20:26 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013/06/04 20:20:26 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013/06/04 20:20:26 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013/06/04 20:20:26 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013/06/04 20:20:26 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013/06/04 20:20:23 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/06/04 20:20:05 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/06/04 20:20:05 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/06/04 20:19:23 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2013/06/04 20:19:22 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2013/06/04 20:19:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2013/06/04 20:19:22 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2013/06/04 20:19:22 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013/06/04 20:19:22 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2013/06/04 20:19:22 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2013/06/04 20:19:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2013/06/04 20:18:53 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2013/06/04 20:18:53 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/06/04 20:18:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013/06/04 20:18:51 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/04 20:18:51 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/04 20:18:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/06/04 20:18:45 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2013/06/04 20:18:32 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2013/06/04 20:18:24 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2013/06/04 20:18:24 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2013/06/04 20:18:24 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2013/06/04 20:18:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2013/06/04 20:18:23 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/06/04 20:18:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2013/06/04 20:18:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2013/06/04 20:18:12 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2013/06/04 20:18:12 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2013/06/04 20:18:05 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/06/04 20:17:52 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2013/06/04 20:17:52 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2013/06/04 20:17:45 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2013/06/04 20:17:41 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2013/06/04 20:17:41 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2013/06/04 20:17:41 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2013/06/04 20:17:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/06/04 20:17:32 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/06/04 20:17:24 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013/06/04 20:17:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2013/06/04 20:17:18 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2013/06/04 20:17:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013/06/04 20:17:17 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013/06/04 20:17:17 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2013/06/04 20:17:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2013/06/04 20:17:12 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2013/06/04 20:17:11 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2013/06/04 20:17:10 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2013/06/04 20:17:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/06/04 20:17:02 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2013/06/04 20:17:02 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2013/06/04 20:17:02 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2013/06/04 20:16:59 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2013/06/04 20:16:55 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/06/04 20:16:55 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/06/04 20:16:54 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2013/06/04 20:16:54 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2013/06/04 20:16:46 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2013/06/04 20:16:43 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/06/04 20:16:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2013/06/04 20:16:33 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/06/04 20:16:32 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013/06/04 20:16:27 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2013/06/04 20:16:27 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2013/06/04 20:16:26 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2013/06/04 20:16:26 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2013/06/04 20:16:24 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2013/06/04 20:16:08 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2013/06/04 20:16:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2013/06/04 20:16:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2013/06/04 20:16:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2013/06/04 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Roaming\nCleaner
[2013/06/04 20:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\NKProds
[2013/06/04 20:08:41 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nCleaner
[2013/06/04 20:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nCleaner
[2013/06/04 20:08:14 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/04 20:06:45 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/06/04 20:06:17 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2013/06/04 20:06:15 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013/06/04 20:06:12 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2013/06/04 20:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/06/04 20:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/04 19:53:59 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013/06/04 19:53:59 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013/06/04 19:53:55 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013/06/04 19:53:55 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013/06/04 19:53:55 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013/06/04 19:53:54 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013/06/04 19:53:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/06/04 09:23:34 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Roaming\ImgBurn
[2013/06/04 09:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/06/04 09:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2013/06/04 09:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/04 09:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/06/04 09:07:55 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\Google
[2013/06/04 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\Deployment
[2013/06/04 09:07:50 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\Apps
[2013/06/04 09:04:06 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2013/06/04 09:04:06 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/06/04 08:49:41 | 000,027,648 | ---- | C] (Realtek                                            ) -- C:\Windows\System32\drivers\RtNdPt60.sys
[2013/06/04 08:36:15 | 000,000,000 | ---D | C] -- C:\dell
[2013/06/04 08:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/06/04 08:19:47 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/06/04 08:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/06/04 08:19:29 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322090.dll
[2013/06/04 08:19:27 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322040.dll
[2013/06/04 08:19:22 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/06/04 08:19:03 | 002,505,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/06/04 08:19:03 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2013/06/04 08:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/06/03 20:25:20 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/03 20:25:20 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Searches
[2013/06/03 20:25:20 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/03 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Roaming\Identities
[2013/06/03 20:25:13 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Contacts
[2013/06/03 20:25:12 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\VirtualStore
[2013/06/03 20:25:09 | 000,000,000 | --SD | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Videos
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Saved Games
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Pictures
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Music
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Links
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Favorites
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Downloads
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Documents
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\Desktop
[2013/06/03 20:25:09 | 000,000,000 | R--D | C] -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\AppData\Local\Temporary Internet Files
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Templates
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Start Menu
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\SendTo
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Recent
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\PrintHood
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\NetHood
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Documents\My Videos
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Documents\My Pictures
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Documents\My Music
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\My Documents
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Local Settings
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\AppData\Local\History
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Cookies
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\Application Data
[2013/06/03 20:25:09 | 000,000,000 | -HSD | C] -- C:\Users\HomeOffice\AppData\Local\Application Data
[2013/06/03 20:25:09 | 000,000,000 | -H-D | C] -- C:\Users\HomeOffice\AppData
[2013/06/03 20:25:09 | 000,000,000 | ---D | C] -- C:\Users\HomeOffice\AppData\Local\Microsoft
[2013/06/03 20:21:37 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/06/03 20:21:25 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2013/06/03 20:21:22 | 000,000,000 | ---D | C] -- C:\Boot
[2013/06/03 20:21:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
[2013/06/03 19:23:35 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/03 19:22:52 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2013/06/03 19:22:16 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/06/03 19:22:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/06 08:13:49 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/06 08:13:49 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/06 08:12:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HomeOffice\Desktop\OTL.exe
[2013/06/06 08:12:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 08:11:30 | 000,816,128 | ---- | M] () -- C:\Users\HomeOffice\Desktop\RogueKiller.exe
[2013/06/06 08:09:41 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 08:09:41 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 08:09:39 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 08:09:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/05 14:17:24 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/05 12:41:58 | 000,000,938 | ---- | M] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/06/05 12:32:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/05 11:18:26 | 000,890,839 | ---- | M] () -- C:\Users\HomeOffice\Desktop\SecurityCheck.exe
[2013/06/05 10:45:22 | 005,077,544 | R--- | M] (Swearware) -- C:\Users\HomeOffice\Desktop\ComboFix.exe
[2013/06/05 10:44:40 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\HomeOffice\Desktop\JRT.exe
[2013/06/05 10:44:34 | 000,632,031 | ---- | M] () -- C:\Users\HomeOffice\Desktop\adwcleaner.exe
[2013/06/05 10:23:04 | 000,001,995 | ---- | M] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/04 22:01:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/04 21:23:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013/06/04 20:43:12 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2013/06/04 20:43:12 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2013/06/04 20:43:01 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/06/04 20:43:01 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/06/04 20:43:01 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/04 20:43:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/06/04 20:43:00 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/04 20:43:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/06/04 20:43:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/06/04 20:43:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/06/04 20:43:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/06/04 20:43:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/04 20:43:00 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/06/04 20:43:00 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/04 20:43:00 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/04 20:43:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/06/04 20:43:00 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/06/04 20:43:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/04 20:43:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/04 20:43:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/04 20:43:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/06/04 20:43:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/06/04 20:43:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/04 20:43:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/06/04 20:42:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/04 20:42:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/06/04 20:42:59 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/04 20:42:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2013/06/04 20:42:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2013/06/04 20:42:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/06/04 20:42:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/06/04 20:42:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/04 20:42:59 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2013/06/04 20:42:59 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/06/04 20:42:59 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/06/04 20:42:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2013/06/04 20:42:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/06/04 20:42:59 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/06/04 20:42:59 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/06/04 20:42:59 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/06/04 20:42:20 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2013/06/04 20:42:20 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2013/06/04 20:42:20 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2013/06/04 20:42:20 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2013/06/04 20:42:20 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2013/06/04 20:42:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013/06/04 20:42:20 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2013/06/04 20:42:19 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/06/04 20:42:19 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/06/04 20:42:19 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/06/04 20:42:19 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2013/06/04 20:42:18 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2013/06/04 20:42:18 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/06/04 20:42:18 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/06/04 20:42:18 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2013/06/04 20:42:18 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013/06/04 20:42:18 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/06/04 20:42:18 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/06/04 20:42:18 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/06/04 20:42:18 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/06/04 20:42:18 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013/06/04 20:41:45 | 000,519,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/06/04 20:41:45 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/06/04 20:41:45 | 000,321,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013/06/04 20:41:45 | 000,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2013/06/04 20:41:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2013/06/04 20:41:45 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/06/04 20:41:45 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\dxgkrnl.sys.mui
[2013/06/04 20:21:10 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/04 20:08:41 | 000,000,938 | ---- | M] () -- C:\Users\HomeOffice\Desktop\nCleaner.lnk
[2013/06/04 20:05:49 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/04 09:21:25 | 000,001,674 | ---- | M] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/06/04 09:21:25 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/06/04 09:10:20 | 000,000,065 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2013/06/04 08:35:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013/06/04 08:16:06 | 000,000,680 | ---- | M] () -- C:\Users\HomeOffice\AppData\Local\d3d9caps.dat
[2013/06/03 20:21:23 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2013/06/03 19:24:16 | 000,037,612 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/05/09 01:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2013/06/06 08:11:29 | 000,816,128 | ---- | C] () -- C:\Users\HomeOffice\Desktop\RogueKiller.exe
[2013/06/05 14:17:18 | 000,228,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/05 12:41:58 | 000,000,938 | ---- | C] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/06/05 11:18:19 | 000,890,839 | ---- | C] () -- C:\Users\HomeOffice\Desktop\SecurityCheck.exe
[2013/06/05 10:44:31 | 000,632,031 | ---- | C] () -- C:\Users\HomeOffice\Desktop\adwcleaner.exe
[2013/06/04 22:30:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/04 22:30:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/04 22:30:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/04 22:30:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/04 22:30:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/04 21:23:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2013/06/04 20:43:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/06/04 20:24:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/06/04 20:24:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/06/04 20:21:30 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2013/06/04 20:21:30 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2013/06/04 20:21:30 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2013/06/04 20:18:24 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2013/06/04 20:08:41 | 000,000,938 | ---- | C] () -- C:\Users\HomeOffice\Desktop\nCleaner.lnk
[2013/06/04 20:05:49 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/06/04 09:21:25 | 000,001,674 | ---- | C] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/06/04 09:21:25 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013/06/04 09:21:25 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013/06/04 09:08:24 | 000,001,995 | ---- | C] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/04 09:08:24 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/04 09:07:59 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/04 09:07:59 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/04 08:35:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2013/06/04 08:19:29 | 000,013,153 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/06/03 20:25:21 | 000,000,949 | ---- | C] () -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/03 20:25:20 | 000,000,944 | ---- | C] () -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/06/03 20:25:13 | 000,000,915 | ---- | C] () -- C:\Users\HomeOffice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2013/06/03 20:25:10 | 000,000,680 | ---- | C] () -- C:\Users\HomeOffice\AppData\Local\d3d9caps.dat
[2013/06/03 20:25:09 | 000,000,258 | ---- | C] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/06/03 20:25:09 | 000,000,240 | ---- | C] () -- C:\Users\HomeOffice\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/06/03 20:21:23 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2013/06/03 20:21:22 | 000,333,257 | RHS- | C] () -- C:\bootmgr
[2013/06/03 20:21:03 | 000,000,021 | RH-- | C] () -- C:\Windows\dell_version
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:19:56 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:19:45 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/06/04 09:25:27 | 000,000,000 | ---D | M] -- C:\Users\HomeOffice\AppData\Roaming\ImgBurn
[2013/06/04 20:08:46 | 000,000,000 | ---D | M] -- C:\Users\HomeOffice\AppData\Roaming\nCleaner
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2006/11/02 02:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 19:24:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 19:24:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 06:20:16 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 06:19:44 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 06:19:50 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 19:24:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 17:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 06:19:47 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 06:19:45 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 08:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 19:25:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 06:19:34 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 19:24:35 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 06:20:14 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 06:19:55 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 19:25:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 19:24:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 19:24:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 19:24:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 19:25:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 06:19:45 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 07:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 06:19:33 | 000,564,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 19:24:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 06:20:01 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 06:19:47 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 19:24:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 07:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 06:19:32 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2009/04/11 06:20:13 | 000,122,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 06:20:16 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 11:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 06:20:13 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 04:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 06:19:45 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 06:19:41 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 06:20:13 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 06:20:13 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 19:23:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 06:19:40 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 06:20:11 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 06:19:32 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 06:19:58 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 06:20:15 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 15:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 06:19:55 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 12:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 04:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2009/04/11 06:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 06:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:19:56 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
< MD5 for: SERVICES  >
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 14:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/21 20:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/04/11 06:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 06:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 06:20:11 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 05:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 05:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 19:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 19:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 14:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 05:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 05:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 14:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 06:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 06:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:20:12 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 00:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL
 
< End of report >


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 06 June 2013 - 12:23 PM

So far everything looks clean. Let check further.
Let me know what problem is persisting on this computer.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#12 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 June 2013 - 12:37 PM

10:31:45.0304 3924  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:31:45.0320 3924  ============================================================
10:31:45.0320 3924  Current date / time: 2013/06/06 10:31:45.0320
10:31:45.0320 3924  SystemInfo:
10:31:45.0320 3924  
10:31:45.0320 3924  OS Version: 6.0.6002 ServicePack: 2.0
10:31:45.0320 3924  Product type: Workstation
10:31:45.0320 3924  ComputerName: HOMEOFFICE-PC
10:31:45.0320 3924  UserName: HomeOffice
10:31:45.0320 3924  Windows directory: C:\Windows
10:31:45.0320 3924  System windows directory: C:\Windows
10:31:45.0320 3924  Processor architecture: Intel x86
10:31:45.0320 3924  Number of processors: 2
10:31:45.0320 3924  Page size: 0x1000
10:31:45.0320 3924  Boot type: Normal boot
10:31:45.0320 3924  ============================================================
10:31:45.0678 3924  Drive \Device\Harddisk0\DR0 - Size: 0x7745D6000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:31:45.0678 3924  Drive \Device\Harddisk1\DR1 - Size: 0x12A04E9E00 (74.50 Gb), SectorSize: 0x200, Cylinders: 0x25FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:31:45.0694 3924  ============================================================
10:31:45.0694 3924  \Device\Harddisk0\DR0:
10:31:45.0694 3924  MBR partitions:
10:31:45.0694 3924  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3BA1800
10:31:45.0694 3924  \Device\Harddisk1\DR1:
10:31:45.0694 3924  GPT partitions:
10:31:45.0694 3924  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {BBD8AE88-4E20-4F50-AF8C-6115133DBFFD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
10:31:45.0694 3924  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {7BB70BCF-9DC7-446F-AD94-788E36233264}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x94C1800
10:31:45.0694 3924  MBR partitions:
10:31:45.0694 3924  ============================================================
10:31:45.0694 3924  C: <-> \Device\Harddisk0\DR0\Partition1
10:31:45.0741 3924  E: <-> \Device\Harddisk1\DR1\Partition2
10:31:45.0741 3924  ============================================================
10:31:45.0741 3924  Initialize success
10:31:45.0741 3924  ============================================================
10:31:50.0202 3676  ============================================================
10:31:50.0202 3676  Scan started
10:31:50.0202 3676  Mode: Manual; 
10:31:50.0202 3676  ============================================================
10:31:50.0483 3676  ================ Scan system memory ========================
10:31:50.0483 3676  System memory - ok
10:31:50.0483 3676  ================ Scan services =============================
10:31:50.0561 3676  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:31:50.0561 3676  ACPI - ok
10:31:50.0577 3676  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:31:50.0577 3676  adp94xx - ok
10:31:50.0592 3676  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:31:50.0592 3676  adpahci - ok
10:31:50.0608 3676  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:31:50.0608 3676  adpu160m - ok
10:31:50.0624 3676  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:31:50.0624 3676  adpu320 - ok
10:31:50.0624 3676  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:31:50.0639 3676  AeLookupSvc - ok
10:31:50.0639 3676  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
10:31:50.0655 3676  AFD - ok
10:31:50.0655 3676  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:31:50.0655 3676  agp440 - ok
10:31:50.0670 3676  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:31:50.0670 3676  aic78xx - ok
10:31:50.0670 3676  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
10:31:50.0670 3676  ALG - ok
10:31:50.0686 3676  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:31:50.0686 3676  aliide - ok
10:31:50.0686 3676  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:31:50.0686 3676  amdagp - ok
10:31:50.0702 3676  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:31:50.0702 3676  amdide - ok
10:31:50.0702 3676  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
10:31:50.0717 3676  AmdK7 - ok
10:31:50.0717 3676  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:31:50.0717 3676  AmdK8 - ok
10:31:50.0717 3676  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
10:31:50.0717 3676  Appinfo - ok
10:31:50.0733 3676  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:31:50.0733 3676  AppMgmt - ok
10:31:50.0748 3676  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
10:31:50.0748 3676  arc - ok
10:31:50.0748 3676  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:31:50.0748 3676  arcsas - ok
10:31:50.0764 3676  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:31:50.0764 3676  AsyncMac - ok
10:31:50.0764 3676  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:31:50.0764 3676  atapi - ok
10:31:50.0780 3676  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:31:50.0780 3676  AudioEndpointBuilder - ok
10:31:50.0795 3676  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:31:50.0795 3676  Audiosrv - ok
10:31:50.0795 3676  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:31:50.0795 3676  Beep - ok
10:31:50.0811 3676  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
10:31:50.0811 3676  BFE - ok
10:31:50.0826 3676  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
10:31:50.0842 3676  BITS - ok
10:31:50.0858 3676  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:31:50.0858 3676  blbdrive - ok
10:31:50.0858 3676  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:31:50.0858 3676  bowser - ok
10:31:50.0873 3676  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:31:50.0873 3676  BrFiltLo - ok
10:31:50.0873 3676  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:31:50.0873 3676  BrFiltUp - ok
10:31:50.0889 3676  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
10:31:50.0889 3676  Browser - ok
10:31:50.0889 3676  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
10:31:50.0889 3676  Brserid - ok
10:31:50.0904 3676  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:31:50.0904 3676  BrSerWdm - ok
10:31:50.0904 3676  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:31:50.0904 3676  BrUsbMdm - ok
10:31:50.0904 3676  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:31:50.0904 3676  BrUsbSer - ok
10:31:50.0920 3676  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:31:50.0920 3676  BTHMODEM - ok
10:31:50.0936 3676  catchme - ok
10:31:50.0936 3676  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:31:50.0936 3676  cdfs - ok
10:31:50.0951 3676  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:31:50.0951 3676  cdrom - ok
10:31:50.0951 3676  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:31:50.0951 3676  CertPropSvc - ok
10:31:50.0967 3676  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
10:31:50.0967 3676  circlass - ok
10:31:50.0967 3676  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
10:31:50.0967 3676  CLFS - ok
10:31:50.0982 3676  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:31:50.0998 3676  clr_optimization_v2.0.50727_32 - ok
10:31:50.0998 3676  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:31:51.0014 3676  clr_optimization_v4.0.30319_32 - ok
10:31:51.0014 3676  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:31:51.0014 3676  cmdide - ok
10:31:51.0014 3676  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:31:51.0029 3676  Compbatt - ok
10:31:51.0029 3676  COMSysApp - ok
10:31:51.0029 3676  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:31:51.0029 3676  crcdisk - ok
10:31:51.0045 3676  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
10:31:51.0045 3676  Crusoe - ok
10:31:51.0060 3676  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:31:51.0060 3676  CryptSvc - ok
10:31:51.0076 3676  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
10:31:51.0076 3676  CSC - ok
10:31:51.0092 3676  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
10:31:51.0092 3676  CscService - ok
10:31:51.0107 3676  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:31:51.0123 3676  DcomLaunch - ok
10:31:51.0138 3676  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:31:51.0138 3676  DfsC - ok
10:31:51.0138 3676  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:31:51.0138 3676  Dhcp - ok
10:31:51.0154 3676  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
10:31:51.0154 3676  disk - ok
10:31:51.0154 3676  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:31:51.0170 3676  Dnscache - ok
10:31:51.0170 3676  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:31:51.0170 3676  dot3svc - ok
10:31:51.0185 3676  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
10:31:51.0185 3676  DPS - ok
10:31:51.0201 3676  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:31:51.0201 3676  drmkaud - ok
10:31:51.0216 3676  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:31:51.0216 3676  DXGKrnl - ok
10:31:51.0232 3676  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
10:31:51.0232 3676  E1G60 - ok
10:31:51.0248 3676  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
10:31:51.0248 3676  EapHost - ok
10:31:51.0248 3676  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:31:51.0248 3676  Ecache - ok
10:31:51.0263 3676  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:31:51.0263 3676  elxstor - ok
10:31:51.0279 3676  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
10:31:51.0294 3676  EMDMgmt - ok
10:31:51.0294 3676  [ A81AB23EDDB4693612014D87367D014C ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:31:51.0294 3676  ErrDev - ok
10:31:51.0310 3676  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
10:31:51.0326 3676  EventSystem - ok
10:31:51.0326 3676  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
10:31:51.0326 3676  exfat - ok
10:31:51.0341 3676  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:31:51.0341 3676  fastfat - ok
10:31:51.0357 3676  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:31:51.0357 3676  fdc - ok
10:31:51.0357 3676  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:31:51.0357 3676  fdPHost - ok
10:31:51.0357 3676  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:31:51.0372 3676  FDResPub - ok
10:31:51.0372 3676  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:31:51.0372 3676  FileInfo - ok
10:31:51.0372 3676  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:31:51.0388 3676  Filetrace - ok
10:31:51.0388 3676  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:31:51.0388 3676  flpydisk - ok
10:31:51.0404 3676  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:31:51.0404 3676  FltMgr - ok
10:31:51.0419 3676  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
10:31:51.0435 3676  FontCache - ok
10:31:51.0435 3676  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:31:51.0435 3676  FontCache3.0.0.0 - ok
10:31:51.0450 3676  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:31:51.0450 3676  Fs_Rec - ok
10:31:51.0450 3676  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:31:51.0450 3676  gagp30kx - ok
10:31:51.0466 3676  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:31:51.0482 3676  gpsvc - ok
10:31:51.0482 3676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:31:51.0497 3676  gupdate - ok
10:31:51.0497 3676  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:31:51.0497 3676  gupdatem - ok
10:31:51.0513 3676  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:31:51.0513 3676  HdAudAddService - ok
10:31:51.0528 3676  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:31:51.0544 3676  HDAudBus - ok
10:31:51.0544 3676  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:31:51.0544 3676  HidBth - ok
10:31:51.0544 3676  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:31:51.0560 3676  HidIr - ok
10:31:51.0560 3676  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
10:31:51.0560 3676  hidserv - ok
10:31:51.0560 3676  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:31:51.0560 3676  HidUsb - ok
10:31:51.0575 3676  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:31:51.0575 3676  hkmsvc - ok
10:31:51.0591 3676  [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
10:31:51.0591 3676  HpCISSs - ok
10:31:51.0606 3676  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:31:51.0606 3676  HTTP - ok
10:31:51.0606 3676  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
10:31:51.0622 3676  i2omp - ok
10:31:51.0622 3676  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:31:51.0622 3676  i8042prt - ok
10:31:51.0638 3676  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
10:31:51.0638 3676  iaStorV - ok
10:31:51.0653 3676  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:31:51.0669 3676  idsvc - ok
10:31:51.0669 3676  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:31:51.0669 3676  iirsp - ok
10:31:51.0684 3676  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:31:51.0700 3676  IKEEXT - ok
10:31:51.0700 3676  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:31:51.0716 3676  intelide - ok
10:31:51.0716 3676  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:31:51.0716 3676  intelppm - ok
10:31:51.0731 3676  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:31:51.0731 3676  IPBusEnum - ok
10:31:51.0731 3676  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:31:51.0731 3676  IpFilterDriver - ok
10:31:51.0747 3676  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:31:51.0747 3676  iphlpsvc - ok
10:31:51.0762 3676  IpInIp - ok
10:31:51.0762 3676  [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
10:31:51.0762 3676  IPMIDRV - ok
10:31:51.0778 3676  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
10:31:51.0778 3676  IPNAT - ok
10:31:51.0778 3676  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:31:51.0778 3676  IRENUM - ok
10:31:51.0794 3676  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:31:51.0794 3676  isapnp - ok
10:31:51.0794 3676  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:31:51.0809 3676  iScsiPrt - ok
10:31:51.0809 3676  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:31:51.0809 3676  iteatapi - ok
10:31:51.0809 3676  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
10:31:51.0809 3676  iteraid - ok
10:31:51.0825 3676  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:31:51.0825 3676  kbdclass - ok
10:31:51.0825 3676  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:31:51.0840 3676  kbdhid - ok
10:31:51.0840 3676  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
10:31:51.0840 3676  KeyIso - ok
10:31:51.0856 3676  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:31:51.0856 3676  KSecDD - ok
10:31:51.0872 3676  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:31:51.0887 3676  KtmRm - ok
10:31:51.0887 3676  [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:31:51.0887 3676  LanmanServer - ok
10:31:51.0903 3676  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:31:51.0903 3676  LanmanWorkstation - ok
10:31:51.0918 3676  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:31:51.0918 3676  lltdio - ok
10:31:51.0934 3676  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:31:51.0934 3676  lltdsvc - ok
10:31:51.0934 3676  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:31:51.0934 3676  lmhosts - ok
10:31:51.0950 3676  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:31:51.0950 3676  LSI_FC - ok
10:31:51.0965 3676  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:31:51.0965 3676  LSI_SAS - ok
10:31:51.0965 3676  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:31:51.0965 3676  LSI_SCSI - ok
10:31:51.0981 3676  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
10:31:51.0981 3676  luafv - ok
10:31:51.0981 3676  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:31:51.0981 3676  megasas - ok
10:31:51.0996 3676  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
10:31:51.0996 3676  MegaSR - ok
10:31:52.0012 3676  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
10:31:52.0012 3676  MMCSS - ok
10:31:52.0012 3676  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
10:31:52.0012 3676  Modem - ok
10:31:52.0028 3676  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:31:52.0028 3676  monitor - ok
10:31:52.0028 3676  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:31:52.0043 3676  mouclass - ok
10:31:52.0043 3676  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:31:52.0043 3676  mouhid - ok
10:31:52.0043 3676  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:31:52.0059 3676  MountMgr - ok
10:31:52.0059 3676  [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:31:52.0059 3676  mpio - ok
10:31:52.0074 3676  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:31:52.0074 3676  mpsdrv - ok
10:31:52.0090 3676  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:31:52.0090 3676  MpsSvc - ok
10:31:52.0106 3676  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:31:52.0106 3676  Mraid35x - ok
10:31:52.0106 3676  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:31:52.0106 3676  MRxDAV - ok
10:31:52.0121 3676  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:31:52.0121 3676  mrxsmb - ok
10:31:52.0121 3676  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:31:52.0137 3676  mrxsmb10 - ok
10:31:52.0137 3676  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:31:52.0137 3676  mrxsmb20 - ok
10:31:52.0152 3676  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:31:52.0152 3676  msahci - ok
10:31:52.0152 3676  [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:31:52.0152 3676  msdsm - ok
10:31:52.0168 3676  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
10:31:52.0168 3676  MSDTC - ok
10:31:52.0184 3676  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:31:52.0184 3676  Msfs - ok
10:31:52.0184 3676  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:31:52.0184 3676  msisadrv - ok
10:31:52.0199 3676  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:31:52.0199 3676  MSiSCSI - ok
10:31:52.0199 3676  msiserver - ok
10:31:52.0215 3676  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:31:52.0215 3676  MSKSSRV - ok
10:31:52.0215 3676  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:31:52.0215 3676  MSPCLOCK - ok
10:31:52.0230 3676  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:31:52.0230 3676  MSPQM - ok
10:31:52.0230 3676  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:31:52.0246 3676  MsRPC - ok
10:31:52.0246 3676  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:31:52.0246 3676  mssmbios - ok
10:31:52.0262 3676  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:31:52.0262 3676  MSTEE - ok
10:31:52.0262 3676  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
10:31:52.0262 3676  Mup - ok
10:31:52.0277 3676  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
10:31:52.0277 3676  napagent - ok
10:31:52.0293 3676  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:31:52.0293 3676  NativeWifiP - ok
10:31:52.0308 3676  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:31:52.0324 3676  NDIS - ok
10:31:52.0324 3676  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:31:52.0324 3676  NdisTapi - ok
10:31:52.0340 3676  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:31:52.0340 3676  Ndisuio - ok
10:31:52.0340 3676  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:31:52.0355 3676  NdisWan - ok
10:31:52.0355 3676  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:31:52.0355 3676  NDProxy - ok
10:31:52.0371 3676  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:31:52.0371 3676  NetBIOS - ok
10:31:52.0371 3676  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
10:31:52.0371 3676  netbt - ok
10:31:52.0386 3676  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
10:31:52.0386 3676  Netlogon - ok
10:31:52.0402 3676  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
10:31:52.0402 3676  Netman - ok
10:31:52.0418 3676  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
10:31:52.0418 3676  netprofm - ok
10:31:52.0433 3676  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:31:52.0433 3676  NetTcpPortSharing - ok
10:31:52.0449 3676  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:31:52.0449 3676  nfrd960 - ok
10:31:52.0464 3676  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:31:52.0464 3676  NlaSvc - ok
10:31:52.0464 3676  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:31:52.0464 3676  Npfs - ok
10:31:52.0480 3676  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
10:31:52.0480 3676  nsi - ok
10:31:52.0480 3676  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:31:52.0480 3676  nsiproxy - ok
10:31:52.0511 3676  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:31:52.0527 3676  Ntfs - ok
10:31:52.0542 3676  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
10:31:52.0542 3676  ntrigdigi - ok
10:31:52.0542 3676  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
10:31:52.0542 3676  Null - ok
10:31:52.0558 3676  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
10:31:52.0558 3676  NVHDA - ok
10:31:52.0683 3676  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:31:52.0745 3676  nvlddmkm - ok
10:31:52.0745 3676  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:31:52.0761 3676  nvraid - ok
10:31:52.0761 3676  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:31:52.0761 3676  nvstor - ok
10:31:52.0776 3676  [ E4284FCF99FEA13A7E1836F87AE356F6 ] NVSvc           C:\Windows\system32\nvvsvc.exe
10:31:52.0792 3676  NVSvc - ok
10:31:52.0808 3676  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:31:52.0823 3676  nvUpdatusService - ok
10:31:52.0823 3676  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:31:52.0823 3676  nv_agp - ok
10:31:52.0839 3676  NwlnkFlt - ok
10:31:52.0839 3676  NwlnkFwd - ok
10:31:52.0854 3676  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:31:52.0854 3676  ohci1394 - ok
10:31:52.0870 3676  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:31:52.0886 3676  p2pimsvc - ok
10:31:52.0886 3676  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:31:52.0901 3676  p2psvc - ok
10:31:52.0901 3676  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
10:31:52.0901 3676  Parport - ok
10:31:52.0917 3676  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:31:52.0917 3676  partmgr - ok
10:31:52.0948 3676  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:31:52.0948 3676  Parvdm - ok
10:31:52.0964 3676  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:31:52.0964 3676  PcaSvc - ok
10:31:52.0979 3676  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
10:31:52.0979 3676  pci - ok
10:31:52.0979 3676  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
10:31:52.0979 3676  pciide - ok
10:31:52.0995 3676  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:31:52.0995 3676  pcmcia - ok
10:31:53.0010 3676  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:31:53.0026 3676  PEAUTH - ok
10:31:53.0073 3676  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
10:31:53.0088 3676  pla - ok
10:31:53.0104 3676  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:31:53.0104 3676  PlugPlay - ok
10:31:53.0120 3676  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
10:31:53.0135 3676  PNRPAutoReg - ok
10:31:53.0151 3676  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
10:31:53.0151 3676  PNRPsvc - ok
10:31:53.0166 3676  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:31:53.0166 3676  PolicyAgent - ok
10:31:53.0182 3676  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:31:53.0182 3676  PptpMiniport - ok
10:31:53.0182 3676  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
10:31:53.0182 3676  Processor - ok
10:31:53.0198 3676  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:31:53.0198 3676  ProfSvc - ok
10:31:53.0213 3676  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:31:53.0213 3676  ProtectedStorage - ok
10:31:53.0213 3676  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:31:53.0213 3676  PSched - ok
10:31:53.0244 3676  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:31:53.0260 3676  ql2300 - ok
10:31:53.0260 3676  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:31:53.0276 3676  ql40xx - ok
10:31:53.0276 3676  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
10:31:53.0276 3676  QWAVE - ok
10:31:53.0291 3676  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:31:53.0291 3676  QWAVEdrv - ok
10:31:53.0291 3676  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:31:53.0307 3676  RasAcd - ok
10:31:53.0307 3676  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
10:31:53.0307 3676  RasAuto - ok
10:31:53.0322 3676  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:31:53.0322 3676  Rasl2tp - ok
10:31:53.0322 3676  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
10:31:53.0338 3676  RasMan - ok
10:31:53.0338 3676  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:31:53.0338 3676  RasPppoe - ok
10:31:53.0354 3676  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:31:53.0354 3676  RasSstp - ok
10:31:53.0354 3676  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:31:53.0369 3676  rdbss - ok
10:31:53.0369 3676  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:31:53.0369 3676  RDPCDD - ok
10:31:53.0385 3676  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
10:31:53.0385 3676  rdpdr - ok
10:31:53.0400 3676  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:31:53.0400 3676  RDPENCDD - ok
10:31:53.0416 3676  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:31:53.0416 3676  RDPWD - ok
10:31:53.0416 3676  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:31:53.0432 3676  RemoteAccess - ok
10:31:53.0432 3676  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:31:53.0432 3676  RemoteRegistry - ok
10:31:53.0447 3676  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
10:31:53.0447 3676  RpcLocator - ok
10:31:53.0463 3676  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
10:31:53.0463 3676  RpcSs - ok
10:31:53.0463 3676  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:31:53.0478 3676  rspndr - ok
10:31:53.0478 3676  [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
10:31:53.0478 3676  RTL8169 - ok
10:31:53.0494 3676  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
10:31:53.0494 3676  SamSs - ok
10:31:53.0494 3676  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:31:53.0494 3676  sbp2port - ok
10:31:53.0510 3676  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:31:53.0510 3676  SCardSvr - ok
10:31:53.0525 3676  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
10:31:53.0541 3676  Schedule - ok
10:31:53.0541 3676  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:31:53.0541 3676  SCPolicySvc - ok
10:31:53.0556 3676  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:31:53.0556 3676  SDRSVC - ok
10:31:53.0572 3676  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:31:53.0572 3676  secdrv - ok
10:31:53.0572 3676  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
10:31:53.0572 3676  seclogon - ok
10:31:53.0588 3676  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
10:31:53.0588 3676  SENS - ok
10:31:53.0588 3676  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:31:53.0588 3676  Serenum - ok
10:31:53.0603 3676  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:31:53.0603 3676  Serial - ok
10:31:53.0603 3676  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:31:53.0603 3676  sermouse - ok
10:31:53.0619 3676  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:31:53.0634 3676  SessionEnv - ok
10:31:53.0634 3676  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:31:53.0634 3676  sffdisk - ok
10:31:53.0634 3676  [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:31:53.0634 3676  sffp_mmc - ok
10:31:53.0650 3676  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:31:53.0650 3676  sffp_sd - ok
10:31:53.0650 3676  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:31:53.0650 3676  sfloppy - ok
10:31:53.0666 3676  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:31:53.0681 3676  SharedAccess - ok
10:31:53.0681 3676  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:31:53.0697 3676  ShellHWDetection - ok
10:31:53.0697 3676  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:31:53.0697 3676  sisagp - ok
10:31:53.0712 3676  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:31:53.0712 3676  SiSRaid2 - ok
10:31:53.0712 3676  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:31:53.0712 3676  SiSRaid4 - ok
10:31:53.0775 3676  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
10:31:53.0822 3676  slsvc - ok
10:31:53.0837 3676  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:31:53.0837 3676  SLUINotify - ok
10:31:53.0837 3676  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:31:53.0853 3676  Smb - ok
10:31:53.0853 3676  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:31:53.0868 3676  SNMPTRAP - ok
10:31:53.0868 3676  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
10:31:53.0868 3676  spldr - ok
10:31:53.0884 3676  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
10:31:53.0884 3676  Spooler - ok
10:31:53.0900 3676  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:31:53.0900 3676  srv - ok
10:31:53.0915 3676  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:31:53.0915 3676  srv2 - ok
10:31:53.0915 3676  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:31:53.0915 3676  srvnet - ok
10:31:53.0931 3676  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:31:53.0931 3676  SSDPSRV - ok
10:31:53.0946 3676  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:31:53.0946 3676  SstpSvc - ok
10:31:53.0962 3676  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:31:53.0962 3676  Stereo Service - ok
10:31:53.0978 3676  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
10:31:53.0993 3676  stisvc - ok
10:31:53.0993 3676  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:31:53.0993 3676  swenum - ok
10:31:54.0009 3676  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
10:31:54.0009 3676  swprv - ok
10:31:54.0024 3676  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
10:31:54.0024 3676  Symc8xx - ok
10:31:54.0024 3676  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:31:54.0024 3676  Sym_hi - ok
10:31:54.0040 3676  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:31:54.0040 3676  Sym_u3 - ok
10:31:54.0056 3676  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
10:31:54.0071 3676  SysMain - ok
10:31:54.0071 3676  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:31:54.0071 3676  TabletInputService - ok
10:31:54.0087 3676  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:31:54.0087 3676  TapiSrv - ok
10:31:54.0102 3676  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
10:31:54.0102 3676  TBS - ok
10:31:54.0118 3676  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:31:54.0134 3676  Tcpip - ok
10:31:54.0165 3676  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:31:54.0165 3676  Tcpip6 - ok
10:31:54.0165 3676  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:31:54.0180 3676  tcpipreg - ok
10:31:54.0180 3676  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:31:54.0180 3676  TDPIPE - ok
10:31:54.0180 3676  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:31:54.0180 3676  TDTCP - ok
10:31:54.0196 3676  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:31:54.0196 3676  tdx - ok
10:31:54.0196 3676  TEAM - ok
10:31:54.0212 3676  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:31:54.0212 3676  TermDD - ok
10:31:54.0227 3676  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
10:31:54.0227 3676  TermService - ok
10:31:54.0243 3676  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
10:31:54.0243 3676  Themes - ok
10:31:54.0258 3676  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:31:54.0258 3676  THREADORDER - ok
10:31:54.0258 3676  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
10:31:54.0258 3676  TrkWks - ok
10:31:54.0274 3676  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:31:54.0274 3676  TrustedInstaller - ok
10:31:54.0274 3676  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:54.0274 3676  tssecsrv - ok
10:31:54.0290 3676  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
10:31:54.0290 3676  tunmp - ok
10:31:54.0290 3676  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:31:54.0290 3676  tunnel - ok
10:31:54.0305 3676  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:31:54.0305 3676  uagp35 - ok
10:31:54.0321 3676  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:31:54.0321 3676  udfs - ok
10:31:54.0336 3676  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:31:54.0336 3676  UI0Detect - ok
10:31:54.0336 3676  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:31:54.0336 3676  uliagpkx - ok
10:31:54.0352 3676  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
10:31:54.0352 3676  uliahci - ok
10:31:54.0368 3676  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:31:54.0368 3676  UlSata - ok
10:31:54.0368 3676  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
10:31:54.0368 3676  ulsata2 - ok
10:31:54.0383 3676  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:31:54.0383 3676  umbus - ok
10:31:54.0383 3676  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:31:54.0399 3676  UmRdpService - ok
10:31:54.0399 3676  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
10:31:54.0414 3676  upnphost - ok
10:31:54.0414 3676  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:54.0430 3676  usbccgp - ok
10:31:54.0430 3676  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:31:54.0430 3676  usbcir - ok
10:31:54.0446 3676  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:31:54.0446 3676  usbehci - ok
10:31:54.0446 3676  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:31:54.0461 3676  usbhub - ok
10:31:54.0461 3676  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:31:54.0461 3676  usbohci - ok
10:31:54.0461 3676  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:31:54.0461 3676  usbprint - ok
10:31:54.0477 3676  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:54.0477 3676  USBSTOR - ok
10:31:54.0477 3676  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:31:54.0492 3676  usbuhci - ok
10:31:54.0492 3676  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
10:31:54.0492 3676  UxSms - ok
10:31:54.0508 3676  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
10:31:54.0524 3676  vds - ok
10:31:54.0524 3676  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:54.0524 3676  vga - ok
10:31:54.0539 3676  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:31:54.0539 3676  VgaSave - ok
10:31:54.0555 3676  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:31:54.0555 3676  viaagp - ok
10:31:54.0570 3676  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:31:54.0570 3676  ViaC7 - ok
10:31:54.0586 3676  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
10:31:54.0586 3676  viaide - ok
10:31:54.0586 3676  VLAN - ok
10:31:54.0602 3676  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:31:54.0602 3676  volmgr - ok
10:31:54.0617 3676  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:31:54.0617 3676  volmgrx - ok
10:31:54.0633 3676  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:31:54.0633 3676  volsnap - ok
10:31:54.0648 3676  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:31:54.0648 3676  vsmraid - ok
10:31:54.0664 3676  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
10:31:54.0680 3676  VSS - ok
10:31:54.0695 3676  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
10:31:54.0695 3676  W32Time - ok
10:31:54.0711 3676  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:31:54.0711 3676  WacomPen - ok
10:31:54.0711 3676  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:31:54.0711 3676  Wanarp - ok
10:31:54.0726 3676  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:31:54.0726 3676  Wanarpv6 - ok
10:31:54.0742 3676  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
10:31:54.0742 3676  wbengine - ok
10:31:54.0789 3676  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:31:54.0789 3676  wcncsvc - ok
10:31:54.0804 3676  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:31:54.0804 3676  WcsPlugInService - ok
10:31:54.0804 3676  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
10:31:54.0804 3676  Wd - ok
10:31:54.0820 3676  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:31:54.0836 3676  Wdf01000 - ok
10:31:54.0851 3676  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:31:54.0851 3676  WdiServiceHost - ok
10:31:54.0851 3676  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:31:54.0851 3676  WdiSystemHost - ok
10:31:54.0867 3676  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
10:31:54.0882 3676  WebClient - ok
10:31:54.0882 3676  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:31:54.0898 3676  Wecsvc - ok
10:31:54.0898 3676  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:31:54.0898 3676  wercplsupport - ok
10:31:54.0914 3676  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:31:54.0914 3676  WerSvc - ok
10:31:54.0929 3676  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:31:54.0929 3676  WinDefend - ok
10:31:54.0945 3676  WinHttpAutoProxySvc - ok
10:31:54.0960 3676  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:31:54.0960 3676  Winmgmt - ok
10:31:54.0992 3676  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:31:55.0007 3676  WinRM - ok
10:31:55.0023 3676  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:31:55.0038 3676  Wlansvc - ok
10:31:55.0054 3676  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:31:55.0054 3676  WmiAcpi - ok
10:31:55.0070 3676  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:31:55.0070 3676  wmiApSrv - ok
10:31:55.0085 3676  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:31:55.0101 3676  WMPNetworkSvc - ok
10:31:55.0101 3676  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:31:55.0116 3676  WPDBusEnum - ok
10:31:55.0132 3676  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:31:55.0148 3676  WPFFontCache_v0400 - ok
10:31:55.0148 3676  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:31:55.0148 3676  ws2ifsl - ok
10:31:55.0163 3676  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
10:31:55.0163 3676  wscsvc - ok
10:31:55.0163 3676  WSearch - ok
10:31:55.0210 3676  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
10:31:55.0241 3676  wuauserv - ok
10:31:55.0257 3676  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:31:55.0257 3676  WudfPf - ok
10:31:55.0257 3676  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:55.0272 3676  WUDFRd - ok
10:31:55.0272 3676  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:31:55.0272 3676  wudfsvc - ok
10:31:55.0288 3676  ================ Scan global ===============================
10:31:55.0288 3676  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:31:55.0304 3676  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:31:55.0319 3676  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:31:55.0335 3676  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:31:55.0335 3676  [Global] - ok
10:31:55.0335 3676  ================ Scan MBR ==================================
10:31:55.0350 3676  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:31:55.0569 3676  \Device\Harddisk0\DR0 - ok
10:31:55.0569 3676  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:31:56.0848 3676  \Device\Harddisk1\DR1 - ok
10:31:56.0848 3676  ================ Scan VBR ==================================
10:31:56.0848 3676  [ 6A8BA5B7BC3C0AC0F416736D1FBF96B2 ] \Device\Harddisk0\DR0\Partition1
10:31:56.0848 3676  \Device\Harddisk0\DR0\Partition1 - ok
10:31:56.0848 3676  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
10:31:56.0848 3676  \Device\Harddisk1\DR1\Partition1 - ok
10:31:56.0864 3676  [ 6F4068327211B41099109D992399AFFE ] \Device\Harddisk1\DR1\Partition2
10:31:56.0864 3676  \Device\Harddisk1\DR1\Partition2 - ok
10:31:56.0864 3676  ============================================================
10:31:56.0864 3676  Scan finished
10:31:56.0864 3676  ============================================================
10:31:56.0864 3228  Detected object count: 0
10:31:56.0864 3228  Actual detected object count: 0
10:32:06.0894 2908  ============================================================
10:32:06.0894 2908  Scan started
10:32:06.0894 2908  Mode: Manual; SigCheck; TDLFS; 
10:32:06.0894 2908  ============================================================
10:32:07.0019 2908  ================ Scan system memory ========================
10:32:07.0019 2908  System memory - ok
10:32:07.0019 2908  ================ Scan services =============================
10:32:07.0097 2908  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
10:32:07.0238 2908  ACPI - ok
10:32:07.0253 2908  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:32:07.0284 2908  adp94xx - ok
10:32:07.0300 2908  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:32:07.0316 2908  adpahci - ok
10:32:07.0316 2908  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
10:32:07.0331 2908  adpu160m - ok
10:32:07.0347 2908  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:32:07.0347 2908  adpu320 - ok
10:32:07.0362 2908  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:32:07.0378 2908  AeLookupSvc - ok
10:32:07.0394 2908  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
10:32:07.0409 2908  AFD - ok
10:32:07.0425 2908  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:32:07.0425 2908  agp440 - ok
10:32:07.0440 2908  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
10:32:07.0456 2908  aic78xx - ok
10:32:07.0456 2908  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
10:32:07.0518 2908  ALG - ok
10:32:07.0518 2908  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:32:07.0534 2908  aliide - ok
10:32:07.0534 2908  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:32:07.0550 2908  amdagp - ok
10:32:07.0565 2908  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:32:07.0565 2908  amdide - ok
10:32:07.0581 2908  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
10:32:07.0596 2908  AmdK7 - ok
10:32:07.0612 2908  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:32:07.0643 2908  AmdK8 - ok
10:32:07.0643 2908  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
10:32:07.0659 2908  Appinfo - ok
10:32:07.0659 2908  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
10:32:07.0674 2908  AppMgmt - ok
10:32:07.0690 2908  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
10:32:07.0706 2908  arc - ok
10:32:07.0706 2908  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:32:07.0721 2908  arcsas - ok
10:32:07.0721 2908  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:07.0752 2908  AsyncMac - ok
10:32:07.0752 2908  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:32:07.0768 2908  atapi - ok
10:32:07.0784 2908  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:32:07.0799 2908  AudioEndpointBuilder - ok
10:32:07.0815 2908  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:32:07.0830 2908  Audiosrv - ok
10:32:07.0846 2908  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:32:07.0862 2908  Beep - ok
10:32:07.0877 2908  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
10:32:07.0908 2908  BFE - ok
10:32:07.0924 2908  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
10:32:07.0955 2908  BITS - ok
10:32:07.0955 2908  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:32:07.0986 2908  blbdrive - ok
10:32:07.0986 2908  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:32:08.0002 2908  bowser - ok
10:32:08.0002 2908  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
10:32:08.0033 2908  BrFiltLo - ok
10:32:08.0033 2908  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
10:32:08.0049 2908  BrFiltUp - ok
10:32:08.0064 2908  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
10:32:08.0080 2908  Browser - ok
10:32:08.0096 2908  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
10:32:08.0189 2908  Brserid - ok
10:32:08.0205 2908  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
10:32:08.0236 2908  BrSerWdm - ok
10:32:08.0252 2908  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
10:32:08.0283 2908  BrUsbMdm - ok
10:32:08.0298 2908  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
10:32:08.0330 2908  BrUsbSer - ok
10:32:08.0345 2908  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:32:08.0392 2908  BTHMODEM - ok
10:32:08.0392 2908  catchme - ok
10:32:08.0408 2908  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:32:08.0423 2908  cdfs - ok
10:32:08.0439 2908  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:32:08.0454 2908  cdrom - ok
10:32:08.0454 2908  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:32:08.0486 2908  CertPropSvc - ok
10:32:08.0486 2908  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
10:32:08.0517 2908  circlass - ok
10:32:08.0517 2908  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
10:32:08.0532 2908  CLFS - ok
10:32:08.0548 2908  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:32:08.0564 2908  clr_optimization_v2.0.50727_32 - ok
10:32:08.0579 2908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:32:08.0595 2908  clr_optimization_v4.0.30319_32 - ok
10:32:08.0595 2908  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:32:08.0610 2908  cmdide - ok
10:32:08.0610 2908  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:32:08.0626 2908  Compbatt - ok
10:32:08.0626 2908  COMSysApp - ok
10:32:08.0642 2908  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:32:08.0642 2908  crcdisk - ok
10:32:08.0657 2908  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
10:32:08.0673 2908  Crusoe - ok
10:32:08.0688 2908  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:32:08.0704 2908  CryptSvc - ok
10:32:08.0720 2908  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
10:32:08.0735 2908  CSC - ok
10:32:08.0751 2908  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
10:32:08.0782 2908  CscService - ok
10:32:08.0798 2908  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:32:08.0860 2908  DcomLaunch - ok
10:32:08.0860 2908  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:32:08.0876 2908  DfsC - ok
10:32:08.0891 2908  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
10:32:08.0907 2908  Dhcp - ok
10:32:08.0922 2908  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
10:32:08.0938 2908  disk - ok
10:32:08.0938 2908  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:32:08.0954 2908  Dnscache - ok
10:32:08.0969 2908  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:32:08.0985 2908  dot3svc - ok
10:32:09.0000 2908  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
10:32:09.0016 2908  DPS - ok
10:32:09.0032 2908  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:32:09.0047 2908  drmkaud - ok
10:32:09.0063 2908  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:32:09.0094 2908  DXGKrnl - ok
10:32:09.0094 2908  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
10:32:09.0125 2908  E1G60 - ok
10:32:09.0141 2908  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
10:32:09.0156 2908  EapHost - ok
10:32:09.0172 2908  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
10:32:09.0188 2908  Ecache - ok
10:32:09.0188 2908  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:32:09.0219 2908  elxstor - ok
10:32:09.0234 2908  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
10:32:09.0266 2908  EMDMgmt - ok
10:32:09.0266 2908  [ A81AB23EDDB4693612014D87367D014C ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:32:09.0297 2908  ErrDev - ok
10:32:09.0312 2908  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
10:32:09.0328 2908  EventSystem - ok
10:32:09.0344 2908  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
10:32:09.0359 2908  exfat - ok
10:32:09.0375 2908  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:32:09.0422 2908  fastfat - ok
10:32:09.0422 2908  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:32:09.0453 2908  fdc - ok
10:32:09.0453 2908  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:32:09.0484 2908  fdPHost - ok
10:32:09.0484 2908  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:32:09.0531 2908  FDResPub - ok
10:32:09.0531 2908  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:32:09.0546 2908  FileInfo - ok
10:32:09.0546 2908  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:32:09.0578 2908  Filetrace - ok
10:32:09.0578 2908  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:32:09.0609 2908  flpydisk - ok
10:32:09.0609 2908  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:32:09.0624 2908  FltMgr - ok
10:32:09.0640 2908  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
10:32:09.0687 2908  FontCache - ok
10:32:09.0687 2908  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:32:09.0702 2908  FontCache3.0.0.0 - ok
10:32:09.0702 2908  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:32:09.0718 2908  Fs_Rec - ok
10:32:09.0734 2908  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:32:09.0734 2908  gagp30kx - ok
10:32:09.0749 2908  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:32:09.0796 2908  gpsvc - ok
10:32:09.0812 2908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:32:09.0812 2908  gupdate - ok
10:32:09.0827 2908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:32:09.0827 2908  gupdatem - ok
10:32:09.0843 2908  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:32:09.0858 2908  HdAudAddService - ok
10:32:09.0874 2908  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:32:09.0905 2908  HDAudBus - ok
10:32:09.0905 2908  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:32:09.0952 2908  HidBth - ok
10:32:09.0952 2908  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:32:09.0999 2908  HidIr - ok
10:32:10.0014 2908  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
10:32:10.0014 2908  hidserv - ok
10:32:10.0030 2908  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:32:10.0046 2908  HidUsb - ok
10:32:10.0046 2908  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:32:10.0077 2908  hkmsvc - ok
10:32:10.0092 2908  [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
10:32:10.0092 2908  HpCISSs - ok
10:32:10.0108 2908  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:32:10.0139 2908  HTTP - ok
10:32:10.0155 2908  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
10:32:10.0155 2908  i2omp - ok
10:32:10.0170 2908  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:32:10.0186 2908  i8042prt - ok
10:32:10.0202 2908  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
10:32:10.0217 2908  iaStorV - ok
10:32:10.0233 2908  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:32:10.0280 2908  idsvc - ok
10:32:10.0295 2908  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:32:10.0295 2908  iirsp - ok
10:32:10.0311 2908  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:32:10.0342 2908  IKEEXT - ok
10:32:10.0358 2908  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:32:10.0358 2908  intelide - ok
10:32:10.0373 2908  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:32:10.0404 2908  intelppm - ok
10:32:10.0404 2908  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:32:10.0436 2908  IPBusEnum - ok
10:32:10.0436 2908  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:32:10.0467 2908  IpFilterDriver - ok
10:32:10.0482 2908  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:32:10.0498 2908  iphlpsvc - ok
10:32:10.0498 2908  IpInIp - ok
10:32:10.0498 2908  [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
10:32:10.0529 2908  IPMIDRV - ok
10:32:10.0529 2908  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
10:32:10.0560 2908  IPNAT - ok
10:32:10.0560 2908  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:32:10.0592 2908  IRENUM - ok
10:32:10.0592 2908  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:32:10.0607 2908  isapnp - ok
10:32:10.0607 2908  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
10:32:10.0623 2908  iScsiPrt - ok
10:32:10.0638 2908  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
10:32:10.0638 2908  iteatapi - ok
10:32:10.0654 2908  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
10:32:10.0654 2908  iteraid - ok
10:32:10.0670 2908  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:32:10.0685 2908  kbdclass - ok
10:32:10.0685 2908  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:32:10.0701 2908  kbdhid - ok
10:32:10.0716 2908  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
10:32:10.0732 2908  KeyIso - ok
10:32:10.0732 2908  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:32:10.0763 2908  KSecDD - ok
10:32:10.0779 2908  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:32:10.0810 2908  KtmRm - ok
10:32:10.0826 2908  [ 43446F197C74EF2030F84B3A4F39D570 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:32:10.0841 2908  LanmanServer - ok
10:32:10.0857 2908  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:32:10.0872 2908  LanmanWorkstation - ok
10:32:10.0872 2908  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:32:10.0904 2908  lltdio - ok
10:32:10.0919 2908  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:32:10.0935 2908  lltdsvc - ok
10:32:10.0950 2908  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:32:10.0997 2908  lmhosts - ok
10:32:10.0997 2908  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:32:11.0013 2908  LSI_FC - ok
10:32:11.0013 2908  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:32:11.0028 2908  LSI_SAS - ok
10:32:11.0044 2908  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:32:11.0044 2908  LSI_SCSI - ok
10:32:11.0060 2908  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
10:32:11.0091 2908  luafv - ok
10:32:11.0091 2908  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:32:11.0106 2908  megasas - ok
10:32:11.0106 2908  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
10:32:11.0138 2908  MegaSR - ok
10:32:11.0138 2908  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
10:32:11.0169 2908  MMCSS - ok
10:32:11.0169 2908  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
10:32:11.0200 2908  Modem - ok
10:32:11.0200 2908  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:32:11.0231 2908  monitor - ok
10:32:11.0231 2908  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:32:11.0247 2908  mouclass - ok
10:32:11.0247 2908  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:32:11.0278 2908  mouhid - ok
10:32:11.0278 2908  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
10:32:11.0294 2908  MountMgr - ok
10:32:11.0294 2908  [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:32:11.0309 2908  mpio - ok
10:32:11.0325 2908  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:32:11.0340 2908  mpsdrv - ok
10:32:11.0356 2908  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:32:11.0387 2908  MpsSvc - ok
10:32:11.0387 2908  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
10:32:11.0403 2908  Mraid35x - ok
10:32:11.0403 2908  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:32:11.0418 2908  MRxDAV - ok
10:32:11.0434 2908  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:32:11.0450 2908  mrxsmb - ok
10:32:11.0465 2908  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:32:11.0481 2908  mrxsmb10 - ok
10:32:11.0496 2908  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:32:11.0496 2908  mrxsmb20 - ok
10:32:11.0512 2908  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:32:11.0528 2908  msahci - ok
10:32:11.0528 2908  [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:32:11.0543 2908  msdsm - ok
10:32:11.0559 2908  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
10:32:11.0574 2908  MSDTC - ok
10:32:11.0590 2908  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:32:11.0621 2908  Msfs - ok
10:32:11.0621 2908  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:32:11.0637 2908  msisadrv - ok
10:32:11.0652 2908  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:32:11.0684 2908  MSiSCSI - ok
10:32:11.0684 2908  msiserver - ok
10:32:11.0684 2908  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:32:11.0715 2908  MSKSSRV - ok
10:32:11.0715 2908  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:32:11.0746 2908  MSPCLOCK - ok
10:32:11.0746 2908  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:32:11.0777 2908  MSPQM - ok
10:32:11.0793 2908  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:32:11.0808 2908  MsRPC - ok
10:32:11.0808 2908  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:32:11.0824 2908  mssmbios - ok
10:32:11.0824 2908  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:32:11.0855 2908  MSTEE - ok
10:32:11.0855 2908  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
10:32:11.0871 2908  Mup - ok
10:32:11.0886 2908  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
10:32:11.0918 2908  napagent - ok
10:32:11.0918 2908  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:32:11.0933 2908  NativeWifiP - ok
10:32:11.0949 2908  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:32:11.0980 2908  NDIS - ok
10:32:11.0980 2908  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:32:12.0011 2908  NdisTapi - ok
10:32:12.0011 2908  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:32:12.0042 2908  Ndisuio - ok
10:32:12.0042 2908  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:32:12.0074 2908  NdisWan - ok
10:32:12.0074 2908  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:32:12.0089 2908  NDProxy - ok
10:32:12.0105 2908  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:32:12.0120 2908  NetBIOS - ok
10:32:12.0136 2908  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
10:32:12.0152 2908  netbt - ok
10:32:12.0167 2908  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
10:32:12.0183 2908  Netlogon - ok
10:32:12.0183 2908  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
10:32:12.0214 2908  Netman - ok
10:32:12.0230 2908  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
10:32:12.0261 2908  netprofm - ok
10:32:12.0261 2908  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:32:12.0276 2908  NetTcpPortSharing - ok
10:32:12.0292 2908  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:32:12.0292 2908  nfrd960 - ok
10:32:12.0308 2908  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:32:12.0339 2908  NlaSvc - ok
10:32:12.0339 2908  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:32:12.0370 2908  Npfs - ok
10:32:12.0370 2908  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
10:32:12.0401 2908  nsi - ok
10:32:12.0401 2908  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:32:12.0417 2908  nsiproxy - ok
10:32:12.0448 2908  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:32:12.0479 2908  Ntfs - ok
10:32:12.0495 2908  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
10:32:12.0542 2908  ntrigdigi - ok
10:32:12.0542 2908  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
10:32:12.0573 2908  Null - ok
10:32:12.0573 2908  [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
10:32:12.0620 2908  NVHDA - ok
10:32:12.0729 2908  [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:32:13.0134 2908  nvlddmkm - ok
10:32:13.0134 2908  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:32:13.0150 2908  nvraid - ok
10:32:13.0166 2908  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:32:13.0181 2908  nvstor - ok
10:32:13.0197 2908  [ E4284FCF99FEA13A7E1836F87AE356F6 ] NVSvc           C:\Windows\system32\nvvsvc.exe
10:32:13.0228 2908  NVSvc - ok
10:32:13.0259 2908  [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:32:13.0306 2908  nvUpdatusService - ok
10:32:13.0306 2908  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:32:13.0322 2908  nv_agp - ok
10:32:13.0322 2908  NwlnkFlt - ok
10:32:13.0337 2908  NwlnkFwd - ok
10:32:13.0337 2908  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:32:13.0384 2908  ohci1394 - ok
10:32:13.0400 2908  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
10:32:13.0446 2908  p2pimsvc - ok
10:32:13.0446 2908  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:32:13.0478 2908  p2psvc - ok
10:32:13.0478 2908  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
10:32:13.0524 2908  Parport - ok
10:32:13.0540 2908  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:32:13.0540 2908  partmgr - ok
10:32:13.0556 2908  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:32:13.0602 2908  Parvdm - ok
10:32:13.0602 2908  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:32:13.0618 2908  PcaSvc - ok
10:32:13.0634 2908  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
10:32:13.0649 2908  pci - ok
10:32:13.0649 2908  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
10:32:13.0665 2908  pciide - ok
10:32:13.0680 2908  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:32:13.0680 2908  pcmcia - ok
10:32:13.0696 2908  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:32:13.0774 2908  PEAUTH - ok
10:32:13.0805 2908  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
10:32:13.0868 2908  pla - ok
10:32:13.0883 2908  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:32:13.0899 2908  PlugPlay - ok
10:32:13.0914 2908  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
10:32:13.0946 2908  PNRPAutoReg - ok
10:32:13.0961 2908  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
10:32:13.0977 2908  PNRPsvc - ok
10:32:13.0992 2908  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:32:14.0024 2908  PolicyAgent - ok
10:32:14.0039 2908  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:32:14.0055 2908  PptpMiniport - ok
10:32:14.0070 2908  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
10:32:14.0086 2908  Processor - ok
10:32:14.0102 2908  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:32:14.0117 2908  ProfSvc - ok
10:32:14.0133 2908  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:32:14.0148 2908  ProtectedStorage - ok
10:32:14.0148 2908  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
10:32:14.0164 2908  PSched - ok
10:32:14.0195 2908  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:32:14.0226 2908  ql2300 - ok
10:32:14.0226 2908  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:32:14.0242 2908  ql40xx - ok
10:32:14.0258 2908  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
10:32:14.0273 2908  QWAVE - ok
10:32:14.0273 2908  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:32:14.0289 2908  QWAVEdrv - ok
10:32:14.0289 2908  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:32:14.0320 2908  RasAcd - ok
10:32:14.0336 2908  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
10:32:14.0351 2908  RasAuto - ok
10:32:14.0367 2908  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:32:14.0382 2908  Rasl2tp - ok
10:32:14.0398 2908  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
10:32:14.0429 2908  RasMan - ok
10:32:14.0429 2908  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:32:14.0460 2908  RasPppoe - ok
10:32:14.0460 2908  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:32:14.0476 2908  RasSstp - ok
10:32:14.0492 2908  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:32:14.0507 2908  rdbss - ok
10:32:14.0523 2908  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:32:14.0538 2908  RDPCDD - ok
10:32:14.0554 2908  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
10:32:14.0570 2908  rdpdr - ok
10:32:14.0585 2908  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:32:14.0601 2908  RDPENCDD - ok
10:32:14.0616 2908  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:32:14.0632 2908  RDPWD - ok
10:32:14.0648 2908  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:32:14.0663 2908  RemoteAccess - ok
10:32:14.0679 2908  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:32:14.0694 2908  RemoteRegistry - ok
10:32:14.0710 2908  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
10:32:14.0726 2908  RpcLocator - ok
10:32:14.0726 2908  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
10:32:14.0757 2908  RpcSs - ok
10:32:14.0772 2908  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:32:14.0804 2908  rspndr - ok
10:32:14.0819 2908  [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
10:32:14.0835 2908  RTL8169 - ok
10:32:14.0835 2908  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
10:32:14.0850 2908  SamSs - ok
10:32:14.0866 2908  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:32:14.0866 2908  sbp2port - ok
10:32:14.0882 2908  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:32:14.0913 2908  SCardSvr - ok
10:32:14.0928 2908  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
10:32:14.0960 2908  Schedule - ok
10:32:14.0960 2908  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:32:14.0975 2908  SCPolicySvc - ok
10:32:14.0991 2908  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:32:15.0006 2908  SDRSVC - ok
10:32:15.0006 2908  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:32:15.0053 2908  secdrv - ok
10:32:15.0069 2908  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
10:32:15.0084 2908  seclogon - ok
10:32:15.0100 2908  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
10:32:15.0131 2908  SENS - ok
10:32:15.0131 2908  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:32:15.0162 2908  Serenum - ok
10:32:15.0162 2908  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:32:15.0194 2908  Serial - ok
10:32:15.0194 2908  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:32:15.0225 2908  sermouse - ok
10:32:15.0240 2908  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:32:15.0256 2908  SessionEnv - ok
10:32:15.0272 2908  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:32:15.0287 2908  sffdisk - ok
10:32:15.0287 2908  [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:32:15.0318 2908  sffp_mmc - ok
10:32:15.0318 2908  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:32:15.0334 2908  sffp_sd - ok
10:32:15.0350 2908  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:32:15.0381 2908  sfloppy - ok
10:32:15.0396 2908  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:32:15.0428 2908  SharedAccess - ok
10:32:15.0428 2908  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:32:15.0459 2908  ShellHWDetection - ok
10:32:15.0459 2908  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:32:15.0474 2908  sisagp - ok
10:32:15.0474 2908  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
10:32:15.0490 2908  SiSRaid2 - ok
10:32:15.0490 2908  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:32:15.0506 2908  SiSRaid4 - ok
10:32:15.0552 2908  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
10:32:15.0677 2908  slsvc - ok
10:32:15.0677 2908  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
10:32:15.0708 2908  SLUINotify - ok
10:32:15.0708 2908  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:32:15.0724 2908  Smb - ok
10:32:15.0740 2908  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:32:15.0755 2908  SNMPTRAP - ok
10:32:15.0771 2908  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
10:32:15.0771 2908  spldr - ok
10:32:15.0786 2908  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
10:32:15.0802 2908  Spooler - ok
10:32:15.0818 2908  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:32:15.0833 2908  srv - ok
10:32:15.0849 2908  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:32:15.0864 2908  srv2 - ok
10:32:15.0864 2908  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:32:15.0880 2908  srvnet - ok
10:32:15.0896 2908  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:32:15.0927 2908  SSDPSRV - ok
10:32:15.0927 2908  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:32:15.0942 2908  SstpSvc - ok
10:32:15.0958 2908  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:32:15.0989 2908  Stereo Service - ok
10:32:16.0005 2908  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
10:32:16.0020 2908  stisvc - ok
10:32:16.0036 2908  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:32:16.0052 2908  swenum - ok
10:32:16.0052 2908  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
10:32:16.0083 2908  swprv - ok
10:32:16.0098 2908  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
10:32:16.0098 2908  Symc8xx - ok
10:32:16.0114 2908  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
10:32:16.0114 2908  Sym_hi - ok
10:32:16.0130 2908  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
10:32:16.0130 2908  Sym_u3 - ok
10:32:16.0145 2908  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
10:32:16.0192 2908  SysMain - ok
10:32:16.0192 2908  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:32:16.0208 2908  TabletInputService - ok
10:32:16.0223 2908  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:32:16.0239 2908  TapiSrv - ok
10:32:16.0254 2908  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
10:32:16.0270 2908  TBS - ok
10:32:16.0301 2908  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:32:16.0332 2908  Tcpip - ok
10:32:16.0348 2908  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
10:32:16.0379 2908  Tcpip6 - ok
10:32:16.0395 2908  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:32:16.0410 2908  tcpipreg - ok
10:32:16.0410 2908  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:32:16.0442 2908  TDPIPE - ok
10:32:16.0442 2908  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:32:16.0473 2908  TDTCP - ok
10:32:16.0473 2908  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:32:16.0488 2908  tdx - ok
10:32:16.0504 2908  TEAM - ok
10:32:16.0504 2908  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:32:16.0520 2908  TermDD - ok
10:32:16.0535 2908  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
10:32:16.0566 2908  TermService - ok
10:32:16.0582 2908  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
10:32:16.0598 2908  Themes - ok
10:32:16.0598 2908  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:32:16.0629 2908  THREADORDER - ok
10:32:16.0629 2908  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
10:32:16.0660 2908  TrkWks - ok
10:32:16.0660 2908  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:32:16.0691 2908  TrustedInstaller - ok
10:32:16.0691 2908  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:32:16.0722 2908  tssecsrv - ok
10:32:16.0722 2908  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
10:32:16.0738 2908  tunmp - ok
10:32:16.0754 2908  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:32:16.0754 2908  tunnel - ok
10:32:16.0769 2908  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:32:16.0785 2908  uagp35 - ok
10:32:16.0785 2908  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:32:16.0816 2908  udfs - ok
10:32:16.0816 2908  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:32:16.0847 2908  UI0Detect - ok
10:32:16.0863 2908  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:32:16.0863 2908  uliagpkx - ok
10:32:16.0878 2908  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
10:32:16.0894 2908  uliahci - ok
10:32:16.0894 2908  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
10:32:16.0910 2908  UlSata - ok
10:32:16.0910 2908  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
10:32:16.0925 2908  ulsata2 - ok
10:32:16.0941 2908  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:32:16.0956 2908  umbus - ok
10:32:16.0972 2908  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:32:16.0988 2908  UmRdpService - ok
10:32:17.0003 2908  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
10:32:17.0034 2908  upnphost - ok
10:32:17.0034 2908  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:32:17.0066 2908  usbccgp - ok
10:32:17.0066 2908  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:32:17.0112 2908  usbcir - ok
10:32:17.0112 2908  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:32:17.0128 2908  usbehci - ok
10:32:17.0144 2908  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:32:17.0159 2908  usbhub - ok
10:32:17.0175 2908  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:32:17.0222 2908  usbohci - ok
10:32:17.0222 2908  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:32:17.0268 2908  usbprint - ok
10:32:17.0268 2908  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:32:17.0284 2908  USBSTOR - ok
10:32:17.0300 2908  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:32:17.0315 2908  usbuhci - ok
10:32:17.0315 2908  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
10:32:17.0346 2908  UxSms - ok
10:32:17.0362 2908  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
10:32:17.0378 2908  vds - ok
10:32:17.0393 2908  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:32:17.0409 2908  vga - ok
10:32:17.0424 2908  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:32:17.0440 2908  VgaSave - ok
10:32:17.0456 2908  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:32:17.0471 2908  viaagp - ok
10:32:17.0471 2908  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
10:32:17.0502 2908  ViaC7 - ok
10:32:17.0502 2908  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
10:32:17.0518 2908  viaide - ok
10:32:17.0518 2908  VLAN - ok
10:32:17.0534 2908  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:32:17.0534 2908  volmgr - ok
10:32:17.0549 2908  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:32:17.0565 2908  volmgrx - ok
10:32:17.0580 2908  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:32:17.0596 2908  volsnap - ok
10:32:17.0612 2908  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:32:17.0612 2908  vsmraid - ok
10:32:17.0643 2908  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
10:32:17.0690 2908  VSS - ok
10:32:17.0705 2908  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
10:32:17.0721 2908  W32Time - ok
10:32:17.0736 2908  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:32:17.0783 2908  WacomPen - ok
10:32:17.0783 2908  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
10:32:17.0814 2908  Wanarp - ok
10:32:17.0814 2908  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:32:17.0830 2908  Wanarpv6 - ok
10:32:17.0861 2908  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
10:32:17.0892 2908  wbengine - ok
10:32:17.0908 2908  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:32:17.0939 2908  wcncsvc - ok
10:32:17.0939 2908  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:32:17.0970 2908  WcsPlugInService - ok
10:32:17.0986 2908  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
10:32:18.0002 2908  Wd - ok
10:32:18.0017 2908  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:32:18.0048 2908  Wdf01000 - ok
10:32:18.0048 2908  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:32:18.0095 2908  WdiServiceHost - ok
10:32:18.0095 2908  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:32:18.0111 2908  WdiSystemHost - ok
10:32:18.0126 2908  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
10:32:18.0142 2908  WebClient - ok
10:32:18.0158 2908  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:32:18.0173 2908  Wecsvc - ok
10:32:18.0173 2908  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:32:18.0204 2908  wercplsupport - ok
10:32:18.0204 2908  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:32:18.0236 2908  WerSvc - ok
10:32:18.0236 2908  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:32:18.0251 2908  WinDefend - ok
10:32:18.0267 2908  WinHttpAutoProxySvc - ok
10:32:18.0282 2908  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:32:18.0298 2908  Winmgmt - ok
10:32:18.0329 2908  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:32:18.0360 2908  WinRM - ok
10:32:18.0392 2908  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:32:18.0407 2908  Wlansvc - ok
10:32:18.0423 2908  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:32:18.0438 2908  WmiAcpi - ok
10:32:18.0454 2908  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:32:18.0470 2908  wmiApSrv - ok
10:32:18.0485 2908  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:32:18.0532 2908  WMPNetworkSvc - ok
10:32:18.0532 2908  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:32:18.0548 2908  WPDBusEnum - ok
10:32:18.0563 2908  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:32:18.0594 2908  WPFFontCache_v0400 - ok
10:32:18.0610 2908  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:32:18.0626 2908  ws2ifsl - ok
10:32:18.0641 2908  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
10:32:18.0657 2908  wscsvc - ok
10:32:18.0657 2908  WSearch - ok
10:32:18.0688 2908  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
10:32:18.0766 2908  wuauserv - ok
10:32:18.0766 2908  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:32:18.0782 2908  WudfPf - ok
10:32:18.0797 2908  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:32:18.0813 2908  WUDFRd - ok
10:32:18.0813 2908  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:32:18.0828 2908  wudfsvc - ok
10:32:18.0844 2908  ================ Scan global ===============================
10:32:18.0844 2908  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:32:18.0860 2908  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:32:18.0875 2908  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:32:18.0891 2908  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:32:18.0906 2908  [Global] - ok
10:32:18.0906 2908  ================ Scan MBR ==================================
10:32:18.0906 2908  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:32:19.0187 2908  \Device\Harddisk0\DR0 - ok
10:32:19.0187 2908  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:32:20.0498 2908  \Device\Harddisk1\DR1 - ok
10:32:20.0498 2908  ================ Scan VBR ==================================
10:32:20.0498 2908  [ 6A8BA5B7BC3C0AC0F416736D1FBF96B2 ] \Device\Harddisk0\DR0\Partition1
10:32:20.0498 2908  \Device\Harddisk0\DR0\Partition1 - ok
10:32:20.0498 2908  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
10:32:20.0498 2908  \Device\Harddisk1\DR1\Partition1 - ok
10:32:20.0498 2908  [ 6F4068327211B41099109D992399AFFE ] \Device\Harddisk1\DR1\Partition2
10:32:20.0513 2908  \Device\Harddisk1\DR1\Partition2 - ok
10:32:20.0513 2908  ============================================================
10:32:20.0513 2908  Scan finished
10:32:20.0513 2908  ============================================================
10:32:20.0513 3268  Detected object count: 0
10:32:20.0513 3268  Actual detected object count: 0

Edited by Weaver1, 06 June 2013 - 12:39 PM.


#13 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 June 2013 - 12:50 PM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-06 10:40:40
-----------------------------
10:40:40.477    OS Version: Windows 6.0.6002 Service Pack 2
10:40:40.477    Number of processors: 2 586 0xF02
10:40:40.477    ComputerName: HOMEOFFICE-PC  UserName: HomeOffice
10:40:40.742    Initialize success
10:41:53.321    AVAST engine defs: 13060600
10:43:39.042    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:43:39.042    Disk 0 Vendor: SanDisk_SDSSDRC032G 2.0.0 Size: 30533MB BusType: 3
10:43:39.057    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
10:43:39.057    Disk 1 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76292MB BusType: 3
10:43:39.073    Disk 0 MBR read successfully
10:43:39.073    Disk 0 MBR scan
10:43:39.073    Disk 0 Windows VISTA default MBR code
10:43:39.088    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        30531 MB offset 2048
10:43:39.088    Disk 0 scanning sectors +62529536
10:43:39.104    Disk 0 scanning C:\Windows\system32\drivers
10:43:42.661    Service scanning
10:43:52.130    Modules scanning
10:43:53.908    Disk 0 trace - called modules:
10:43:53.924    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS 
10:43:53.924    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x842fd850]
10:43:53.940    3 CLASSPNP.SYS[861a18b3] -> nt!IofCallDriver -> [0x84102c10]
10:43:53.940    5 acpi.sys[806a36bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x840e6230]
10:43:54.096    AVAST engine scan C:\Windows
10:43:54.938    AVAST engine scan C:\Windows\system32
10:45:17.431    AVAST engine scan C:\Windows\system32\drivers
10:45:21.799    AVAST engine scan C:\Users\HomeOffice
10:45:26.463    AVAST engine scan C:\ProgramData
10:45:28.179    Scan finished successfully
10:46:47.037    Disk 0 MBR has been saved successfully to "C:\Users\HomeOffice\Desktop\MBR.dat"
10:46:47.037    The log file has been saved successfully to "C:\Users\HomeOffice\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   542bytes   0 downloads

Edited by Weaver1, 06 June 2013 - 12:51 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:35 AM

Posted 06 June 2013 - 01:11 PM

All good. Any issues with this computer?

#15 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:35 AM

Posted 06 June 2013 - 01:48 PM

Right now no, it seems ok,  just paranoid about putting it back online.. Could you give me a recommendation on a anti virus to keep safe and anything else I should run I love ncleaner or did not sure if thats something you and BC would suggest or may spybot I dont know I have run alot of them but I still seem to get infected.. I have ran several free systems like avast etc but nasty infections seem to get by... 

 

Thanks again for the help.. I dont know how to thank you enough ...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users