Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Trojan/Keylogger?


  • Please log in to reply
13 replies to this topic

#1 Hazmat99

Hazmat99

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 17 July 2013 - 02:02 AM

I've been advised by my bank that our on-line banking logon/password has been compromised, as we have discovered a fraudulent EFT transfer to an unrecognised bank account.  Our User/PWD has therefore been disabled and the bank has requested that we have the cause detected and fixed.  The bank has suggested that the PC has been infected with a key logger that has revealed our bank account and password details.

 

I'm running Windows 7 and have the Avast! free antivirus and Malwarebytes installed.  For several months I've been receiving messages from Avast saying that a threat has been detected, but all of my attempts to remove it have failed.  When I run a scan on Avast!, I get the following report:

 

THREAT DETECTED

 

C:\Windows\System 32\services.exe

 

Threat:  Win32 : Sirefef-ZT[Trj]

 

When I click on the default 'Move to Chest', I get:

 

X Error: The specified file is read only (6009).

 

How can I clean this up?

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 PM

Posted 17 July 2013 - 09:47 AM

Hello,please do these next.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.
>>>>>>>>>>>>>>>>


Because your computer was compromised please read:Filing a Report:

Edited by boopme, 17 July 2013 - 09:49 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 02:08 AM

OK, I've followed all of these steps in turn and here are the results.  I'm getting a message that the post is

 too long, so I'm going to post the 4 l,og files separately

 

1.  MiniToolBox - Result.txt

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Greg (administrator) on 18-07-2013 at 20:36:21
Running from "C:\Users\Greg\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Greg-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : B8-AC-6F-AD-B2-9F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e5e6:333:e061:66aa%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, 18 July 2013 8:23:24 PM
   Lease Expires . . . . . . . . . . : Thursday, 18 July 2013 9:23:25 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 246983791
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-B6-D6-4F-B8-AC-6F-AD-B2-9F
   DNS Servers . . . . . . . . . . . : 61.9.195.193
                                       61.9.194.49
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{5C6D0524-CE89-4AB1-B022-C004CB9C14FE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.237.110] with 32 bytes of data:
Reply from 74.125.237.110: bytes=32 time=9ms TTL=55
Reply from 74.125.237.110: bytes=32 time=16ms TTL=55

Ping statistics for 74.125.237.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 9ms, Maximum = 16ms, Average = 12ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=276ms TTL=46
Reply from 98.139.183.24: bytes=32 time=341ms TTL=46

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 276ms, Maximum = 341ms, Average = 308ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...b8 ac 6f ad b2 9f ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.11     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.0.0    255.255.255.0         On-link      192.168.0.11    266
     192.168.0.11  255.255.255.255         On-link      192.168.0.11    266
    192.168.0.255  255.255.255.255         On-link      192.168.0.11    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.0.11    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.0.11    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 10    266 fe80::/64                On-link
 10    266 fe80::e5e6:333:e061:66aa/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File not found] (Microsoft Corporation)
x64-Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
x64-Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/18/2013 08:24:21 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (07/17/2013 04:11:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xd24
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:49:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1004
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:48:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xbe8
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:47:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1488
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:47:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1568
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:46:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x17f4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 03:45:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x1580
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (07/17/2013 02:12:34 PM) (Source: VmbService) (User: )
Description: conflictManagerTypeValue

Error: (07/17/2013 07:59:06 AM) (Source: VmbService) (User: )
Description: GetLoggedOnUser


System errors:
=============
Error: (07/18/2013 08:24:14 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/18/2013 08:24:12 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/18/2013 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/17/2013 02:12:15 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/17/2013 02:12:10 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/17/2013 02:11:43 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/17/2013 07:42:14 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/17/2013 07:42:05 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (07/17/2013 07:41:39 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/16/2013 07:36:04 PM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (07/18/2013 08:24:21 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (07/17/2013 04:11:04 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cdd2401ce82b469ce48acC:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exeC:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exea8c11722-eea7-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:49:19 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd100401ce82b1610bf84cC:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exeC:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exe9ec6eaad-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:48:46 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cdbe801ce82b14deffec5C:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exeC:\Users\Greg\Downloads\RootkitRevealer\RootkitRevealer.exe8ba7e3e6-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:47:30 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd148801ce82b1208feba2C:\Users\Greg\AppData\Local\Temp\Rar$EXa0.592\RootkitRevealer.exeC:\Users\Greg\AppData\Local\Temp\Rar$EXa0.592\RootkitRevealer.exe5e464a23-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:47:01 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd156801ce82b10f5e5d2bC:\Users\Greg\AppData\Local\Temp\Rar$EXa0.934\RootkitRevealer.exeC:\Users\Greg\AppData\Local\Temp\Rar$EXa0.934\RootkitRevealer.exe4d14bbac-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:46:30 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd17f401ce82b0fc6be4a9C:\Users\Greg\AppData\Local\Temp\Rar$EXa0.327\RootkitRevealer.exeC:\Users\Greg\AppData\Local\Temp\Rar$EXa0.327\RootkitRevealer.exe3a20bc8a-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 03:45:52 PM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd158001ce82b0e169f939C:\Users\Greg\AppData\Local\Temp\Rar$EXa0.784\RootkitRevealer.exeC:\Users\Greg\AppData\Local\Temp\Rar$EXa0.784\RootkitRevealer.exe238b5363-eea4-11e2-8a48-b8ac6fadb29f

Error: (07/17/2013 02:12:34 PM) (Source: VmbService)(User: )
Description: conflictManagerTypeValue

Error: (07/17/2013 07:59:06 AM) (Source: VmbService)(User: )
Description: GetLoggedOnUser


CodeIntegrity Errors:
===================================
  Date: 2012-07-24 18:08:06.018
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-24 18:08:05.956
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 15:01:57.862
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 15:01:57.800
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 10:59:53.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 10:59:53.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 07:09:46.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-21 07:09:46.286
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-19 18:46:03.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-07-19 18:46:03.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Greg\AppData\Local\Temp\stkygdmg.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

1600 (Version: 130.0.365.000)
1600_Help (Version: 82.0.242.000)
1600Trb (Version: 82.0.242.000)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
AIO_CDB_ProductContext (Version: 130.0.365.000)
AIO_CDB_Software (Version: 130.0.365.000)
AIO_Scan (Version: 130.0.421.000)
Any Video Converter 5.0.5
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ASF-AVI-RM-WMV Repair 1.83
AsfTools 2.30 (Version: 2.30)
AsfTools 3.1 (remove only)
Auslogics Disk Defrag (Version: 3.6)
avast! Free Antivirus (Version: 8.0.1489.0)
BigPond Broadband Cable Self Install Kit (Version: 4.0.10)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 130.0.331.000)
Canon PowerShot SX260 HS and SX240 HS Camera User Guide (Version: 1.0.0.9)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.0.1.32)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
CCleaner (Version: 4.03)
Copy (Version: 130.0.428.000)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 2.41)
Dell DataSafe Local Backup (Version: 9.4.45)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Remote Access (Version: 1.3.0.0)
Dell Support Center (Support Software) (Version: 2.5.09100)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 130.0.465.000)
DivX Setup (Version: 2.6.1.44)
DocProc (Version: 13.0.0.0)
Dropbox (Version: 2.0.22)
e-tax 2010 (Version: 1.0.762)
e-tax 2011 (Version: 11.1.704)
e-tax 2012 (Version: 6.0.577)
e-tax 2013 (Version: 0.8.509)
Fax (Version: 130.0.418.000)
FileHippo.com Update Checker
FinePixViewer Resource (Version: 1.2)
FinePixViewer Ver.5.5 (Version: 5.5)
FinePixViewer YTUPL (Version: 1.0)
Free Video Joiner
Freemake Video Downloader (Version: 3.0.0)
GOM Player (Version: 2.1.50.5145)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
iCloud (Version: 2.1.2.8)
iExplorer 3.2.2.5
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2008)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 21 (Version: 6.0.210)
Java™ 6 Update 31 (Version: 6.0.310)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 16.4.3508.0205)
LimeWire 5.5.10 (Version: 5.5.10)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2013 - en-us (Version: 15.0.4517.1005)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network64 (Version: 130.0.572.000)
Network64 (Version: 140.0.221.000)
NVIDIA Drivers (Version: 1.10.56.34)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4517.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4517.1005)
Office 15 Click-to-Run Localization Component (Version: 15.0.4517.1005)
PC Connectivity Solution (Version: 11.4.15.0)
Photo Gallery (Version: 16.4.3508.0205)
Picasa 3 (Version: 3.9)
PowerDVD DX (Version: 8.3.6029)
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
Realtek High Definition Audio Driver (Version: 6.0.1.6043)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Burn (Version: 1.01)
Scan (Version: 140.0.80.000)
Shop for HP Supplies (Version: 13.0)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.6 (Version: 6.6.106)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
SpeedBit Video Downloader (Version: 1151(build_463))
Status (Version: 130.0.469.000)
THX TruStudio PC (Version: 1.0)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.0.6 (Version: 2.0.6)
Vodafone Mobile Broadband Lite (Version: 10.2.100.29897)
WebReg (Version: 130.0.132.017)
Win7codecs (Version: 2.5.5)
Winamp (Version: 5.63 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
WinRAR archiver
WinZip 16.0 (Version: 16.0.9691)
YouTube Downloader 2.5.6

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3895.12 MB
Available physical RAM: 2391.11 MB
Total Pagefile: 7788.43 MB
Available Pagefile: 6011.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.98 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:455.81 GB) (Free:257.99 GB) NTFS
7 Drive i: (Elements) (Fixed) (Total:931.28 GB) (Free:41.95 GB) FAT32
8 Drive j: (Seagate 2TB Keep) (Fixed) (Total:1863.01 GB) (Free:1079.21 GB) NTFS
9 Drive k: (Seagate 3TB Main) (Fixed) (Total:2794.51 GB) (Free:2607.77 GB) NTFS

========================= Users: ========================================

User accounts for \\GREG-PC

Administrator            Greg                     Greg_2                   
Guest                    Vicki                    


**** End of log ****

 



#4 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 02:10 AM

2.  TDSSKiller Log

 

20:45:20.0660 5376  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
20:45:21.0752 5376  ============================================================
20:45:21.0752 5376  Current date / time: 2013/07/18 20:45:21.0752
20:45:21.0752 5376  SystemInfo:
20:45:21.0752 5376  
20:45:21.0752 5376  OS Version: 6.1.7601 ServicePack: 1.0
20:45:21.0752 5376  Product type: Workstation
20:45:21.0752 5376  ComputerName: GREG-PC
20:45:21.0752 5376  UserName: Greg
20:45:21.0752 5376  Windows directory: C:\Windows
20:45:21.0752 5376  System windows directory: C:\Windows
20:45:21.0752 5376  Running under WOW64
20:45:21.0752 5376  Processor architecture: Intel x64
20:45:21.0752 5376  Number of processors: 4
20:45:21.0752 5376  Page size: 0x1000
20:45:21.0752 5376  Boot type: Normal boot
20:45:21.0752 5376  ============================================================
20:45:22.0563 5376  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:22.0563 5376  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0579 5376  Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0594 5376  Drive \Device\Harddisk7\DR7 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0610 5376  ============================================================
20:45:22.0610 5376  \Device\Harddisk0\DR0:
20:45:22.0610 5376  MBR partitions:
20:45:22.0610 5376  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x13C3000
20:45:22.0610 5376  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13E6800, BlocksNum 0x38F9F000
20:45:22.0610 5376  \Device\Harddisk1\DR1:
20:45:22.0610 5376  MBR partitions:
20:45:22.0610 5376  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
20:45:22.0610 5376  \Device\Harddisk2\DR2:
20:45:22.0844 5376  MBR partitions:
20:45:22.0844 5376  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
20:45:22.0844 5376  \Device\Harddisk7\DR7:
20:45:22.0860 5376  MBR partitions:
20:45:22.0860 5376  \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
20:45:22.0860 5376  ============================================================
20:45:22.0891 5376  C: <-> \Device\Harddisk0\DR0\Partition2
20:45:22.0891 5376  I: <-> \Device\Harddisk1\DR1\Partition1
20:45:23.0031 5376  J: <-> \Device\Harddisk7\DR7\Partition1
20:45:23.0047 5376  K: <-> \Device\Harddisk2\DR2\Partition1
20:45:23.0047 5376  ============================================================
20:45:23.0047 5376  Initialize success
20:45:23.0047 5376  ============================================================
20:46:18.0271 5204  ============================================================
20:46:18.0271 5204  Scan started
20:46:18.0271 5204  Mode: Manual; TDLFS;
20:46:18.0271 5204  ============================================================
20:46:20.0065 5204  ================ Scan system memory ========================
20:46:20.0065 5204  System memory - ok
20:46:20.0065 5204  ================ Scan services =============================
20:46:20.0190 5204  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:46:20.0190 5204  1394ohci - ok
20:46:20.0236 5204  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:46:20.0236 5204  ACPI - ok
20:46:20.0268 5204  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:46:20.0268 5204  AcpiPmi - ok
20:46:20.0361 5204  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:20.0361 5204  AdobeARMservice - ok
20:46:20.0486 5204  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:20.0486 5204  AdobeFlashPlayerUpdateSvc - ok
20:46:20.0517 5204  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:20.0517 5204  adp94xx - ok
20:46:20.0533 5204  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:46:20.0548 5204  adpahci - ok
20:46:20.0564 5204  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:46:20.0564 5204  adpu320 - ok
20:46:20.0580 5204  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:46:20.0580 5204  AeLookupSvc - ok
20:46:20.0626 5204  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:46:20.0626 5204  AFD - ok
20:46:20.0658 5204  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:46:20.0658 5204  agp440 - ok
20:46:20.0673 5204  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:46:20.0689 5204  ALG - ok
20:46:20.0704 5204  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:46:20.0704 5204  aliide - ok
20:46:20.0704 5204  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:46:20.0704 5204  amdide - ok
20:46:20.0720 5204  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:46:20.0720 5204  AmdK8 - ok
20:46:20.0736 5204  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:46:20.0736 5204  AmdPPM - ok
20:46:20.0782 5204  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:46:20.0782 5204  amdsata - ok
20:46:20.0798 5204  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:20.0798 5204  amdsbs - ok
20:46:20.0814 5204  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:46:20.0814 5204  amdxata - ok
20:46:20.0845 5204  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:46:20.0845 5204  AppID - ok
20:46:20.0860 5204  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:46:20.0860 5204  AppIDSvc - ok
20:46:20.0892 5204  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:46:20.0892 5204  Appinfo - ok
20:46:21.0001 5204  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:21.0001 5204  Apple Mobile Device - ok
20:46:21.0032 5204  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:46:21.0032 5204  arc - ok
20:46:21.0048 5204  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:46:21.0048 5204  arcsas - ok
20:46:21.0157 5204  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:21.0172 5204  aspnet_state - ok
20:46:21.0235 5204  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
20:46:21.0235 5204  aswFsBlk - ok
20:46:21.0282 5204  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:46:21.0282 5204  aswMonFlt - ok
20:46:21.0313 5204  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
20:46:21.0313 5204  aswRdr - ok
20:46:21.0328 5204  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:46:21.0328 5204  aswRvrt - ok
20:46:21.0391 5204  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:46:21.0391 5204  aswSnx - ok
20:46:21.0406 5204  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:46:21.0422 5204  aswSP - ok
20:46:21.0438 5204  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:46:21.0438 5204  aswTdi - ok
20:46:21.0469 5204  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:46:21.0469 5204  aswVmm - ok
20:46:21.0484 5204  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:21.0484 5204  AsyncMac - ok
20:46:21.0531 5204  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:46:21.0531 5204  atapi - ok
20:46:21.0578 5204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:21.0578 5204  AudioEndpointBuilder - ok
20:46:21.0609 5204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:46:21.0609 5204  AudioSrv - ok
20:46:21.0703 5204  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:46:21.0703 5204  avast! Antivirus - ok
20:46:21.0750 5204  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:46:21.0750 5204  AxInstSV - ok
20:46:21.0781 5204  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:21.0796 5204  b06bdrv - ok
20:46:21.0828 5204  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:21.0828 5204  b57nd60a - ok
20:46:21.0859 5204  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:46:21.0859 5204  BDESVC - ok
20:46:21.0874 5204  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:46:21.0874 5204  Beep - ok
20:46:21.0890 5204  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:21.0890 5204  blbdrive - ok
20:46:21.0952 5204  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:46:21.0952 5204  Bonjour Service - ok
20:46:21.0999 5204  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:46:21.0999 5204  bowser - ok
20:46:21.0999 5204  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:21.0999 5204  BrFiltLo - ok
20:46:22.0015 5204  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:22.0015 5204  BrFiltUp - ok
20:46:22.0062 5204  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:46:22.0062 5204  Browser - ok
20:46:22.0077 5204  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:46:22.0077 5204  Brserid - ok
20:46:22.0093 5204  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:22.0093 5204  BrSerWdm - ok
20:46:22.0108 5204  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:22.0108 5204  BrUsbMdm - ok
20:46:22.0124 5204  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:22.0124 5204  BrUsbSer - ok
20:46:22.0140 5204  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:22.0140 5204  BTHMODEM - ok
20:46:22.0155 5204  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:46:22.0155 5204  bthserv - ok
20:46:22.0218 5204  [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3           C:\Windows\system32\DRIVERS\cbfs3.sys
20:46:22.0218 5204  cbfs3 - ok
20:46:22.0218 5204  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:46:22.0233 5204  cdfs - ok
20:46:22.0264 5204  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:46:22.0264 5204  cdrom - ok
20:46:22.0311 5204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:46:22.0311 5204  CertPropSvc - ok
20:46:22.0327 5204  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:46:22.0327 5204  circlass - ok
20:46:22.0358 5204  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:46:22.0358 5204  CLFS - ok
20:46:22.0405 5204  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:22.0405 5204  clr_optimization_v2.0.50727_32 - ok
20:46:22.0436 5204  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:22.0436 5204  clr_optimization_v2.0.50727_64 - ok
20:46:22.0514 5204  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:22.0561 5204  clr_optimization_v4.0.30319_32 - ok
20:46:22.0576 5204  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:22.0592 5204  clr_optimization_v4.0.30319_64 - ok
20:46:22.0608 5204  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:22.0608 5204  CmBatt - ok
20:46:22.0654 5204  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:46:22.0654 5204  cmdide - ok
20:46:22.0701 5204  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:46:22.0701 5204  CNG - ok
20:46:22.0717 5204  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:46:22.0717 5204  Compbatt - ok
20:46:22.0748 5204  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:46:22.0764 5204  CompositeBus - ok
20:46:22.0764 5204  COMSysApp - ok
20:46:22.0764 5204  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:22.0764 5204  crcdisk - ok
20:46:22.0810 5204  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:46:22.0810 5204  CryptSvc - ok
20:46:22.0842 5204  [ 1CA90212A99DB6975C344826D11055C9 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:46:22.0842 5204  dc3d - ok
20:46:22.0904 5204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:46:22.0904 5204  DcomLaunch - ok
20:46:22.0935 5204  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:46:22.0935 5204  defragsvc - ok
20:46:22.0966 5204  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:46:22.0966 5204  DfsC - ok
20:46:23.0029 5204  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:46:23.0029 5204  Dhcp - ok
20:46:23.0044 5204  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:46:23.0044 5204  discache - ok
20:46:23.0122 5204  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:46:23.0122 5204  Disk - ok
20:46:23.0169 5204  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:46:23.0185 5204  Dnscache - ok
20:46:23.0232 5204  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:46:23.0232 5204  DockLoginService - ok
20:46:23.0263 5204  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:46:23.0263 5204  dot3svc - ok
20:46:23.0325 5204  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:46:23.0325 5204  Dot4 - ok
20:46:23.0372 5204  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
20:46:23.0372 5204  Dot4Print - ok
20:46:23.0419 5204  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:46:23.0419 5204  dot4usb - ok
20:46:23.0466 5204  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:46:23.0466 5204  DPS - ok
20:46:23.0481 5204  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:46:23.0481 5204  drmkaud - ok
20:46:23.0528 5204  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:46:23.0544 5204  DXGKrnl - ok
20:46:23.0559 5204  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:46:23.0559 5204  EapHost - ok
20:46:23.0622 5204  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:46:23.0684 5204  ebdrv - ok
20:46:23.0731 5204  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:46:23.0731 5204  EFS - ok
20:46:23.0762 5204  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:46:23.0778 5204  ehRecvr - ok
20:46:23.0793 5204  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:46:23.0793 5204  ehSched - ok
20:46:23.0824 5204  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:46:23.0840 5204  elxstor - ok
20:46:23.0871 5204  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:46:23.0871 5204  ErrDev - ok
20:46:23.0902 5204  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:46:23.0902 5204  EventSystem - ok
20:46:23.0949 5204  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:46:23.0949 5204  ew_hwusbdev - ok
20:46:24.0012 5204  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
20:46:24.0012 5204  ew_usbenumfilter - ok
20:46:24.0027 5204  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:46:24.0027 5204  exfat - ok
20:46:24.0043 5204  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:46:24.0043 5204  fastfat - ok
20:46:24.0074 5204  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:46:24.0090 5204  Fax - ok
20:46:24.0105 5204  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:46:24.0105 5204  fdc - ok
20:46:24.0121 5204  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:46:24.0121 5204  fdPHost - ok
20:46:24.0121 5204  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:46:24.0121 5204  FDResPub - ok
20:46:24.0136 5204  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:46:24.0136 5204  FileInfo - ok
20:46:24.0152 5204  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:46:24.0152 5204  Filetrace - ok
20:46:24.0183 5204  [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:46:24.0199 5204  FLEXnet Licensing Service - ok
20:46:24.0214 5204  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:24.0214 5204  flpydisk - ok
20:46:24.0261 5204  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:46:24.0261 5204  FltMgr - ok
20:46:24.0308 5204  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:46:24.0324 5204  FontCache - ok
20:46:24.0370 5204  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:24.0370 5204  FontCache3.0.0.0 - ok
20:46:24.0464 5204  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
20:46:24.0464 5204  FreemakeVideoCapture - ok
20:46:24.0480 5204  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:46:24.0480 5204  FsDepends - ok
20:46:24.0526 5204  [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:46:24.0526 5204  fssfltr - ok
20:46:24.0651 5204  [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:46:24.0667 5204  fsssvc - ok
20:46:24.0714 5204  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:46:24.0714 5204  Fs_Rec - ok
20:46:24.0760 5204  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:46:24.0760 5204  fvevol - ok
20:46:24.0776 5204  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:24.0776 5204  gagp30kx - ok
20:46:24.0807 5204  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:24.0807 5204  GEARAspiWDM - ok
20:46:24.0838 5204  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:46:24.0838 5204  GoToAssist - ok
20:46:24.0901 5204  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:46:24.0901 5204  gpsvc - ok
20:46:24.0979 5204  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:46:24.0979 5204  gusvc - ok
20:46:24.0994 5204  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:46:24.0994 5204  hcw85cir - ok
20:46:25.0041 5204  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:25.0041 5204  HdAudAddService - ok
20:46:25.0057 5204  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:46:25.0057 5204  HDAudBus - ok
20:46:25.0088 5204  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:25.0088 5204  HECIx64 - ok
20:46:25.0088 5204  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:25.0088 5204  HidBatt - ok
20:46:25.0104 5204  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:46:25.0104 5204  HidBth - ok
20:46:25.0119 5204  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:46:25.0119 5204  HidIr - ok
20:46:25.0150 5204  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:46:25.0150 5204  hidserv - ok
20:46:25.0182 5204  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:46:25.0182 5204  HidUsb - ok
20:46:25.0213 5204  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:46:25.0213 5204  hkmsvc - ok
20:46:25.0260 5204  [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc          c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
20:46:25.0260 5204  hnmsvc - ok
20:46:25.0306 5204  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:25.0306 5204  HomeGroupListener - ok
20:46:25.0353 5204  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:25.0353 5204  HomeGroupProvider - ok
20:46:25.0462 5204  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:46:25.0478 5204  hpqcxs08 - ok
20:46:25.0478 5204  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:46:25.0494 5204  hpqddsvc - ok
20:46:25.0509 5204  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:46:25.0509 5204  HpSAMD - ok
20:46:25.0556 5204  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:46:25.0572 5204  HPSLPSVC - ok
20:46:25.0619 5204  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:46:25.0619 5204  HTTP - ok
20:46:25.0666 5204  [ 4D6C4B6FC9A8B069DB208B5E8117725B ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
20:46:25.0666 5204  huawei_cdcacm - ok
20:46:25.0729 5204  [ 2342E7FECCA0D4E31BEA5FF6A4E20885 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:46:25.0729 5204  huawei_enumerator - ok
20:46:25.0775 5204  [ 20B88224F9A4B202D00FA00C9ED28E7F ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
20:46:25.0775 5204  huawei_ext_ctrl - ok
20:46:25.0807 5204  [ 519B7EA852C713E515C84A1A25006482 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
20:46:25.0807 5204  huawei_wwanecm - ok
20:46:25.0853 5204  [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:46:25.0869 5204  hwdatacard - ok
20:46:25.0900 5204  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:46:25.0900 5204  hwpolicy - ok
20:46:25.0947 5204  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:46:25.0947 5204  i8042prt - ok
20:46:25.0963 5204  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:46:25.0978 5204  iaStorV - ok
20:46:26.0025 5204  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:26.0041 5204  idsvc - ok
20:46:26.0212 5204  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:46:26.0353 5204  igfx - ok
20:46:26.0415 5204  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:46:26.0415 5204  iirsp - ok
20:46:26.0477 5204  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:46:26.0477 5204  IKEEXT - ok
20:46:26.0540 5204  [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:46:26.0571 5204  IntcAzAudAddService - ok
20:46:26.0618 5204  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:46:26.0618 5204  intelide - ok
20:46:26.0633 5204  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:46:26.0633 5204  intelppm - ok
20:46:26.0649 5204  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:46:26.0649 5204  IPBusEnum - ok
20:46:26.0696 5204  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:26.0696 5204  IpFilterDriver - ok
20:46:26.0727 5204  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:46:26.0727 5204  IPMIDRV - ok
20:46:26.0758 5204  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:46:26.0758 5204  IPNAT - ok
20:46:26.0821 5204  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:46:26.0821 5204  iPod Service - ok
20:46:26.0836 5204  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:46:26.0836 5204  IRENUM - ok
20:46:26.0867 5204  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:46:26.0867 5204  isapnp - ok
20:46:26.0914 5204  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:46:26.0914 5204  iScsiPrt - ok
20:46:26.0945 5204  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:46:26.0945 5204  k57nd60a - ok
20:46:26.0945 5204  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:26.0945 5204  kbdclass - ok
20:46:26.0992 5204  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:26.0992 5204  kbdhid - ok
20:46:27.0008 5204  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:46:27.0008 5204  KeyIso - ok
20:46:27.0055 5204  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:46:27.0055 5204  KSecDD - ok
20:46:27.0101 5204  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:46:27.0101 5204  KSecPkg - ok
20:46:27.0101 5204  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:46:27.0101 5204  ksthunk - ok
20:46:27.0117 5204  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:46:27.0117 5204  KtmRm - ok
20:46:27.0164 5204  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:46:27.0164 5204  LanmanServer - ok
20:46:27.0211 5204  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:27.0211 5204  LanmanWorkstation - ok
20:46:27.0226 5204  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:46:27.0226 5204  lltdio - ok
20:46:27.0257 5204  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:46:27.0257 5204  lltdsvc - ok
20:46:27.0273 5204  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:46:27.0273 5204  lmhosts - ok
20:46:27.0304 5204  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:27.0304 5204  LSI_FC - ok
20:46:27.0320 5204  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:27.0320 5204  LSI_SAS - ok
20:46:27.0335 5204  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:27.0335 5204  LSI_SAS2 - ok
20:46:27.0351 5204  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:27.0367 5204  LSI_SCSI - ok
20:46:27.0382 5204  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:46:27.0382 5204  luafv - ok
20:46:27.0429 5204  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:46:27.0429 5204  MBAMProtector - ok
20:46:27.0491 5204  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:46:27.0491 5204  MBAMScheduler - ok
20:46:27.0538 5204  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:27.0554 5204  MBAMService - ok
20:46:27.0585 5204  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:46:27.0585 5204  Mcx2Svc - ok
20:46:27.0616 5204  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:46:27.0616 5204  megasas - ok
20:46:27.0632 5204  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:27.0632 5204  MegaSR - ok
20:46:27.0663 5204  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:46:27.0663 5204  MMCSS - ok
20:46:27.0663 5204  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:46:27.0663 5204  Modem - ok
20:46:27.0694 5204  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:46:27.0694 5204  monitor - ok
20:46:27.0710 5204  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:46:27.0710 5204  mouclass - ok
20:46:27.0741 5204  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:46:27.0741 5204  mouhid - ok
20:46:27.0772 5204  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:46:27.0772 5204  mountmgr - ok
20:46:27.0835 5204  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:27.0835 5204  MozillaMaintenance - ok
20:46:27.0850 5204  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:46:27.0850 5204  mpio - ok
20:46:27.0866 5204  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:46:27.0866 5204  mpsdrv - ok
20:46:27.0913 5204  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:46:27.0913 5204  MRxDAV - ok
20:46:27.0944 5204  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:27.0944 5204  mrxsmb - ok
20:46:27.0991 5204  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:27.0991 5204  mrxsmb10 - ok
20:46:27.0991 5204  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:28.0006 5204  mrxsmb20 - ok
20:46:28.0037 5204  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:46:28.0053 5204  msahci - ok
20:46:28.0084 5204  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:46:28.0084 5204  msdsm - ok
20:46:28.0100 5204  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:46:28.0100 5204  MSDTC - ok
20:46:28.0131 5204  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:46:28.0131 5204  Msfs - ok
20:46:28.0147 5204  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:46:28.0147 5204  mshidkmdf - ok
20:46:28.0147 5204  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:46:28.0162 5204  msisadrv - ok
20:46:28.0193 5204  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:46:28.0193 5204  MSiSCSI - ok
20:46:28.0209 5204  msiserver - ok
20:46:28.0225 5204  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:46:28.0225 5204  MSKSSRV - ok
20:46:28.0240 5204  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:28.0240 5204  MSPCLOCK - ok
20:46:28.0271 5204  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:46:28.0271 5204  MSPQM - ok
20:46:28.0318 5204  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:46:28.0318 5204  MsRPC - ok
20:46:28.0365 5204  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:46:28.0365 5204  mssmbios - ok
20:46:28.0365 5204  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:46:28.0365 5204  MSTEE - ok
20:46:28.0381 5204  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:28.0381 5204  MTConfig - ok
20:46:28.0396 5204  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:46:28.0396 5204  Mup - ok
20:46:28.0459 5204  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:46:28.0459 5204  napagent - ok
20:46:28.0490 5204  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:46:28.0490 5204  NativeWifiP - ok
20:46:28.0552 5204  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:46:28.0568 5204  NDIS - ok
20:46:28.0583 5204  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:28.0583 5204  NdisCap - ok
20:46:28.0599 5204  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:28.0599 5204  NdisTapi - ok
20:46:28.0661 5204  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:28.0661 5204  Ndisuio - ok
20:46:28.0693 5204  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:28.0693 5204  NdisWan - ok
20:46:28.0724 5204  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:46:28.0739 5204  NDProxy - ok
20:46:28.0771 5204  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:46:28.0771 5204  Net Driver HPZ12 - ok
20:46:28.0786 5204  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:46:28.0786 5204  NetBIOS - ok
20:46:28.0833 5204  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:46:28.0833 5204  NetBT - ok
20:46:28.0849 5204  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:46:28.0849 5204  Netlogon - ok
20:46:28.0864 5204  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:46:28.0880 5204  Netman - ok
20:46:28.0911 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0942 5204  NetMsmqActivator - ok
20:46:28.0942 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0942 5204  NetPipeActivator - ok
20:46:28.0973 5204  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:46:28.0973 5204  netprofm - ok
20:46:28.0973 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0973 5204  NetTcpActivator - ok
20:46:28.0989 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0989 5204  NetTcpPortSharing - ok
20:46:29.0005 5204  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:29.0005 5204  nfrd960 - ok
20:46:29.0036 5204  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:46:29.0051 5204  NlaSvc - ok
20:46:29.0114 5204  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
20:46:29.0114 5204  npf - ok
20:46:29.0129 5204  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:46:29.0129 5204  Npfs - ok
20:46:29.0129 5204  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:46:29.0129 5204  nsi - ok
20:46:29.0145 5204  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:46:29.0145 5204  nsiproxy - ok
20:46:29.0192 5204  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:46:29.0223 5204  Ntfs - ok
20:46:29.0270 5204  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
20:46:29.0270 5204  NuidFltr - ok
20:46:29.0285 5204  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:46:29.0285 5204  Null - ok
20:46:29.0317 5204  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:46:29.0317 5204  NVHDA - ok
20:46:29.0504 5204  [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:46:29.0660 5204  nvlddmkm - ok
20:46:29.0707 5204  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:46:29.0707 5204  nvraid - ok
20:46:29.0722 5204  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:46:29.0722 5204  nvstor - ok
20:46:29.0753 5204  [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:46:29.0753 5204  nvsvc - ok
20:46:29.0800 5204  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:46:29.0800 5204  nv_agp - ok
20:46:29.0956 5204  [ CE8AD6748DBA78A9D3CBB7094176D6C8 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
20:46:29.0956 5204  OfficeSvc - ok
20:46:29.0987 5204  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:46:30.0003 5204  ohci1394 - ok
20:46:30.0050 5204  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:30.0065 5204  ose - ok
20:46:30.0190 5204  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:30.0253 5204  osppsvc - ok
20:46:30.0299 5204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:46:30.0299 5204  p2pimsvc - ok
20:46:30.0315 5204  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:46:30.0331 5204  p2psvc - ok
20:46:30.0346 5204  [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet          C:\Windows\system32\DRIVERS\packet.sys
20:46:30.0346 5204  Packet - ok
20:46:30.0362 5204  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:46:30.0362 5204  Parport - ok
20:46:30.0393 5204  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:46:30.0409 5204  partmgr - ok
20:46:30.0409 5204  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:46:30.0409 5204  PcaSvc - ok
20:46:30.0455 5204  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:46:30.0455 5204  pccsmcfd - ok
20:46:30.0502 5204  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:46:30.0502 5204  pci - ok
20:46:30.0518 5204  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:46:30.0518 5204  pciide - ok
20:46:30.0533 5204  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:30.0533 5204  pcmcia - ok
20:46:30.0549 5204  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:46:30.0549 5204  pcw - ok
20:46:30.0565 5204  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:46:30.0565 5204  PEAUTH - ok
20:46:30.0611 5204  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:46:30.0611 5204  PerfHost - ok
20:46:30.0674 5204  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:46:30.0705 5204  pla - ok
20:46:30.0752 5204  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:46:30.0752 5204  PlugPlay - ok
20:46:30.0783 5204  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:46:30.0783 5204  Pml Driver HPZ12 - ok
20:46:30.0799 5204  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:46:30.0799 5204  PNRPAutoReg - ok
20:46:30.0814 5204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:46:30.0814 5204  PNRPsvc - ok
20:46:30.0861 5204  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
20:46:30.0861 5204  Point64 - ok
20:46:30.0892 5204  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:46:30.0892 5204  PolicyAgent - ok
20:46:30.0923 5204  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:46:30.0923 5204  Power - ok
20:46:30.0986 5204  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:46:30.0986 5204  PptpMiniport - ok
20:46:31.0001 5204  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:46:31.0001 5204  Processor - ok
20:46:31.0048 5204  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:46:31.0048 5204  ProfSvc - ok
20:46:31.0048 5204  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:46:31.0048 5204  ProtectedStorage - ok
20:46:31.0095 5204  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:46:31.0095 5204  Psched - ok
20:46:31.0126 5204  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:46:31.0126 5204  PxHlpa64 - ok
20:46:31.0173 5204  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:46:31.0189 5204  ql2300 - ok
20:46:31.0189 5204  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:31.0204 5204  ql40xx - ok
20:46:31.0220 5204  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:46:31.0220 5204  QWAVE - ok
20:46:31.0235 5204  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:46:31.0235 5204  QWAVEdrv - ok
20:46:31.0251 5204  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:46:31.0251 5204  RasAcd - ok
20:46:31.0282 5204  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:31.0282 5204  RasAgileVpn - ok
20:46:31.0282 5204  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:46:31.0282 5204  RasAuto - ok
20:46:31.0329 5204  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:31.0329 5204  Rasl2tp - ok
20:46:31.0376 5204  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:46:31.0376 5204  RasMan - ok
20:46:31.0391 5204  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:31.0391 5204  RasPppoe - ok
20:46:31.0407 5204  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:46:31.0407 5204  RasSstp - ok
20:46:31.0454 5204  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:46:31.0454 5204  rdbss - ok
20:46:31.0454 5204  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:31.0454 5204  rdpbus - ok
20:46:31.0469 5204  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:31.0469 5204  RDPCDD - ok
20:46:31.0501 5204  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:46:31.0501 5204  RDPENCDD - ok
20:46:31.0501 5204  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:46:31.0501 5204  RDPREFMP - ok
20:46:31.0532 5204  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:46:31.0547 5204  RDPWD - ok
20:46:31.0579 5204  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:46:31.0579 5204  rdyboost - ok
20:46:31.0672 5204  [ B2D01290C0E0465ACA54C2088E947823 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:46:31.0672 5204  RealNetworks Downloader Resolver Service - ok
20:46:31.0703 5204  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:46:31.0703 5204  RemoteAccess - ok
20:46:31.0719 5204  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:46:31.0735 5204  RemoteRegistry - ok
20:46:31.0735 5204  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:46:31.0750 5204  RpcEptMapper - ok
20:46:31.0750 5204  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:46:31.0750 5204  RpcLocator - ok
20:46:31.0797 5204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:46:31.0813 5204  RpcSs - ok
20:46:31.0813 5204  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:46:31.0813 5204  rspndr - ok
20:46:31.0844 5204  [ A48B769DEC76629BD1A021D33C257B17 ] RTL8187         C:\Windows\system32\DRIVERS\wg111v2.sys
20:46:31.0859 5204  RTL8187 - ok
20:46:31.0875 5204  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:46:31.0875 5204  SamSs - ok
20:46:31.0906 5204  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:46:31.0906 5204  sbp2port - ok
20:46:31.0922 5204  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:46:31.0922 5204  SCardSvr - ok
20:46:31.0953 5204  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:46:31.0969 5204  scfilter - ok
20:46:32.0015 5204  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:46:32.0031 5204  Schedule - ok
20:46:32.0062 5204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:46:32.0062 5204  SCPolicySvc - ok
20:46:32.0093 5204  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:46:32.0093 5204  SDRSVC - ok
20:46:32.0109 5204  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:46:32.0125 5204  secdrv - ok
20:46:32.0156 5204  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:46:32.0156 5204  seclogon - ok
20:46:32.0171 5204  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:46:32.0171 5204  SENS - ok
20:46:32.0171 5204  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:46:32.0171 5204  SensrSvc - ok
20:46:32.0187 5204  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:46:32.0187 5204  Serenum - ok
20:46:32.0203 5204  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:46:32.0203 5204  Serial - ok
20:46:32.0249 5204  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:46:32.0249 5204  sermouse - ok
20:46:32.0327 5204  [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:46:32.0343 5204  ServiceLayer - ok
20:46:32.0374 5204  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:46:32.0374 5204  SessionEnv - ok
20:46:32.0421 5204  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:46:32.0421 5204  sffdisk - ok
20:46:32.0437 5204  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:46:32.0437 5204  sffp_mmc - ok
20:46:32.0452 5204  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:46:32.0452 5204  sffp_sd - ok
20:46:32.0452 5204  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:32.0468 5204  sfloppy - ok
20:46:32.0499 5204  [ E1974A92AC0914A3859359A0A8C82C68 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:46:32.0499 5204  SftService - ok
20:46:32.0546 5204  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:46:32.0546 5204  ShellHWDetection - ok
20:46:32.0561 5204  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:32.0561 5204  SiSRaid2 - ok
20:46:32.0577 5204  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:32.0577 5204  SiSRaid4 - ok
20:46:32.0717 5204  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:32.0733 5204  Skype C2C Service - ok
20:46:32.0811 5204  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:32.0811 5204  SkypeUpdate - ok
20:46:32.0827 5204  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:46:32.0827 5204  Smb - ok
20:46:32.0858 5204  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:46:32.0858 5204  SNMPTRAP - ok
20:46:32.0873 5204  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:46:32.0873 5204  spldr - ok
20:46:32.0905 5204  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:46:32.0920 5204  Spooler - ok
20:46:32.0983 5204  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:46:33.0029 5204  sppsvc - ok
20:46:33.0045 5204  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:46:33.0045 5204  sppuinotify - ok
20:46:33.0092 5204  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
20:46:33.0092 5204  sprtsvc_DellSupportCenter - ok
20:46:33.0139 5204  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:46:33.0139 5204  srv - ok
20:46:33.0154 5204  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:46:33.0154 5204  srv2 - ok
20:46:33.0170 5204  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:46:33.0170 5204  srvnet - ok
20:46:33.0185 5204  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:46:33.0185 5204  SSDPSRV - ok
20:46:33.0201 5204  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:46:33.0201 5204  SstpSvc - ok
20:46:33.0217 5204  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:46:33.0217 5204  stexstor - ok
20:46:33.0263 5204  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:46:33.0263 5204  stisvc - ok
20:46:33.0295 5204  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:46:33.0295 5204  swenum - ok
20:46:33.0326 5204  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:46:33.0326 5204  swprv - ok
20:46:33.0388 5204  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:46:33.0404 5204  SysMain - ok
20:46:33.0451 5204  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:46:33.0451 5204  TabletInputService - ok
20:46:33.0482 5204  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:46:33.0497 5204  TapiSrv - ok
20:46:33.0497 5204  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:46:33.0497 5204  TBS - ok
20:46:33.0560 5204  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:46:33.0591 5204  Tcpip - ok
20:46:33.0638 5204  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:46:33.0638 5204  TCPIP6 - ok
20:46:33.0700 5204  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:46:33.0700 5204  tcpipreg - ok
20:46:33.0700 5204  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:46:33.0716 5204  TDPIPE - ok
20:46:33.0747 5204  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:46:33.0747 5204  TDTCP - ok
20:46:33.0778 5204  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:46:33.0778 5204  tdx - ok
20:46:33.0794 5204  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:46:33.0794 5204  TermDD - ok
20:46:33.0841 5204  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:46:33.0841 5204  TermService - ok
20:46:33.0872 5204  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:46:33.0872 5204  Themes - ok
20:46:33.0887 5204  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:46:33.0887 5204  THREADORDER - ok
20:46:33.0903 5204  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:46:33.0919 5204  TrkWks - ok
20:46:33.0965 5204  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:46:33.0965 5204  TrustedInstaller - ok
20:46:34.0012 5204  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:34.0012 5204  tssecsrv - ok
20:46:34.0059 5204  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:46:34.0059 5204  TsUsbFlt - ok
20:46:34.0106 5204  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:46:34.0168 5204  tunnel - ok
20:46:34.0184 5204  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:46:34.0184 5204  uagp35 - ok
20:46:34.0231 5204  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:46:34.0231 5204  udfs - ok
20:46:34.0246 5204  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:46:34.0246 5204  UI0Detect - ok
20:46:34.0262 5204  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:46:34.0262 5204  uliagpkx - ok
20:46:34.0309 5204  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:46:34.0309 5204  umbus - ok
20:46:34.0324 5204  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:46:34.0324 5204  UmPass - ok
20:46:34.0340 5204  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:46:34.0340 5204  upnphost - ok
20:46:34.0402 5204  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:46:34.0402 5204  USBAAPL64 - ok
20:46:34.0418 5204  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:34.0418 5204  usbccgp - ok
20:46:34.0449 5204  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:46:34.0449 5204  usbcir - ok
20:46:34.0496 5204  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:46:34.0496 5204  usbehci - ok
20:46:34.0511 5204  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:46:34.0511 5204  usbhub - ok
20:46:34.0527 5204  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:46:34.0527 5204  usbohci - ok
20:46:34.0543 5204  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:46:34.0543 5204  usbprint - ok
20:46:34.0589 5204  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:46:34.0589 5204  usbscan - ok
20:46:34.0636 5204  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:46:34.0636 5204  usbser - ok
20:46:34.0667 5204  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:34.0667 5204  USBSTOR - ok
20:46:34.0683 5204  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:46:34.0683 5204  usbuhci - ok
20:46:34.0699 5204  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:46:34.0699 5204  UxSms - ok
20:46:34.0699 5204  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:46:34.0699 5204  VaultSvc - ok
20:46:34.0714 5204  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:46:34.0714 5204  vdrvroot - ok
20:46:34.0777 5204  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:46:34.0777 5204  vds - ok
20:46:34.0792 5204  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:34.0792 5204  vga - ok
20:46:34.0808 5204  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:46:34.0808 5204  VgaSave - ok
20:46:34.0823 5204  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:46:34.0823 5204  vhdmp - ok
20:46:34.0855 5204  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:46:34.0855 5204  viaide - ok
20:46:34.0948 5204  [ DC36D45B132BA7C9DE62E57DD8F586CC ] VmbService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
20:46:34.0948 5204  VmbService - ok
20:46:34.0964 5204  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:46:34.0964 5204  volmgr - ok
20:46:34.0995 5204  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:46:35.0011 5204  volmgrx - ok
20:46:35.0011 5204  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:46:35.0011 5204  volsnap - ok
20:46:35.0042 5204  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:35.0042 5204  vsmraid - ok
20:46:35.0089 5204  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:46:35.0120 5204  VSS - ok
20:46:35.0135 5204  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:46:35.0135 5204  vwifibus - ok
20:46:35.0167 5204  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:46:35.0167 5204  W32Time - ok
20:46:35.0182 5204  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:46:35.0182 5204  WacomPen - ok
20:46:35.0213 5204  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:46:35.0213 5204  WANARP - ok
20:46:35.0229 5204  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:46:35.0229 5204  Wanarpv6 - ok
20:46:35.0291 5204  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:46:35.0307 5204  WatAdminSvc - ok
20:46:35.0354 5204  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:46:35.0369 5204  wbengine - ok
20:46:35.0385 5204  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:46:35.0385 5204  WbioSrvc - ok
20:46:35.0432 5204  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:46:35.0447 5204  wcncsvc - ok
20:46:35.0447 5204  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:46:35.0463 5204  WcsPlugInService - ok
20:46:35.0463 5204  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:46:35.0463 5204  Wd - ok
20:46:35.0479 5204  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:46:35.0494 5204  Wdf01000 - ok
20:46:35.0494 5204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:46:35.0510 5204  WdiServiceHost - ok
20:46:35.0510 5204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:46:35.0510 5204  WdiSystemHost - ok
20:46:35.0541 5204  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:46:35.0541 5204  WebClient - ok
20:46:35.0557 5204  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:46:35.0557 5204  Wecsvc - ok
20:46:35.0572 5204  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:46:35.0572 5204  wercplsupport - ok
20:46:35.0588 5204  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:46:35.0603 5204  WerSvc - ok
20:46:35.0619 5204  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:35.0619 5204  WfpLwf - ok
20:46:35.0635 5204  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:46:35.0650 5204  WimFltr - ok
20:46:35.0650 5204  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:46:35.0650 5204  WIMMount - ok
20:46:35.0666 5204  WinHttpAutoProxySvc - ok
20:46:35.0697 5204  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:46:35.0713 5204  Winmgmt - ok
20:46:35.0759 5204  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:46:35.0791 5204  WinRM - ok
20:46:35.0869 5204  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:35.0869 5204  WinUsb - ok
20:46:35.0884 5204  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:46:35.0900 5204  Wlansvc - ok
20:46:35.0978 5204  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:36.0025 5204  wlidsvc - ok
20:46:36.0056 5204  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:46:36.0056 5204  WmiAcpi - ok
20:46:36.0071 5204  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:46:36.0087 5204  wmiApSrv - ok
20:46:36.0118 5204  WMPNetworkSvc - ok
20:46:36.0134 5204  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:46:36.0134 5204  WPCSvc - ok
20:46:36.0181 5204  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:46:36.0181 5204  WPDBusEnum - ok
20:46:36.0196 5204  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:46:36.0196 5204  ws2ifsl - ok
20:46:36.0212 5204  WSearch - ok
20:46:36.0259 5204  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:46:36.0259 5204  WudfPf - ok
20:46:36.0290 5204  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:36.0290 5204  WUDFRd - ok
20:46:36.0337 5204  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:46:36.0337 5204  wudfsvc - ok
20:46:36.0352 5204  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:46:36.0352 5204  WwanSvc - ok
20:46:36.0383 5204  ================ Scan global ===============================
20:46:36.0399 5204  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:46:36.0430 5204  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:46:36.0446 5204  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:46:36.0461 5204  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:46:36.0508 5204  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
20:46:36.0508 5204  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
20:46:36.0508 5204  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
20:46:36.0508 5204  ================ Scan MBR ==================================
20:46:36.0524 5204  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:46:36.0805 5204  \Device\Harddisk0\DR0 - ok
20:46:37.0273 5204  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
20:46:37.0397 5204  \Device\Harddisk1\DR1 - ok
20:46:37.0491 5204  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
20:46:37.0616 5204  \Device\Harddisk2\DR2 - ok
20:46:37.0616 5204  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
20:46:37.0756 5204  \Device\Harddisk7\DR7 - ok
20:46:37.0756 5204  ================ Scan VBR ==================================
20:46:37.0756 5204  [ DD9D0F6196A4944547E6BDECD11F74B4 ] \Device\Harddisk0\DR0\Partition1
20:46:37.0756 5204  \Device\Harddisk0\DR0\Partition1 - ok
20:46:37.0772 5204  [ 25968E21A302ED95114095714E1601F4 ] \Device\Harddisk0\DR0\Partition2
20:46:37.0772 5204  \Device\Harddisk0\DR0\Partition2 - ok
20:46:37.0772 5204  [ 8BD63B11DA47EDE976D6123F4568890D ] \Device\Harddisk1\DR1\Partition1
20:46:37.0787 5204  \Device\Harddisk1\DR1\Partition1 - ok
20:46:37.0787 5204  [ A66005B06BD48132B14793EFB8BBC4E9 ] \Device\Harddisk2\DR2\Partition1
20:46:37.0787 5204  \Device\Harddisk2\DR2\Partition1 - ok
20:46:37.0787 5204  [ B77F81B47800170941D8537EF885F362 ] \Device\Harddisk7\DR7\Partition1
20:46:37.0803 5204  \Device\Harddisk7\DR7\Partition1 - ok
20:46:37.0803 5204  ============================================================
20:46:37.0803 5204  Scan finished
20:46:37.0803 5204  ============================================================
20:46:37.0803 5896  Detected object count: 1
20:46:37.0803 5896  Actual detected object count: 1
20:47:56.0817 5896  C:\Windows\system32\services.exe - copied to quarantine
20:48:01.0020 5896  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
20:48:01.0050 5896  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
20:48:01.0121 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\@ - copied to quarantine
20:48:01.0159 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\00000004.@ - copied to quarantine
20:48:01.0169 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\201d3dde - copied to quarantine
20:48:01.0194 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\4cce1f70 - copied to quarantine
20:48:01.0226 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\6715e287 - copied to quarantine
20:48:01.0238 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\76603ac3 - copied to quarantine
20:48:01.0248 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000004.@ - copied to quarantine
20:48:01.0268 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000008.@ - copied to quarantine
20:48:01.0268 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\80000000.@ - copied to quarantine
20:48:01.0313 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz100.tmp - copied to quarantine
20:48:01.0382 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1041.tmp - copied to quarantine
20:48:01.0443 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1042.tmp - copied to quarantine
20:48:01.0506 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1057.tmp - copied to quarantine
20:48:01.0563 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1066.tmp - copied to quarantine
20:48:01.0623 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz109B.tmp - copied to quarantine
20:48:01.0682 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A0.tmp - copied to quarantine
20:48:01.0738 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A5.tmp - copied to quarantine
20:48:01.0801 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10E2.tmp - copied to quarantine
20:48:01.0863 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1111.tmp - copied to quarantine
20:48:01.0918 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1128.tmp - copied to quarantine
20:48:01.0992 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz115F.tmp - copied to quarantine
20:48:05.0424 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1169.tmp - copied to quarantine
20:48:05.0482 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz119.tmp - copied to quarantine
20:48:05.0539 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A.tmp - copied to quarantine
20:48:05.0606 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A9.tmp - copied to quarantine
20:48:05.0679 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11FA.tmp - copied to quarantine
20:48:05.0758 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1251.tmp - copied to quarantine
20:48:05.0819 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1271.tmp - copied to quarantine
20:48:05.0877 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1272.tmp - copied to quarantine
20:48:05.0956 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1275.tmp - copied to quarantine
20:48:06.0028 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1283.tmp - copied to quarantine
20:48:06.0098 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz128A.tmp - copied to quarantine
20:48:06.0141 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1295.tmp - copied to quarantine
20:48:06.0207 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C1.tmp - copied to quarantine
20:48:06.0266 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C9.tmp - copied to quarantine
20:48:06.0327 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12DD.tmp - copied to quarantine
20:48:06.0394 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F0.tmp - copied to quarantine
20:48:06.0426 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F1.tmp - copied to quarantine
20:49:21.0556 5896  Backup copy not found, trying to cure infected file..
20:49:21.0556 5896  Cure success, using it..
20:49:21.0587 5896  C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
20:49:21.0587 5896  C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
20:49:21.0587 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000004.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000008.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\80000000.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz100.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1041.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1042.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1057.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1066.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz109B.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A0.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A5.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10E2.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1111.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1128.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz115F.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1169.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz119.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A9.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11FA.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1251.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1271.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1272.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1275.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1283.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz128A.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1295.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C1.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C9.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12DD.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F0.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F1.tmp - will be deleted on reboot
20:49:21.0619 5896  C:\Windows\system32\services.exe - will be cured on reboot
20:49:21.0619 5896  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
20:51:04.0351 2112  Deinitialize success
 



2.  TDSSKiller Log

 

20:45:20.0660 5376  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
20:45:21.0752 5376  ============================================================
20:45:21.0752 5376  Current date / time: 2013/07/18 20:45:21.0752
20:45:21.0752 5376  SystemInfo:
20:45:21.0752 5376  
20:45:21.0752 5376  OS Version: 6.1.7601 ServicePack: 1.0
20:45:21.0752 5376  Product type: Workstation
20:45:21.0752 5376  ComputerName: GREG-PC
20:45:21.0752 5376  UserName: Greg
20:45:21.0752 5376  Windows directory: C:\Windows
20:45:21.0752 5376  System windows directory: C:\Windows
20:45:21.0752 5376  Running under WOW64
20:45:21.0752 5376  Processor architecture: Intel x64
20:45:21.0752 5376  Number of processors: 4
20:45:21.0752 5376  Page size: 0x1000
20:45:21.0752 5376  Boot type: Normal boot
20:45:21.0752 5376  ============================================================
20:45:22.0563 5376  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:45:22.0563 5376  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0579 5376  Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0594 5376  Drive \Device\Harddisk7\DR7 - Size: 0x1D1C1115E00 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:22.0610 5376  ============================================================
20:45:22.0610 5376  \Device\Harddisk0\DR0:
20:45:22.0610 5376  MBR partitions:
20:45:22.0610 5376  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x13C3000
20:45:22.0610 5376  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13E6800, BlocksNum 0x38F9F000
20:45:22.0610 5376  \Device\Harddisk1\DR1:
20:45:22.0610 5376  MBR partitions:
20:45:22.0610 5376  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
20:45:22.0610 5376  \Device\Harddisk2\DR2:
20:45:22.0844 5376  MBR partitions:
20:45:22.0844 5376  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
20:45:22.0844 5376  \Device\Harddisk7\DR7:
20:45:22.0860 5376  MBR partitions:
20:45:22.0860 5376  \Device\Harddisk7\DR7\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
20:45:22.0860 5376  ============================================================
20:45:22.0891 5376  C: <-> \Device\Harddisk0\DR0\Partition2
20:45:22.0891 5376  I: <-> \Device\Harddisk1\DR1\Partition1
20:45:23.0031 5376  J: <-> \Device\Harddisk7\DR7\Partition1
20:45:23.0047 5376  K: <-> \Device\Harddisk2\DR2\Partition1
20:45:23.0047 5376  ============================================================
20:45:23.0047 5376  Initialize success
20:45:23.0047 5376  ============================================================
20:46:18.0271 5204  ============================================================
20:46:18.0271 5204  Scan started
20:46:18.0271 5204  Mode: Manual; TDLFS;
20:46:18.0271 5204  ============================================================
20:46:20.0065 5204  ================ Scan system memory ========================
20:46:20.0065 5204  System memory - ok
20:46:20.0065 5204  ================ Scan services =============================
20:46:20.0190 5204  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:46:20.0190 5204  1394ohci - ok
20:46:20.0236 5204  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:46:20.0236 5204  ACPI - ok
20:46:20.0268 5204  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:46:20.0268 5204  AcpiPmi - ok
20:46:20.0361 5204  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:46:20.0361 5204  AdobeARMservice - ok
20:46:20.0486 5204  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:46:20.0486 5204  AdobeFlashPlayerUpdateSvc - ok
20:46:20.0517 5204  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:20.0517 5204  adp94xx - ok
20:46:20.0533 5204  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:46:20.0548 5204  adpahci - ok
20:46:20.0564 5204  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:46:20.0564 5204  adpu320 - ok
20:46:20.0580 5204  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:46:20.0580 5204  AeLookupSvc - ok
20:46:20.0626 5204  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:46:20.0626 5204  AFD - ok
20:46:20.0658 5204  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:46:20.0658 5204  agp440 - ok
20:46:20.0673 5204  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:46:20.0689 5204  ALG - ok
20:46:20.0704 5204  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:46:20.0704 5204  aliide - ok
20:46:20.0704 5204  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:46:20.0704 5204  amdide - ok
20:46:20.0720 5204  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:46:20.0720 5204  AmdK8 - ok
20:46:20.0736 5204  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:46:20.0736 5204  AmdPPM - ok
20:46:20.0782 5204  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:46:20.0782 5204  amdsata - ok
20:46:20.0798 5204  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:20.0798 5204  amdsbs - ok
20:46:20.0814 5204  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:46:20.0814 5204  amdxata - ok
20:46:20.0845 5204  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:46:20.0845 5204  AppID - ok
20:46:20.0860 5204  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:46:20.0860 5204  AppIDSvc - ok
20:46:20.0892 5204  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:46:20.0892 5204  Appinfo - ok
20:46:21.0001 5204  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:21.0001 5204  Apple Mobile Device - ok
20:46:21.0032 5204  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:46:21.0032 5204  arc - ok
20:46:21.0048 5204  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:46:21.0048 5204  arcsas - ok
20:46:21.0157 5204  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:46:21.0172 5204  aspnet_state - ok
20:46:21.0235 5204  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
20:46:21.0235 5204  aswFsBlk - ok
20:46:21.0282 5204  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:46:21.0282 5204  aswMonFlt - ok
20:46:21.0313 5204  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
20:46:21.0313 5204  aswRdr - ok
20:46:21.0328 5204  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:46:21.0328 5204  aswRvrt - ok
20:46:21.0391 5204  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:46:21.0391 5204  aswSnx - ok
20:46:21.0406 5204  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:46:21.0422 5204  aswSP - ok
20:46:21.0438 5204  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:46:21.0438 5204  aswTdi - ok
20:46:21.0469 5204  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:46:21.0469 5204  aswVmm - ok
20:46:21.0484 5204  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:21.0484 5204  AsyncMac - ok
20:46:21.0531 5204  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:46:21.0531 5204  atapi - ok
20:46:21.0578 5204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:46:21.0578 5204  AudioEndpointBuilder - ok
20:46:21.0609 5204  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:46:21.0609 5204  AudioSrv - ok
20:46:21.0703 5204  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:46:21.0703 5204  avast! Antivirus - ok
20:46:21.0750 5204  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:46:21.0750 5204  AxInstSV - ok
20:46:21.0781 5204  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:46:21.0796 5204  b06bdrv - ok
20:46:21.0828 5204  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:46:21.0828 5204  b57nd60a - ok
20:46:21.0859 5204  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:46:21.0859 5204  BDESVC - ok
20:46:21.0874 5204  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:46:21.0874 5204  Beep - ok
20:46:21.0890 5204  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:21.0890 5204  blbdrive - ok
20:46:21.0952 5204  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:46:21.0952 5204  Bonjour Service - ok
20:46:21.0999 5204  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:46:21.0999 5204  bowser - ok
20:46:21.0999 5204  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:21.0999 5204  BrFiltLo - ok
20:46:22.0015 5204  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:22.0015 5204  BrFiltUp - ok
20:46:22.0062 5204  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:46:22.0062 5204  Browser - ok
20:46:22.0077 5204  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:46:22.0077 5204  Brserid - ok
20:46:22.0093 5204  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:22.0093 5204  BrSerWdm - ok
20:46:22.0108 5204  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:22.0108 5204  BrUsbMdm - ok
20:46:22.0124 5204  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:22.0124 5204  BrUsbSer - ok
20:46:22.0140 5204  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:22.0140 5204  BTHMODEM - ok
20:46:22.0155 5204  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:46:22.0155 5204  bthserv - ok
20:46:22.0218 5204  [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3           C:\Windows\system32\DRIVERS\cbfs3.sys
20:46:22.0218 5204  cbfs3 - ok
20:46:22.0218 5204  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:46:22.0233 5204  cdfs - ok
20:46:22.0264 5204  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:46:22.0264 5204  cdrom - ok
20:46:22.0311 5204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:46:22.0311 5204  CertPropSvc - ok
20:46:22.0327 5204  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:46:22.0327 5204  circlass - ok
20:46:22.0358 5204  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:46:22.0358 5204  CLFS - ok
20:46:22.0405 5204  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:22.0405 5204  clr_optimization_v2.0.50727_32 - ok
20:46:22.0436 5204  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:46:22.0436 5204  clr_optimization_v2.0.50727_64 - ok
20:46:22.0514 5204  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:22.0561 5204  clr_optimization_v4.0.30319_32 - ok
20:46:22.0576 5204  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:46:22.0592 5204  clr_optimization_v4.0.30319_64 - ok
20:46:22.0608 5204  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:22.0608 5204  CmBatt - ok
20:46:22.0654 5204  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:46:22.0654 5204  cmdide - ok
20:46:22.0701 5204  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:46:22.0701 5204  CNG - ok
20:46:22.0717 5204  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:46:22.0717 5204  Compbatt - ok
20:46:22.0748 5204  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:46:22.0764 5204  CompositeBus - ok
20:46:22.0764 5204  COMSysApp - ok
20:46:22.0764 5204  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:22.0764 5204  crcdisk - ok
20:46:22.0810 5204  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:46:22.0810 5204  CryptSvc - ok
20:46:22.0842 5204  [ 1CA90212A99DB6975C344826D11055C9 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:46:22.0842 5204  dc3d - ok
20:46:22.0904 5204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:46:22.0904 5204  DcomLaunch - ok
20:46:22.0935 5204  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:46:22.0935 5204  defragsvc - ok
20:46:22.0966 5204  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:46:22.0966 5204  DfsC - ok
20:46:23.0029 5204  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:46:23.0029 5204  Dhcp - ok
20:46:23.0044 5204  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:46:23.0044 5204  discache - ok
20:46:23.0122 5204  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:46:23.0122 5204  Disk - ok
20:46:23.0169 5204  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:46:23.0185 5204  Dnscache - ok
20:46:23.0232 5204  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
20:46:23.0232 5204  DockLoginService - ok
20:46:23.0263 5204  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:46:23.0263 5204  dot3svc - ok
20:46:23.0325 5204  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:46:23.0325 5204  Dot4 - ok
20:46:23.0372 5204  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
20:46:23.0372 5204  Dot4Print - ok
20:46:23.0419 5204  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:46:23.0419 5204  dot4usb - ok
20:46:23.0466 5204  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:46:23.0466 5204  DPS - ok
20:46:23.0481 5204  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:46:23.0481 5204  drmkaud - ok
20:46:23.0528 5204  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:46:23.0544 5204  DXGKrnl - ok
20:46:23.0559 5204  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:46:23.0559 5204  EapHost - ok
20:46:23.0622 5204  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:46:23.0684 5204  ebdrv - ok
20:46:23.0731 5204  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:46:23.0731 5204  EFS - ok
20:46:23.0762 5204  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:46:23.0778 5204  ehRecvr - ok
20:46:23.0793 5204  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:46:23.0793 5204  ehSched - ok
20:46:23.0824 5204  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:46:23.0840 5204  elxstor - ok
20:46:23.0871 5204  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:46:23.0871 5204  ErrDev - ok
20:46:23.0902 5204  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:46:23.0902 5204  EventSystem - ok
20:46:23.0949 5204  [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:46:23.0949 5204  ew_hwusbdev - ok
20:46:24.0012 5204  [ 55E0EDA185869F7EA67EA97FD0655B39 ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
20:46:24.0012 5204  ew_usbenumfilter - ok
20:46:24.0027 5204  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:46:24.0027 5204  exfat - ok
20:46:24.0043 5204  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:46:24.0043 5204  fastfat - ok
20:46:24.0074 5204  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:46:24.0090 5204  Fax - ok
20:46:24.0105 5204  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:46:24.0105 5204  fdc - ok
20:46:24.0121 5204  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:46:24.0121 5204  fdPHost - ok
20:46:24.0121 5204  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:46:24.0121 5204  FDResPub - ok
20:46:24.0136 5204  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:46:24.0136 5204  FileInfo - ok
20:46:24.0152 5204  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:46:24.0152 5204  Filetrace - ok
20:46:24.0183 5204  [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:46:24.0199 5204  FLEXnet Licensing Service - ok
20:46:24.0214 5204  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:24.0214 5204  flpydisk - ok
20:46:24.0261 5204  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:46:24.0261 5204  FltMgr - ok
20:46:24.0308 5204  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:46:24.0324 5204  FontCache - ok
20:46:24.0370 5204  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:46:24.0370 5204  FontCache3.0.0.0 - ok
20:46:24.0464 5204  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
20:46:24.0464 5204  FreemakeVideoCapture - ok
20:46:24.0480 5204  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:46:24.0480 5204  FsDepends - ok
20:46:24.0526 5204  [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:46:24.0526 5204  fssfltr - ok
20:46:24.0651 5204  [ B6AB40819ECEC4BA07266EC0EBBC85A7 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:46:24.0667 5204  fsssvc - ok
20:46:24.0714 5204  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:46:24.0714 5204  Fs_Rec - ok
20:46:24.0760 5204  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:46:24.0760 5204  fvevol - ok
20:46:24.0776 5204  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:24.0776 5204  gagp30kx - ok
20:46:24.0807 5204  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:24.0807 5204  GEARAspiWDM - ok
20:46:24.0838 5204  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
20:46:24.0838 5204  GoToAssist - ok
20:46:24.0901 5204  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:46:24.0901 5204  gpsvc - ok
20:46:24.0979 5204  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:46:24.0979 5204  gusvc - ok
20:46:24.0994 5204  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:46:24.0994 5204  hcw85cir - ok
20:46:25.0041 5204  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:46:25.0041 5204  HdAudAddService - ok
20:46:25.0057 5204  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:46:25.0057 5204  HDAudBus - ok
20:46:25.0088 5204  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:46:25.0088 5204  HECIx64 - ok
20:46:25.0088 5204  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:25.0088 5204  HidBatt - ok
20:46:25.0104 5204  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:46:25.0104 5204  HidBth - ok
20:46:25.0119 5204  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:46:25.0119 5204  HidIr - ok
20:46:25.0150 5204  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:46:25.0150 5204  hidserv - ok
20:46:25.0182 5204  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:46:25.0182 5204  HidUsb - ok
20:46:25.0213 5204  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:46:25.0213 5204  hkmsvc - ok
20:46:25.0260 5204  [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc          c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
20:46:25.0260 5204  hnmsvc - ok
20:46:25.0306 5204  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:46:25.0306 5204  HomeGroupListener - ok
20:46:25.0353 5204  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:46:25.0353 5204  HomeGroupProvider - ok
20:46:25.0462 5204  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:46:25.0478 5204  hpqcxs08 - ok
20:46:25.0478 5204  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:46:25.0494 5204  hpqddsvc - ok
20:46:25.0509 5204  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:46:25.0509 5204  HpSAMD - ok
20:46:25.0556 5204  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:46:25.0572 5204  HPSLPSVC - ok
20:46:25.0619 5204  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:46:25.0619 5204  HTTP - ok
20:46:25.0666 5204  [ 4D6C4B6FC9A8B069DB208B5E8117725B ] huawei_cdcacm   C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
20:46:25.0666 5204  huawei_cdcacm - ok
20:46:25.0729 5204  [ 2342E7FECCA0D4E31BEA5FF6A4E20885 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:46:25.0729 5204  huawei_enumerator - ok
20:46:25.0775 5204  [ 20B88224F9A4B202D00FA00C9ED28E7F ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
20:46:25.0775 5204  huawei_ext_ctrl - ok
20:46:25.0807 5204  [ 519B7EA852C713E515C84A1A25006482 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
20:46:25.0807 5204  huawei_wwanecm - ok
20:46:25.0853 5204  [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:46:25.0869 5204  hwdatacard - ok
20:46:25.0900 5204  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:46:25.0900 5204  hwpolicy - ok
20:46:25.0947 5204  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:46:25.0947 5204  i8042prt - ok
20:46:25.0963 5204  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:46:25.0978 5204  iaStorV - ok
20:46:26.0025 5204  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:46:26.0041 5204  idsvc - ok
20:46:26.0212 5204  [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:46:26.0353 5204  igfx - ok
20:46:26.0415 5204  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:46:26.0415 5204  iirsp - ok
20:46:26.0477 5204  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:46:26.0477 5204  IKEEXT - ok
20:46:26.0540 5204  [ E9BEFD8C6A1DB3B544B61647DDA35F62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:46:26.0571 5204  IntcAzAudAddService - ok
20:46:26.0618 5204  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:46:26.0618 5204  intelide - ok
20:46:26.0633 5204  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:46:26.0633 5204  intelppm - ok
20:46:26.0649 5204  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:46:26.0649 5204  IPBusEnum - ok
20:46:26.0696 5204  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:26.0696 5204  IpFilterDriver - ok
20:46:26.0727 5204  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:46:26.0727 5204  IPMIDRV - ok
20:46:26.0758 5204  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:46:26.0758 5204  IPNAT - ok
20:46:26.0821 5204  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:46:26.0821 5204  iPod Service - ok
20:46:26.0836 5204  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:46:26.0836 5204  IRENUM - ok
20:46:26.0867 5204  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:46:26.0867 5204  isapnp - ok
20:46:26.0914 5204  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:46:26.0914 5204  iScsiPrt - ok
20:46:26.0945 5204  [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
20:46:26.0945 5204  k57nd60a - ok
20:46:26.0945 5204  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:26.0945 5204  kbdclass - ok
20:46:26.0992 5204  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:26.0992 5204  kbdhid - ok
20:46:27.0008 5204  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:46:27.0008 5204  KeyIso - ok
20:46:27.0055 5204  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:46:27.0055 5204  KSecDD - ok
20:46:27.0101 5204  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:46:27.0101 5204  KSecPkg - ok
20:46:27.0101 5204  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:46:27.0101 5204  ksthunk - ok
20:46:27.0117 5204  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:46:27.0117 5204  KtmRm - ok
20:46:27.0164 5204  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:46:27.0164 5204  LanmanServer - ok
20:46:27.0211 5204  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:46:27.0211 5204  LanmanWorkstation - ok
20:46:27.0226 5204  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:46:27.0226 5204  lltdio - ok
20:46:27.0257 5204  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:46:27.0257 5204  lltdsvc - ok
20:46:27.0273 5204  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:46:27.0273 5204  lmhosts - ok
20:46:27.0304 5204  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:27.0304 5204  LSI_FC - ok
20:46:27.0320 5204  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:27.0320 5204  LSI_SAS - ok
20:46:27.0335 5204  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:27.0335 5204  LSI_SAS2 - ok
20:46:27.0351 5204  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:27.0367 5204  LSI_SCSI - ok
20:46:27.0382 5204  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:46:27.0382 5204  luafv - ok
20:46:27.0429 5204  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:46:27.0429 5204  MBAMProtector - ok
20:46:27.0491 5204  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:46:27.0491 5204  MBAMScheduler - ok
20:46:27.0538 5204  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
20:46:27.0554 5204  MBAMService - ok
20:46:27.0585 5204  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:46:27.0585 5204  Mcx2Svc - ok
20:46:27.0616 5204  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:46:27.0616 5204  megasas - ok
20:46:27.0632 5204  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:27.0632 5204  MegaSR - ok
20:46:27.0663 5204  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:46:27.0663 5204  MMCSS - ok
20:46:27.0663 5204  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:46:27.0663 5204  Modem - ok
20:46:27.0694 5204  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:46:27.0694 5204  monitor - ok
20:46:27.0710 5204  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:46:27.0710 5204  mouclass - ok
20:46:27.0741 5204  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:46:27.0741 5204  mouhid - ok
20:46:27.0772 5204  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:46:27.0772 5204  mountmgr - ok
20:46:27.0835 5204  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:46:27.0835 5204  MozillaMaintenance - ok
20:46:27.0850 5204  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:46:27.0850 5204  mpio - ok
20:46:27.0866 5204  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:46:27.0866 5204  mpsdrv - ok
20:46:27.0913 5204  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:46:27.0913 5204  MRxDAV - ok
20:46:27.0944 5204  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:27.0944 5204  mrxsmb - ok
20:46:27.0991 5204  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:27.0991 5204  mrxsmb10 - ok
20:46:27.0991 5204  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:28.0006 5204  mrxsmb20 - ok
20:46:28.0037 5204  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:46:28.0053 5204  msahci - ok
20:46:28.0084 5204  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:46:28.0084 5204  msdsm - ok
20:46:28.0100 5204  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:46:28.0100 5204  MSDTC - ok
20:46:28.0131 5204  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:46:28.0131 5204  Msfs - ok
20:46:28.0147 5204  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:46:28.0147 5204  mshidkmdf - ok
20:46:28.0147 5204  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:46:28.0162 5204  msisadrv - ok
20:46:28.0193 5204  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:46:28.0193 5204  MSiSCSI - ok
20:46:28.0209 5204  msiserver - ok
20:46:28.0225 5204  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:46:28.0225 5204  MSKSSRV - ok
20:46:28.0240 5204  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:28.0240 5204  MSPCLOCK - ok
20:46:28.0271 5204  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:46:28.0271 5204  MSPQM - ok
20:46:28.0318 5204  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:46:28.0318 5204  MsRPC - ok
20:46:28.0365 5204  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:46:28.0365 5204  mssmbios - ok
20:46:28.0365 5204  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:46:28.0365 5204  MSTEE - ok
20:46:28.0381 5204  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:28.0381 5204  MTConfig - ok
20:46:28.0396 5204  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:46:28.0396 5204  Mup - ok
20:46:28.0459 5204  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:46:28.0459 5204  napagent - ok
20:46:28.0490 5204  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:46:28.0490 5204  NativeWifiP - ok
20:46:28.0552 5204  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:46:28.0568 5204  NDIS - ok
20:46:28.0583 5204  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:28.0583 5204  NdisCap - ok
20:46:28.0599 5204  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:28.0599 5204  NdisTapi - ok
20:46:28.0661 5204  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:28.0661 5204  Ndisuio - ok
20:46:28.0693 5204  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:28.0693 5204  NdisWan - ok
20:46:28.0724 5204  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:46:28.0739 5204  NDProxy - ok
20:46:28.0771 5204  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:46:28.0771 5204  Net Driver HPZ12 - ok
20:46:28.0786 5204  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:46:28.0786 5204  NetBIOS - ok
20:46:28.0833 5204  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:46:28.0833 5204  NetBT - ok
20:46:28.0849 5204  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:46:28.0849 5204  Netlogon - ok
20:46:28.0864 5204  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:46:28.0880 5204  Netman - ok
20:46:28.0911 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0942 5204  NetMsmqActivator - ok
20:46:28.0942 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0942 5204  NetPipeActivator - ok
20:46:28.0973 5204  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:46:28.0973 5204  netprofm - ok
20:46:28.0973 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0973 5204  NetTcpActivator - ok
20:46:28.0989 5204  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:46:28.0989 5204  NetTcpPortSharing - ok
20:46:29.0005 5204  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:29.0005 5204  nfrd960 - ok
20:46:29.0036 5204  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:46:29.0051 5204  NlaSvc - ok
20:46:29.0114 5204  [ 351533ACC2A069B94E80BBFC177E8FDF ] npf             C:\Windows\system32\drivers\npf.sys
20:46:29.0114 5204  npf - ok
20:46:29.0129 5204  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:46:29.0129 5204  Npfs - ok
20:46:29.0129 5204  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:46:29.0129 5204  nsi - ok
20:46:29.0145 5204  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:46:29.0145 5204  nsiproxy - ok
20:46:29.0192 5204  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:46:29.0223 5204  Ntfs - ok
20:46:29.0270 5204  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
20:46:29.0270 5204  NuidFltr - ok
20:46:29.0285 5204  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:46:29.0285 5204  Null - ok
20:46:29.0317 5204  [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:46:29.0317 5204  NVHDA - ok
20:46:29.0504 5204  [ A5D0603CAE6C334B1386204D94393C04 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:46:29.0660 5204  nvlddmkm - ok
20:46:29.0707 5204  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:46:29.0707 5204  nvraid - ok
20:46:29.0722 5204  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:46:29.0722 5204  nvstor - ok
20:46:29.0753 5204  [ 268D382FCC6A8A568AAB7C6DC8C71BB3 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:46:29.0753 5204  nvsvc - ok
20:46:29.0800 5204  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:46:29.0800 5204  nv_agp - ok
20:46:29.0956 5204  [ CE8AD6748DBA78A9D3CBB7094176D6C8 ] OfficeSvc       C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
20:46:29.0956 5204  OfficeSvc - ok
20:46:29.0987 5204  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:46:30.0003 5204  ohci1394 - ok
20:46:30.0050 5204  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:46:30.0065 5204  ose - ok
20:46:30.0190 5204  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:46:30.0253 5204  osppsvc - ok
20:46:30.0299 5204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:46:30.0299 5204  p2pimsvc - ok
20:46:30.0315 5204  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:46:30.0331 5204  p2psvc - ok
20:46:30.0346 5204  [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet          C:\Windows\system32\DRIVERS\packet.sys
20:46:30.0346 5204  Packet - ok
20:46:30.0362 5204  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:46:30.0362 5204  Parport - ok
20:46:30.0393 5204  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:46:30.0409 5204  partmgr - ok
20:46:30.0409 5204  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:46:30.0409 5204  PcaSvc - ok
20:46:30.0455 5204  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:46:30.0455 5204  pccsmcfd - ok
20:46:30.0502 5204  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:46:30.0502 5204  pci - ok
20:46:30.0518 5204  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:46:30.0518 5204  pciide - ok
20:46:30.0533 5204  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:30.0533 5204  pcmcia - ok
20:46:30.0549 5204  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:46:30.0549 5204  pcw - ok
20:46:30.0565 5204  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:46:30.0565 5204  PEAUTH - ok
20:46:30.0611 5204  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:46:30.0611 5204  PerfHost - ok
20:46:30.0674 5204  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:46:30.0705 5204  pla - ok
20:46:30.0752 5204  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:46:30.0752 5204  PlugPlay - ok
20:46:30.0783 5204  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:46:30.0783 5204  Pml Driver HPZ12 - ok
20:46:30.0799 5204  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:46:30.0799 5204  PNRPAutoReg - ok
20:46:30.0814 5204  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:46:30.0814 5204  PNRPsvc - ok
20:46:30.0861 5204  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
20:46:30.0861 5204  Point64 - ok
20:46:30.0892 5204  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:46:30.0892 5204  PolicyAgent - ok
20:46:30.0923 5204  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:46:30.0923 5204  Power - ok
20:46:30.0986 5204  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:46:30.0986 5204  PptpMiniport - ok
20:46:31.0001 5204  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:46:31.0001 5204  Processor - ok
20:46:31.0048 5204  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:46:31.0048 5204  ProfSvc - ok
20:46:31.0048 5204  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:46:31.0048 5204  ProtectedStorage - ok
20:46:31.0095 5204  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:46:31.0095 5204  Psched - ok
20:46:31.0126 5204  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
20:46:31.0126 5204  PxHlpa64 - ok
20:46:31.0173 5204  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:46:31.0189 5204  ql2300 - ok
20:46:31.0189 5204  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:31.0204 5204  ql40xx - ok
20:46:31.0220 5204  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:46:31.0220 5204  QWAVE - ok
20:46:31.0235 5204  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:46:31.0235 5204  QWAVEdrv - ok
20:46:31.0251 5204  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:46:31.0251 5204  RasAcd - ok
20:46:31.0282 5204  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:31.0282 5204  RasAgileVpn - ok
20:46:31.0282 5204  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:46:31.0282 5204  RasAuto - ok
20:46:31.0329 5204  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:31.0329 5204  Rasl2tp - ok
20:46:31.0376 5204  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:46:31.0376 5204  RasMan - ok
20:46:31.0391 5204  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:31.0391 5204  RasPppoe - ok
20:46:31.0407 5204  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:46:31.0407 5204  RasSstp - ok
20:46:31.0454 5204  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:46:31.0454 5204  rdbss - ok
20:46:31.0454 5204  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:31.0454 5204  rdpbus - ok
20:46:31.0469 5204  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:31.0469 5204  RDPCDD - ok
20:46:31.0501 5204  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:46:31.0501 5204  RDPENCDD - ok
20:46:31.0501 5204  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:46:31.0501 5204  RDPREFMP - ok
20:46:31.0532 5204  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:46:31.0547 5204  RDPWD - ok
20:46:31.0579 5204  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:46:31.0579 5204  rdyboost - ok
20:46:31.0672 5204  [ B2D01290C0E0465ACA54C2088E947823 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
20:46:31.0672 5204  RealNetworks Downloader Resolver Service - ok
20:46:31.0703 5204  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:46:31.0703 5204  RemoteAccess - ok
20:46:31.0719 5204  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:46:31.0735 5204  RemoteRegistry - ok
20:46:31.0735 5204  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:46:31.0750 5204  RpcEptMapper - ok
20:46:31.0750 5204  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:46:31.0750 5204  RpcLocator - ok
20:46:31.0797 5204  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:46:31.0813 5204  RpcSs - ok
20:46:31.0813 5204  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:46:31.0813 5204  rspndr - ok
20:46:31.0844 5204  [ A48B769DEC76629BD1A021D33C257B17 ] RTL8187         C:\Windows\system32\DRIVERS\wg111v2.sys
20:46:31.0859 5204  RTL8187 - ok
20:46:31.0875 5204  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:46:31.0875 5204  SamSs - ok
20:46:31.0906 5204  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:46:31.0906 5204  sbp2port - ok
20:46:31.0922 5204  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:46:31.0922 5204  SCardSvr - ok
20:46:31.0953 5204  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:46:31.0969 5204  scfilter - ok
20:46:32.0015 5204  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:46:32.0031 5204  Schedule - ok
20:46:32.0062 5204  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:46:32.0062 5204  SCPolicySvc - ok
20:46:32.0093 5204  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:46:32.0093 5204  SDRSVC - ok
20:46:32.0109 5204  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:46:32.0125 5204  secdrv - ok
20:46:32.0156 5204  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:46:32.0156 5204  seclogon - ok
20:46:32.0171 5204  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:46:32.0171 5204  SENS - ok
20:46:32.0171 5204  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:46:32.0171 5204  SensrSvc - ok
20:46:32.0187 5204  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:46:32.0187 5204  Serenum - ok
20:46:32.0203 5204  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:46:32.0203 5204  Serial - ok
20:46:32.0249 5204  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:46:32.0249 5204  sermouse - ok
20:46:32.0327 5204  [ 12B41D84A4D058ADC60853C365DBFCCA ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:46:32.0343 5204  ServiceLayer - ok
20:46:32.0374 5204  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:46:32.0374 5204  SessionEnv - ok
20:46:32.0421 5204  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:46:32.0421 5204  sffdisk - ok
20:46:32.0437 5204  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:46:32.0437 5204  sffp_mmc - ok
20:46:32.0452 5204  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:46:32.0452 5204  sffp_sd - ok
20:46:32.0452 5204  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:32.0468 5204  sfloppy - ok
20:46:32.0499 5204  [ E1974A92AC0914A3859359A0A8C82C68 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:46:32.0499 5204  SftService - ok
20:46:32.0546 5204  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:46:32.0546 5204  ShellHWDetection - ok
20:46:32.0561 5204  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:32.0561 5204  SiSRaid2 - ok
20:46:32.0577 5204  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:32.0577 5204  SiSRaid4 - ok
20:46:32.0717 5204  [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:46:32.0733 5204  Skype C2C Service - ok
20:46:32.0811 5204  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:46:32.0811 5204  SkypeUpdate - ok
20:46:32.0827 5204  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:46:32.0827 5204  Smb - ok
20:46:32.0858 5204  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:46:32.0858 5204  SNMPTRAP - ok
20:46:32.0873 5204  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:46:32.0873 5204  spldr - ok
20:46:32.0905 5204  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:46:32.0920 5204  Spooler - ok
20:46:32.0983 5204  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:46:33.0029 5204  sppsvc - ok
20:46:33.0045 5204  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:46:33.0045 5204  sppuinotify - ok
20:46:33.0092 5204  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
20:46:33.0092 5204  sprtsvc_DellSupportCenter - ok
20:46:33.0139 5204  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:46:33.0139 5204  srv - ok
20:46:33.0154 5204  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:46:33.0154 5204  srv2 - ok
20:46:33.0170 5204  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:46:33.0170 5204  srvnet - ok
20:46:33.0185 5204  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:46:33.0185 5204  SSDPSRV - ok
20:46:33.0201 5204  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:46:33.0201 5204  SstpSvc - ok
20:46:33.0217 5204  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:46:33.0217 5204  stexstor - ok
20:46:33.0263 5204  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:46:33.0263 5204  stisvc - ok
20:46:33.0295 5204  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:46:33.0295 5204  swenum - ok
20:46:33.0326 5204  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:46:33.0326 5204  swprv - ok
20:46:33.0388 5204  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:46:33.0404 5204  SysMain - ok
20:46:33.0451 5204  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:46:33.0451 5204  TabletInputService - ok
20:46:33.0482 5204  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:46:33.0497 5204  TapiSrv - ok
20:46:33.0497 5204  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:46:33.0497 5204  TBS - ok
20:46:33.0560 5204  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:46:33.0591 5204  Tcpip - ok
20:46:33.0638 5204  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:46:33.0638 5204  TCPIP6 - ok
20:46:33.0700 5204  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:46:33.0700 5204  tcpipreg - ok
20:46:33.0700 5204  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:46:33.0716 5204  TDPIPE - ok
20:46:33.0747 5204  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:46:33.0747 5204  TDTCP - ok
20:46:33.0778 5204  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:46:33.0778 5204  tdx - ok
20:46:33.0794 5204  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:46:33.0794 5204  TermDD - ok
20:46:33.0841 5204  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:46:33.0841 5204  TermService - ok
20:46:33.0872 5204  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:46:33.0872 5204  Themes - ok
20:46:33.0887 5204  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:46:33.0887 5204  THREADORDER - ok
20:46:33.0903 5204  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:46:33.0919 5204  TrkWks - ok
20:46:33.0965 5204  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:46:33.0965 5204  TrustedInstaller - ok
20:46:34.0012 5204  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:34.0012 5204  tssecsrv - ok
20:46:34.0059 5204  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:46:34.0059 5204  TsUsbFlt - ok
20:46:34.0106 5204  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:46:34.0168 5204  tunnel - ok
20:46:34.0184 5204  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:46:34.0184 5204  uagp35 - ok
20:46:34.0231 5204  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:46:34.0231 5204  udfs - ok
20:46:34.0246 5204  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:46:34.0246 5204  UI0Detect - ok
20:46:34.0262 5204  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:46:34.0262 5204  uliagpkx - ok
20:46:34.0309 5204  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:46:34.0309 5204  umbus - ok
20:46:34.0324 5204  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:46:34.0324 5204  UmPass - ok
20:46:34.0340 5204  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:46:34.0340 5204  upnphost - ok
20:46:34.0402 5204  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:46:34.0402 5204  USBAAPL64 - ok
20:46:34.0418 5204  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:34.0418 5204  usbccgp - ok
20:46:34.0449 5204  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:46:34.0449 5204  usbcir - ok
20:46:34.0496 5204  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:46:34.0496 5204  usbehci - ok
20:46:34.0511 5204  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:46:34.0511 5204  usbhub - ok
20:46:34.0527 5204  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:46:34.0527 5204  usbohci - ok
20:46:34.0543 5204  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:46:34.0543 5204  usbprint - ok
20:46:34.0589 5204  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:46:34.0589 5204  usbscan - ok
20:46:34.0636 5204  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
20:46:34.0636 5204  usbser - ok
20:46:34.0667 5204  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:34.0667 5204  USBSTOR - ok
20:46:34.0683 5204  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:46:34.0683 5204  usbuhci - ok
20:46:34.0699 5204  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:46:34.0699 5204  UxSms - ok
20:46:34.0699 5204  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:46:34.0699 5204  VaultSvc - ok
20:46:34.0714 5204  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:46:34.0714 5204  vdrvroot - ok
20:46:34.0777 5204  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:46:34.0777 5204  vds - ok
20:46:34.0792 5204  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:34.0792 5204  vga - ok
20:46:34.0808 5204  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:46:34.0808 5204  VgaSave - ok
20:46:34.0823 5204  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:46:34.0823 5204  vhdmp - ok
20:46:34.0855 5204  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:46:34.0855 5204  viaide - ok
20:46:34.0948 5204  [ DC36D45B132BA7C9DE62E57DD8F586CC ] VmbService      C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
20:46:34.0948 5204  VmbService - ok
20:46:34.0964 5204  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:46:34.0964 5204  volmgr - ok
20:46:34.0995 5204  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:46:35.0011 5204  volmgrx - ok
20:46:35.0011 5204  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:46:35.0011 5204  volsnap - ok
20:46:35.0042 5204  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:35.0042 5204  vsmraid - ok
20:46:35.0089 5204  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:46:35.0120 5204  VSS - ok
20:46:35.0135 5204  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:46:35.0135 5204  vwifibus - ok
20:46:35.0167 5204  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:46:35.0167 5204  W32Time - ok
20:46:35.0182 5204  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:46:35.0182 5204  WacomPen - ok
20:46:35.0213 5204  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:46:35.0213 5204  WANARP - ok
20:46:35.0229 5204  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:46:35.0229 5204  Wanarpv6 - ok
20:46:35.0291 5204  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:46:35.0307 5204  WatAdminSvc - ok
20:46:35.0354 5204  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:46:35.0369 5204  wbengine - ok
20:46:35.0385 5204  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:46:35.0385 5204  WbioSrvc - ok
20:46:35.0432 5204  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:46:35.0447 5204  wcncsvc - ok
20:46:35.0447 5204  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:46:35.0463 5204  WcsPlugInService - ok
20:46:35.0463 5204  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:46:35.0463 5204  Wd - ok
20:46:35.0479 5204  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:46:35.0494 5204  Wdf01000 - ok
20:46:35.0494 5204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:46:35.0510 5204  WdiServiceHost - ok
20:46:35.0510 5204  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:46:35.0510 5204  WdiSystemHost - ok
20:46:35.0541 5204  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:46:35.0541 5204  WebClient - ok
20:46:35.0557 5204  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:46:35.0557 5204  Wecsvc - ok
20:46:35.0572 5204  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:46:35.0572 5204  wercplsupport - ok
20:46:35.0588 5204  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:46:35.0603 5204  WerSvc - ok
20:46:35.0619 5204  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:35.0619 5204  WfpLwf - ok
20:46:35.0635 5204  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:46:35.0650 5204  WimFltr - ok
20:46:35.0650 5204  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:46:35.0650 5204  WIMMount - ok
20:46:35.0666 5204  WinHttpAutoProxySvc - ok
20:46:35.0697 5204  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:46:35.0713 5204  Winmgmt - ok
20:46:35.0759 5204  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:46:35.0791 5204  WinRM - ok
20:46:35.0869 5204  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:35.0869 5204  WinUsb - ok
20:46:35.0884 5204  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:46:35.0900 5204  Wlansvc - ok
20:46:35.0978 5204  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:46:36.0025 5204  wlidsvc - ok
20:46:36.0056 5204  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:46:36.0056 5204  WmiAcpi - ok
20:46:36.0071 5204  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:46:36.0087 5204  wmiApSrv - ok
20:46:36.0118 5204  WMPNetworkSvc - ok
20:46:36.0134 5204  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:46:36.0134 5204  WPCSvc - ok
20:46:36.0181 5204  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:46:36.0181 5204  WPDBusEnum - ok
20:46:36.0196 5204  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:46:36.0196 5204  ws2ifsl - ok
20:46:36.0212 5204  WSearch - ok
20:46:36.0259 5204  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:46:36.0259 5204  WudfPf - ok
20:46:36.0290 5204  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:36.0290 5204  WUDFRd - ok
20:46:36.0337 5204  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:46:36.0337 5204  wudfsvc - ok
20:46:36.0352 5204  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:46:36.0352 5204  WwanSvc - ok
20:46:36.0383 5204  ================ Scan global ===============================
20:46:36.0399 5204  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:46:36.0430 5204  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:46:36.0446 5204  [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:46:36.0461 5204  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:46:36.0508 5204  [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
20:46:36.0508 5204  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
20:46:36.0508 5204  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
20:46:36.0508 5204  ================ Scan MBR ==================================
20:46:36.0524 5204  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:46:36.0805 5204  \Device\Harddisk0\DR0 - ok
20:46:37.0273 5204  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk1\DR1
20:46:37.0397 5204  \Device\Harddisk1\DR1 - ok
20:46:37.0491 5204  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
20:46:37.0616 5204  \Device\Harddisk2\DR2 - ok
20:46:37.0616 5204  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk7\DR7
20:46:37.0756 5204  \Device\Harddisk7\DR7 - ok
20:46:37.0756 5204  ================ Scan VBR ==================================
20:46:37.0756 5204  [ DD9D0F6196A4944547E6BDECD11F74B4 ] \Device\Harddisk0\DR0\Partition1
20:46:37.0756 5204  \Device\Harddisk0\DR0\Partition1 - ok
20:46:37.0772 5204  [ 25968E21A302ED95114095714E1601F4 ] \Device\Harddisk0\DR0\Partition2
20:46:37.0772 5204  \Device\Harddisk0\DR0\Partition2 - ok
20:46:37.0772 5204  [ 8BD63B11DA47EDE976D6123F4568890D ] \Device\Harddisk1\DR1\Partition1
20:46:37.0787 5204  \Device\Harddisk1\DR1\Partition1 - ok
20:46:37.0787 5204  [ A66005B06BD48132B14793EFB8BBC4E9 ] \Device\Harddisk2\DR2\Partition1
20:46:37.0787 5204  \Device\Harddisk2\DR2\Partition1 - ok
20:46:37.0787 5204  [ B77F81B47800170941D8537EF885F362 ] \Device\Harddisk7\DR7\Partition1
20:46:37.0803 5204  \Device\Harddisk7\DR7\Partition1 - ok
20:46:37.0803 5204  ============================================================
20:46:37.0803 5204  Scan finished
20:46:37.0803 5204  ============================================================
20:46:37.0803 5896  Detected object count: 1
20:46:37.0803 5896  Actual detected object count: 1
20:47:56.0817 5896  C:\Windows\system32\services.exe - copied to quarantine
20:48:01.0020 5896  C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
20:48:01.0050 5896  C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
20:48:01.0121 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\@ - copied to quarantine
20:48:01.0159 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\00000004.@ - copied to quarantine
20:48:01.0169 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\201d3dde - copied to quarantine
20:48:01.0194 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\4cce1f70 - copied to quarantine
20:48:01.0226 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\6715e287 - copied to quarantine
20:48:01.0238 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\L\76603ac3 - copied to quarantine
20:48:01.0248 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000004.@ - copied to quarantine
20:48:01.0268 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000008.@ - copied to quarantine
20:48:01.0268 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\80000000.@ - copied to quarantine
20:48:01.0313 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz100.tmp - copied to quarantine
20:48:01.0382 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1041.tmp - copied to quarantine
20:48:01.0443 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1042.tmp - copied to quarantine
20:48:01.0506 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1057.tmp - copied to quarantine
20:48:01.0563 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1066.tmp - copied to quarantine
20:48:01.0623 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz109B.tmp - copied to quarantine
20:48:01.0682 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A0.tmp - copied to quarantine
20:48:01.0738 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A5.tmp - copied to quarantine
20:48:01.0801 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10E2.tmp - copied to quarantine
20:48:01.0863 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1111.tmp - copied to quarantine
20:48:01.0918 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1128.tmp - copied to quarantine
20:48:01.0992 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz115F.tmp - copied to quarantine
20:48:05.0424 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1169.tmp - copied to quarantine
20:48:05.0482 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz119.tmp - copied to quarantine
20:48:05.0539 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A.tmp - copied to quarantine
20:48:05.0606 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A9.tmp - copied to quarantine
20:48:05.0679 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11FA.tmp - copied to quarantine
20:48:05.0758 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1251.tmp - copied to quarantine
20:48:05.0819 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1271.tmp - copied to quarantine
20:48:05.0877 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1272.tmp - copied to quarantine
20:48:05.0956 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1275.tmp - copied to quarantine
20:48:06.0028 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1283.tmp - copied to quarantine
20:48:06.0098 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz128A.tmp - copied to quarantine
20:48:06.0141 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1295.tmp - copied to quarantine
20:48:06.0207 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C1.tmp - copied to quarantine
20:48:06.0266 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C9.tmp - copied to quarantine
20:48:06.0327 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12DD.tmp - copied to quarantine
20:48:06.0394 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F0.tmp - copied to quarantine
20:48:06.0426 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F1.tmp - copied to quarantine
20:49:21.0556 5896  Backup copy not found, trying to cure infected file..
20:49:21.0556 5896  Cure success, using it..
20:49:21.0587 5896  C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
20:49:21.0587 5896  C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
20:49:21.0587 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000004.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\00000008.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\80000000.@ - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz100.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1041.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1042.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1057.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1066.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz109B.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A0.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10A5.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz10E2.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1111.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1128.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz115F.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1169.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz119.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11A9.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz11FA.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1251.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1271.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1272.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1275.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1283.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz128A.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1295.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C1.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12C9.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12DD.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F0.tmp - will be deleted on reboot
20:49:21.0603 5896  C:\Windows\installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz12F1.tmp - will be deleted on reboot
20:49:21.0619 5896  C:\Windows\system32\services.exe - will be cured on reboot
20:49:21.0619 5896  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
20:51:04.0351 2112  Deinitialize success
 



#5 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 02:11 AM

3.  aswMBR Log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-18 20:53:12
-----------------------------
20:53:12.225    OS Version: Windows x64 6.1.7601 Service Pack 1
20:53:12.225    Number of processors: 4 586 0x2502
20:53:12.225    ComputerName: GREG-PC  UserName: Greg
20:53:14.627    Initialize success
20:53:14.955    AVAST engine defs: 13071701
20:53:55.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:53:55.125    Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
20:53:55.249    Disk 0 MBR read successfully
20:53:55.249    Disk 0 MBR scan
20:53:55.249    Disk 0 Windows 7 default MBR code
20:53:55.249    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63
20:53:55.265    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        10118 MB offset 145408
20:53:55.296    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       466750 MB offset 20867072
20:53:55.327    Disk 0 scanning C:\Windows\system32\drivers
20:54:06.013    Service scanning
20:54:06.700    Service 71013770 C:\Windows\system32\drivers\27089473.sys **HIDDEN**
20:54:24.250    Modules scanning
20:54:24.250    Disk 0 trace - called modules:
20:54:24.265    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:54:24.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b69060]
20:54:24.265    3 CLASSPNP.SYS[fffff880018ae43f] -> nt!IofCallDriver -> [0xfffffa80048ce580]
20:54:24.281    5 ACPI.sys[fffff88000f337a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048d0060]
20:54:24.999    AVAST engine scan C:\Windows
20:54:26.730    AVAST engine scan C:\Windows\system32
20:55:24.060    File: C:\Windows\system32\services.exe  **INFECTED** Win32:Sirefef-ZT [Trj]
20:55:48.278    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:55:50.212    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:56:43.448    AVAST engine scan C:\Windows\system32\drivers
20:56:54.306    AVAST engine scan C:\Users\Greg
21:33:48.963    AVAST engine scan C:\ProgramData
21:39:53.014    Scan finished successfully
21:44:20.297    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:44:20.297    The log file has been saved successfully to "C:\aswMBR.txt"

 



#6 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 02:12 AM

4.  AdwCleaner Log

 

# AdwCleaner v2.305 - Logfile created 07/18/2013 at 21:46:50
# Updated 11/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Greg - GREG-PC
# Boot Mode : Normal
# Running from : C:\Users\Greg\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\ylbe2a1h.default\searchplugins\funmoods.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\SearchPredict
Folder Deleted : C:\Program Files (x86)\Speedbit Video Downloader
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedbit Video Downloader
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Greg\AppData\Local\Wondershare
Folder Deleted : C:\Users\Greg\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Greg\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Greg\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Greg_2\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Greg_2\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Vicki\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Vicki\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert
Key Deleted : HKLM\SOFTWARE\Classes\SBConvert.SBConvert.3
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj
Key Deleted : HKLM\SOFTWARE\Classes\SearchPredictObj.SearchPredictObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SPEEDbit Video Downloader
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\ylbe2a1h.default\prefs.js

C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\ylbe2a1h.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "2");
Deleted : user_pref("extensions.funmoods.admin", false);
Deleted : user_pref("extensions.funmoods.aflt", "make");
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "AU");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "EN");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "C9ED3A00396A7D7C320B7D9A82D1DC98");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hrdid", "0");
Deleted : user_pref("extensions.funmoods.id", "28b7e4f7000000000000b8ac6fadb29f");
Deleted : user_pref("extensions.funmoods.instlDay", "15375");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.instlday", "15375");
Deleted : user_pref("extensions.funmoods.instlref", "");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.11.1622:47:56");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=make");
Deleted : user_pref("extensions.funmoods.noFFXTlbr", false);
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.propectorlck", 67042735);
Deleted : user_pref("extensions.funmoods.prtkhmpg", 1);
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.stAdmnPrms", true);
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q=");
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q=");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.11.1622:47:56");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.11.16");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.11.1622:47:56");
Deleted : user_pref("extensions.funmoods_i.aflt", "make");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
Deleted : user_pref("extensions.funmoods_i.id", "28b7e4f7000000000000b8ac6fadb29f");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15375");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1622:47:56");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B4a1f2947-bbc4-476a-80d3-3e0ddc0a2534%[...]
Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "26/20/18/6/113");
Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Deleted : user_pref("speedbitvideodownloader.guid", "%7BB4113E75-CDDD-3BA8-125F-B4ED1E2D599D%7D");
Deleted : user_pref("speedbitvideodownloader.popupblockedcnt", "743");
Deleted : user_pref("speedbitvideodownloader.stored_historycombo", "////Sex%20Training");
Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Deleted : user_pref("speedbitvideodownloader_installed_version", "2.4.1");

File : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\qv2mekko.default\prefs.js

Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "59/16/7/10/111");
Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Deleted : user_pref("speedbitvideodownloader.guid", "%7B2902395C-5D94-0F50-1260-74F2B056DB66%7D");
Deleted : user_pref("speedbitvideodownloader.popupblockedcnt", "2");
Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Deleted : user_pref("speedbitvideodownloader_installed_version", "2.4.1");

File : C:\Users\Greg_2\AppData\Roaming\Mozilla\Firefox\Profiles\jectyurt.default\prefs.js

C:\Users\Greg_2\AppData\Roaming\Mozilla\Firefox\Profiles\jectyurt.default\user.js ... Deleted !

Deleted : user_pref("speedbitvideodownloader.Var1", "0");
Deleted : user_pref("speedbitvideodownloader.Var10", "0");
Deleted : user_pref("speedbitvideodownloader.Var2", "0");
Deleted : user_pref("speedbitvideodownloader.Var3", "0");
Deleted : user_pref("speedbitvideodownloader.Var4", "0");
Deleted : user_pref("speedbitvideodownloader.Var5", "0");
Deleted : user_pref("speedbitvideodownloader.Var6", "0");
Deleted : user_pref("speedbitvideodownloader.Var7", "0");
Deleted : user_pref("speedbitvideodownloader.Var8", "0");
Deleted : user_pref("speedbitvideodownloader.Var9", "0");
Deleted : user_pref("speedbitvideodownloader.cache.tbs_include_xml_spd", "34/6/8/11/111");
Deleted : user_pref("speedbitvideodownloader.firstlaunch", "0");
Deleted : user_pref("speedbitvideodownloader.guid", "%7BD385E990-A6C7-336D-1A49-A5C9591C11A7%7D");
Deleted : user_pref("speedbitvideodownloader.userId", "%12");
Deleted : user_pref("speedbitvideodownloader_installed_version", "2.4.1");

*************************

AdwCleaner[S1].txt - [23775 octets] - [18/07/2013 21:46:50]

########## EOF - C:\AdwCleaner[S1].txt - [23836 octets] ##########
 



#7 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 02:17 AM

5.  ESET Scan Log

 

(ESET ran for 18 hours and was then showing 93% complete, so I stopped it.  Here's the first quarter of the log file:

 

 

:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    
C:\Program Files (x86)\LimeWire\.NetworkShare\LimeWireWin5.5.10.exe    multiple threats    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\file0000\trzE091.tmp    Win64/Patched.A.Gen trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz246.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz275.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz2A5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz2F4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz343.tmp    Win64/Sirefef.AW trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz392.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz3D2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz401.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz450.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz49F.tmp    Win64/Conedex.C trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz4DF.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz50F.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz54E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz58D.tmp    Win64/Sirefef.AW trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz5BD.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz60C.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trz62C.tmp    Win64/Sirefef.AW trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF0E7.tmp    Win32/Sirefef.EZ trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF117.tmp    Win64/Sirefef.AD trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF1D3.tmp    Win64/Conedex.C trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF1F3.tmp    Win64/Sirefef.AW trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF223.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF263.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF292.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF2D2.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF321.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF351.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF390.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF3CF.tmp    Win64/Conedex.C trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF40F.tmp    a variant of Win32/Sirefef.FV trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF44E.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF47E.tmp    Win64/Sirefef.AN trojan    
C:\TDSSKiller_Quarantine\18.07.2013_20.45.21\zasubsys0000\zafs0000\trzF4CD.tmp    Win64/Conedex.C trojan    
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\5762288b-406385b4    multiple threats    
C:\Users\Greg\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\473345d1-48f98734    multiple threats    
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\ylbe2a1h.default\prefs.js    JS/SecurityDisabler.A.Gen application    
C:\Users\Greg\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab    Win32/OpenCandy application    
C:\Users\Greg\Downloads\avc-free(1).exe    Win32/OpenCandy application    
C:\Users\Greg\Downloads\avc-free(2).exe    Win32/OpenCandy application    
C:\Users\Greg\Downloads\avc-free.exe    Win32/OpenCandy application    
C:\Users\Greg\Downloads\cbsidlm-tr1_13-Free_PDF_Compressor-SEO-10420962.exe    Win32/DownloadAdmin.G application    
C:\Users\Greg\Downloads\disk-defrag-setup(3).exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\Greg\Downloads\disk-defrag-setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\Greg\Downloads\FreemakeVideoDownloaderSetup.exe    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\Greg\Downloads\GOMPLAYERENSETUP(4).EXE    Win32/OpenCandy application    
C:\Users\Greg\Downloads\winamp5623_full_emusic-7plus_all.exe    Win32/OpenCandy application    
C:\Users\Greg\Downloads\winamp563_full_emusic-7plus_all.exe    Win32/OpenCandy application    
C:\Users\Greg\Programs\LimeWireWin.exe    multiple threats    
C:\Users\Greg_2\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Users\Greg_2\Downloads\freepowerwordtopdfconverter-setup.exe    Win32/DownloadAdmin.G application    
C:\Users\Vicki\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask application    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1317.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1380.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz138C.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz138E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1390.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13B8.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13CA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13D2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13E0.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13F2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz13FC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1410.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz141D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1422.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1428.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1439.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz143F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1448.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz147B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz149C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz149D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz14A2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz14B3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz14C2.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz14F8.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1529.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1543.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1544.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1546.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz154D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1554.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1556.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1559.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz155A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1562.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1563.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz156A.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz156D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1573.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz157F.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz159F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1613.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1634.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz164E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1683.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz168B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz169E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz16A1.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz16BD.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz170A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz171A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1728.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz17B8.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz17CC.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz17D0.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz17F1.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1811.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1812.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1829.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz182B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1847.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1848.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz186B.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1878.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1894.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz18A5.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz18B5.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz18D2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz18E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz18F9.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz194B.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1957.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1989.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz19A2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz19BE.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz19C9.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz19E4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1A32.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1A3D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1A66.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1A77.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1AD4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1ADF.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1AE6.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1AFB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1AFC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B0B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B15.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B28.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B2B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B66.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B6A.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1B76.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1BA3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1BD0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1BE4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1BEF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1BFF.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1C0B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1C5A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1C5B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1C8.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1C99.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1CFD.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D4C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D4D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D67.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D75.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D89.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1D8A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1DD3.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1DED.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E11.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E15.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E2D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E3C.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E66.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E7E.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E92.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E94.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E95.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1E99.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1EBE.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1ED9.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1F04.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1F5A.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1F61.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1FBB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1FCB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1FD5.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz1FEB.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2015.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2024.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2052.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz20C2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz20DF.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz20F3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2113.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz212D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz215A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz215E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz216E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz217C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz217D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz218E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2198.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz21AC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz21BC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz21EE.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz21EF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2209.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2239.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz223A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz22C7.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz22D5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz22EF.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz22F1.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz22F4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2320.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2324.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2325.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz233.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2336.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2346.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz235F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2380.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz238F.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz23A3.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz241D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz242B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz245A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2486.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz248A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz249A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz24B4.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz24D5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz24F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2547.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz25DB.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz25F1.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz25FA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz25FB.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz262B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz264F.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz265.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz266A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2671.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2674.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2685.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2691.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz26B0.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz26D4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz26E5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2704.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2705.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2749.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz274A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz275A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz27A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz27AF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz27C1.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz27DA.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2803.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2845.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2847.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz285.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2871.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2883.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz289.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz289A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz28FF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz291E.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz292F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz293.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2944.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2953.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2954.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2956.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2964.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2977.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz298.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2980.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2995.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz29DF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A0D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A31.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A58.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A5A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A64.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A75.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2A90.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2AD2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B40.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B4C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B67.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B70.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B7C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2B83.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2BA1.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2BA6.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2BEE.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2BF0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C01.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C02.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C19.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C1D.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C49.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C50.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2C78.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CB4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CBA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CBB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CC5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CD.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2CEB.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D04.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D06.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D0B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D37.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D39.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D4A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D72.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2D8A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2DAC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2DC9.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E1F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E2B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E31.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E43.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E4D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E5A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E7.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E75.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2E9C.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2EB4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2EBB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2ECE.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2EE5.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2EF6.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F04.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F0C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F1.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F12.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F22.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F26.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F32.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F7.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F95.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F96.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2F9F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FA0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FA9.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FAA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FAC.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FB1.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FCE.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FD.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FD2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FE9.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FF1.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz2FF5.tmp    Win64/Conedex.B trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3001.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3011.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3027.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz303D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3048.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz305E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3076.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3080.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3092.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz30A2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz30CB.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz30D5.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz30F0.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz313A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3141.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz314B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3171.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz318E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31A7.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31A8.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31B5.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31B9.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31D8.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31D9.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz31DD.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz322F.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3244.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3245.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz324F.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz326F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz329E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz32C7.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz32D5.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz32E8.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3311.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3321.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3322.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3343.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3346.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3355.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz335F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3379.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz33AD.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz33D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz33ED.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz33FD.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3438.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz345B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz346F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3470.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3480.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3488.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz349.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz34E4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz34E6.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz350.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz354.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz356.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3566.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3573.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz358.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz35B7.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz35B9.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz35D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz362F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz364A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz365E.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz368A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3695.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz369B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36A2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36A3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36AD.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36C0.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36D7.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36D8.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36D9.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36E0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36E9.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz36F2.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz370F.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3711.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz374F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz376C.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3784.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz37A2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz37DC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz37E2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz37FC.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3801.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3802.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3821.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz384.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3843.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz385A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3861.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz38B3.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz38D3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz38DA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz38EC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz38F3.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3901.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz391E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz392D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3931.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3942.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3961.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz39B0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz39BF.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz39D.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A36.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A37.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A3E.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A7.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A79.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A88.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A8A.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A8B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A9B.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3A9C.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3AFF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B23.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B4F.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B6E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B71.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B7E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B7F.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B81.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3B91.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BB1.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BBF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BC4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BE3.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BF1.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3BFC.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C13.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C2E.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C3C.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C4D.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C59.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3C71.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CB0.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CB4.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CBA.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CEA.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CEC.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3CFA.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D06.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D2A.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D58.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D5B.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D5F.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3D9C.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3DBA.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3DBD.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3DC2.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3DE0.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E01.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E19.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E38.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E88.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E8D.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3E97.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3EA2.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3EB4.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3EC3.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3EEE.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3EF4.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3F35.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3F41.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3F72.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3FB1.tmp    Win64/Sirefef.AW trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3FD9.tmp    Win64/Conedex.C trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz3FE5.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz4015.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz4065.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz4071.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz4072.tmp    a variant of Win32/Sirefef.FV trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz4081.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz40AD.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz40BC.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz40DF.tmp    Win64/Sirefef.AN trojan    
C:\Windows\Installer\{12d72149-13ca-a11f-4fe7-a68620a47d0c}\U\trz40F8.tmp    a variant of Win32/Sirefef.FV trojan   



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 PM

Posted 19 July 2013 - 11:15 AM

Ok,
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.



Re-Run aswMBR
  • Click Scan
  • On completion of the scan, click the FIXMBR or FIX button
  • There is a slight pause after clicking the button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.

  • Save the log as before and post in your next reply.

Edited by boopme, 19 July 2013 - 11:18 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 19 July 2013 - 05:44 PM

I didn't receive the message 'Infection fixed successfully', however the scan completed.  Here's the log

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-18 20:53:12
-----------------------------
20:53:12.225    OS Version: Windows x64 6.1.7601 Service Pack 1
20:53:12.225    Number of processors: 4 586 0x2502
20:53:12.225    ComputerName: GREG-PC  UserName: Greg
20:53:14.627    Initialize success
20:53:14.955    AVAST engine defs: 13071701
20:53:55.125    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:53:55.125    Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
20:53:55.249    Disk 0 MBR read successfully
20:53:55.249    Disk 0 MBR scan
20:53:55.249    Disk 0 Windows 7 default MBR code
20:53:55.249    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63
20:53:55.265    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        10118 MB offset 145408
20:53:55.296    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       466750 MB offset 20867072
20:53:55.327    Disk 0 scanning C:\Windows\system32\drivers
20:54:06.013    Service scanning
20:54:06.700    Service 71013770 C:\Windows\system32\drivers\27089473.sys **HIDDEN**
20:54:24.250    Modules scanning
20:54:24.250    Disk 0 trace - called modules:
20:54:24.265    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:54:24.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b69060]
20:54:24.265    3 CLASSPNP.SYS[fffff880018ae43f] -> nt!IofCallDriver -> [0xfffffa80048ce580]
20:54:24.281    5 ACPI.sys[fffff88000f337a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048d0060]
20:54:24.999    AVAST engine scan C:\Windows
20:54:26.730    AVAST engine scan C:\Windows\system32
20:55:24.060    File: C:\Windows\system32\services.exe  **INFECTED** Win32:Sirefef-ZT [Trj]
20:55:48.278    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:55:50.212    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
20:56:43.448    AVAST engine scan C:\Windows\system32\drivers
20:56:54.306    AVAST engine scan C:\Users\Greg
21:33:48.963    AVAST engine scan C:\ProgramData
21:39:53.014    Scan finished successfully
21:44:20.297    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
21:44:20.297    The log file has been saved successfully to "C:\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-20 07:48:08
-----------------------------
07:48:08.396    OS Version: Windows x64 6.1.7601 Service Pack 1
07:48:08.396    Number of processors: 4 586 0x2502
07:48:08.396    ComputerName: GREG-PC  UserName: Greg
07:48:09.270    Initialize success
07:48:09.426    AVAST engine defs: 13071901
07:48:34.606    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:48:34.622    Disk 0 Vendor: WDC_WD5000AAKS-75V0A0 05.01D05 Size: 476940MB BusType: 3
07:48:34.747    Disk 0 MBR read successfully
07:48:34.747    Disk 0 MBR scan
07:48:34.747    Disk 0 Windows 7 default MBR code
07:48:34.762    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       70 MB offset 63
07:48:34.762    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        10118 MB offset 145408
07:48:34.778    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       466750 MB offset 20867072
07:48:34.793    Disk 0 scanning C:\Windows\system32\drivers
07:48:44.388    Service scanning
07:49:01.349    Modules scanning
07:49:01.364    Disk 0 trace - called modules:
07:49:01.380    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:49:01.395    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b98060]
07:49:01.395    3 CLASSPNP.SYS[fffff8800186743f] -> nt!IofCallDriver -> [0xfffffa80048e9e40]
07:49:01.395    5 ACPI.sys[fffff88000d6e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80048fe060]
07:49:02.082    AVAST engine scan C:\Windows
07:49:03.813    AVAST engine scan C:\Windows\system32
07:51:23.834    AVAST engine scan C:\Windows\system32\drivers
07:51:36.565    AVAST engine scan C:\Users\Greg
08:20:39.631    AVAST engine scan C:\ProgramData
08:25:50.069    Scan finished successfully
08:33:18.580    Verifying
08:33:28.592    Disk 0 Windows 601 MBR fixed successfully
08:40:03.397    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
08:40:03.437    The log file has been saved successfully to "C:\aswMBR.txt"

 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 PM

Posted 19 July 2013 - 08:20 PM

OK, well it's fixed . How is it running now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 20 July 2013 - 12:09 AM

It's running fine - I'm not getting the constant warning messages from Avast any more and there's no sign of other problems.

 

Can you please advise me on the best software combination I can use to minimise further infections.  As you know I'm running Avast Free Antivirus, MBAM and CC Cleaner, but I was wondering whether there are better options out there.  I'd prefer to stick with freeware, but if there's a good argument for the pro versions of my existing or alternative software, I'd be happy to go that way.  Also, since the software you've asked me to run to identify and clean the infections (TDSSKIller, aswMBR, AdwCleaner, ESET) are obviously effective, should I be running some or all of them periodically in addition to the other scans?

 

I'm also a bit confused about the firewall options.  I'm not sure if the standard WIndows 7 firewall is good enough, and have read where there are some good alternatives available.  We do a lot of on-line stuff from home, including all of our banking etc, so the more secure the better.



#12 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 20 July 2013 - 11:31 PM

I decided to upgrade to the full version of Avast!.  I ran a full system scan and it reported over 2400 threats, typically as follows:

 

File name:  C:\Windows\Installer\....\trzFD8F.tmp   

 

Threat:  WIn32:TRojan-gen OR

 

Threat:  WIn32:ZAccess-PB[Trj]

 

So it appears that the infection has returned or hasn't been completely removed.



#13 Hazmat99

Hazmat99
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:12 AM

Posted 20 July 2013 - 11:33 PM

I forgot to mention that when I clicked onthe default action 'Move to Chest' in Avast! once the scan had completed, each of the listed threats gave me the response:

 

"Error:  There is not enough space on the disk (112)"



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:12 PM

Posted 22 July 2013 - 09:23 AM

OK, Sorry for the delay.. It appears that 0Access may still be in her.. We need to repost about stubborn 0Access. Since you do banking we should get a deeper look. Please follow this Preparation Guide and post in a new topic.

We can address the other items after the machine is cleaned..
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users