1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Infected with trojans

Discussion in 'Malware and Virus Removal Archive' started by cspgsl, 2012/04/01.

  1. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    [Resolved] Infected with trojans

    I have a computer infected with trojan:win32/sirefef.AC and trojan:win32/sirefef.AH

    MS MSE has not been able to remove them

    The following posts are the first of the logs required

    Thanks
     
  2. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.01.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Marge :: MARGE-PERROTT [administrator]

    Protection: Disabled

    4/1/2012 3:09:43 PM
    mbam-log-2012-04-01 (15-09-43).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 199543
    Time elapsed: 2 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     

  3. to hide this advert.

  4. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-01 15:28:02
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_6Y080M0 rev.YAR511W0
    Running: drgu2r8w.exe; Driver: C:\Users\Marge\AppData\Local\Temp\kglyyuob.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13C1 82A7A3D9 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtOpenProcess 77435D88 5 Bytes JMP 00270010
    .text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtTerminateProcess 774368C8 5 Bytes JMP 00280010
    .text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateProcess 77435698 5 Bytes JMP 0041000A
    .text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateProcessEx 774356A8 5 Bytes JMP 0042000A
    .text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateUserProcess 77435778 5 Bytes JMP 0043000A
    .text C:\Windows\System32\ping.exe[1276] USER32.dll!GetCursorPos 75C7A4B3 5 Bytes JMP 005B000A
    .text C:\Windows\System32\ping.exe[1276] USER32.dll!CreateWindowExW 75C7EC7C 5 Bytes JMP 0062000A
    .text C:\Windows\System32\ping.exe[1276] USER32.dll!GetForegroundWindow 75C8335D 5 Bytes JMP 0061000A
    .text C:\Windows\System32\ping.exe[1276] USER32.dll!WindowFromPoint 75CA6BE9 5 Bytes JMP 005C000A
    .text C:\Windows\System32\ping.exe[1276] ole32.dll!CoCreateInstance 75EE9D0B 5 Bytes JMP 005A000A
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3144] kernel32.dll!SetUnhandledExceptionFilter 7604F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateProcess 77435698 5 Bytes JMP 005A000A
    .text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateProcessEx 774356A8 5 Bytes JMP 005C000A
    .text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateUserProcess 77435778 5 Bytes JMP 005D000A
    .text C:\Windows\System32\ping.exe[5908] USER32.dll!GetCursorPos 75C7A4B3 5 Bytes JMP 0080000A
    .text C:\Windows\System32\ping.exe[5908] USER32.dll!CreateWindowExW 75C7EC7C 5 Bytes JMP 00B8000A
    .text C:\Windows\System32\ping.exe[5908] USER32.dll!GetForegroundWindow 75C8335D 5 Bytes JMP 00B7000A
    .text C:\Windows\System32\ping.exe[5908] USER32.dll!WindowFromPoint 75CA6BE9 5 Bytes JMP 00B6000A
    .text C:\Windows\System32\ping.exe[5908] ole32.dll!CoCreateInstance 75EE9D0B 5 Bytes JMP 0062000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [613464F0] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134644A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61346370] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [613461D4] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346212] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346405] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
    IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) 90992000-909AC000 (106496 bytes)

    ---- Processes - GMER 1.0.15 ----

    Process C:\Windows\System32\ping.exe (*** hidden *** ) 1276
    Process PING.EXE (*** hidden *** ) 5308
    Process C:\Windows\System32\ping.exe (*** hidden *** ) 5908

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB65170$\2225240624 0 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\@ 2048 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\cfg.ini 281 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\L 0 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\L\xadqgnnk 83456 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\oemid 15 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U 0 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000000.@ 66560 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000032.@ 115712 bytes
    File C:\Windows\$NtUninstallKB65170$\2225240624\version 860 bytes
    File C:\Windows\$NtUninstallKB65170$\4035003871 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZL91Q6V\info_48[1] 4113 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZL91Q6V\videoscriptCAL2MN2Q.js 4368 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZL91Q6V\style[6].css 13030 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZL91Q6V\ErrorPageTemplate[1] 2168 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\defaultCAC4W62Z.jpg 3696 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\defaultCAFSIYWJ.jpg 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\defaultCAFY8YAJ.jpg 3622 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\bullet[1] 447 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\defaultCATQS4EO.jpg 3712 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q41Z36M2\btn_search[6].png 3218 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\spacer[4].gif 43 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\errorPageStrings[1] 2013 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCANAFT4E.jpg 3377 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\moveisp_com[1].htm 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCAEO438K.jpg 4583 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCA0KNORA.jpg 3573 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCA1EZO6Q.jpg 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCAKLPGHI.jpg 3676 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\defaultCA85L1QU.jpg 4865 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\configCARKE133.js 327 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\banner_300_250[5].png 2641 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0IICM0J\banner_468_60[3].png 2057 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\yt-no-image[2].gif 739 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\jquery.min[1].js 91556 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\httpErrorPagesScripts[1] 5573 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\icon_serch[2].png 414 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\defaultCA53IDT1.jpg 3686 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\defaultCACF6FM3.jpg 2319 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\down[1] 748 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\defaultCAMQOG3W.jpg 4764 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\defaultCAQ2VYGO.jpg 3662 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\defaultCASFR4M7.jpg 352 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X94CK5YZ\header[1].jpg 26409 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LNLKE7ML.txt 69 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 15:28:51
    -----------------------------
    15:28:51.717 OS Version: Windows 6.1.7601 Service Pack 1
    15:28:51.717 Number of processors: 2 586 0x1706
    15:28:51.719 ComputerName: MARGE-PERROTT UserName: Marge
    15:28:52.940 Initialize success
    15:29:10.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    15:29:10.531 Disk 0 Vendor: Maxtor_6Y080M0 YAR511W0 Size: 76324MB BusType: 3
    15:29:10.714 Disk 0 MBR read successfully
    15:29:10.722 Disk 0 MBR scan
    15:29:10.728 Disk 0 Windows 7 default MBR code
    15:29:10.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    15:29:10.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34900 MB offset 206848
    15:29:10.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 41322 MB offset 71682048
    15:29:11.022 Disk 0 scanning sectors +156309504
    15:29:11.284 Disk 0 scanning C:\Windows\system32\drivers
    15:29:36.563 Service scanning
    15:29:41.498 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    15:29:48.300 Modules scanning
    15:29:52.902 Module: C:\Windows\system32\DRIVERS\serial.sys **SUSPICIOUS**
    15:29:56.315 Disk 0 trace - called modules:
    15:29:56.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85fc8fd0]<<
    15:29:56.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d57798]
    15:29:56.376 3 CLASSPNP.SYS[8b1a859e] -> nt!IofCallDriver -> [0x8601cb88]
    15:29:56.385 \Driver\00000490[0x860161c8] -> IRP_MJ_CREATE -> 0x85fc8fd0
    15:29:56.396 Scan finished successfully
    15:30:11.603 Disk 0 MBR has been saved successfully to "d:\Marge\Desktop\tom\MBR.dat "
    15:30:11.614 The log file has been saved successfully to "d:\Marge\Desktop\tom\aswMBR.txt "
     
  6. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by Marge at 15:31:13 on 2012-04-01
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1743 [GMT -3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\System32\ico.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\FSRremoS.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\System32\Pelmiced.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    d:\Marge\Desktop\tom\drgu2r8w.exe
    C:\Windows\system32\conhost.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\prevhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.ca/
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Mouse Suite 98 Daemon] ICO.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{E892C5BF-13A4-424F-A374-85E1248B569B} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
    Hosts: 94.63.147.23 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\marge\appdata\roaming\mozilla\firefox\profiles\wn04tyb9.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-9-5 47640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 20464]
    S2 avgascln;Padfsvr;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 LRMINIPORT;Xpagentserver;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S2 rt2870;Entertainment;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-5 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-5 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-04-01 12:41:02 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6212bbe-8e25-4d22-b956-02be958cbfc0}\offreg.dll
    2012-03-31 15:34:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-31 15:17:28 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6212bbe-8e25-4d22-b956-02be958cbfc0}\mpengine.dll
    2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-15 01:15:26 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-15 01:15:25 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 11:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 11:47:33 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 11:46:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 11:46:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 11:46:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 11:46:35 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 11:46:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-14 11:46:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ==================== Find3M ====================
    .
    2012-02-16 16:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-06 21:05:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-02-06 21:05:51 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2012-02-06 21:05:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-02-06 21:05:49 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
    .
    ============= FINISH: 15:31:31.40 ===============
     
  7. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/5/2011 12:04:42 PM
    System Uptime: 4/1/2012 9:39:35 AM (6 hours ago)
    .
    Motherboard: LENOVO | | LENOVO
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 34 GiB total, 12.789 GiB free.
    D: is FIXED (NTFS) - 40 GiB total, 32.421 GiB free.
    E: is CDROM ()
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SD/MMC
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
    Manufacturer: Generic-
    Name: K:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: SM/xD-Picture
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
    Manufacturer: Generic-
    Name: J:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Compact Flash
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
    Manufacturer: Generic-
    Name: I:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: MS/MS-Pro
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
    Manufacturer: Generic-
    Name: L:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP104: 3/31/2012 2:26:31 PM - cleanup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.2)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Click to Call with Skype
    Fences
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 27
    LogMeIn
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Mouse Suite
    Mozilla Firefox 6.0.2 (x86 en-US)
    PerfectDisk 11 Professional
    Picasa 3
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealUpgrade 1.1
    Revo Uninstaller 1.93
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Skype™ 5.3
    swMSM
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/1/2012 9:57:00 AM, Error: Service Control Manager [7023] - The Se59unic service terminated with the following error: Access is denied.
    4/1/2012 9:41:52 AM, Error: Service Control Manager [7023] - The Hdthermal service terminated with the following error: Access is denied.
    4/1/2012 9:40:54 AM, Error: Service Control Manager [7023] - The Arcltsrv service terminated with the following error: Access is denied.
    4/1/2012 9:40:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    4/1/2012 9:40:19 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Wtwservice service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Lpx service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Btdriver service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Aeaudio service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Zebrsce service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Vclone service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Pinnaclemarvinusb service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The NhcDriverDevice service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The F700iat service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The W810bus service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Pxfhbus service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The PGPsdkDriver service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Omci service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: The specified module could not be found.
    4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Bt service terminated with the following error: The specified module could not be found.
    4/1/2012 3:12:00 PM, Error: Service Control Manager [7023] - The XBCD service terminated with the following error: Access is denied.
    4/1/2012 2:57:00 PM, Error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
    4/1/2012 2:42:00 PM, Error: Service Control Manager [7023] - The W700bus service terminated with the following error: Access is denied.
    4/1/2012 2:27:00 PM, Error: Service Control Manager [7023] - The W39n51 service terminated with the following error: Access is denied.
    4/1/2012 2:12:00 PM, Error: Service Control Manager [7023] - The FTSER2K service terminated with the following error: Access is denied.
    4/1/2012 12:57:00 PM, Error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
    4/1/2012 12:42:00 PM, Error: Service Control Manager [7023] - The Windowblinds service terminated with the following error: Access is denied.
     
  8. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    4/1/2012 12:27:00 PM, Error: Service Control Manager [7023] - The Omniusb service terminated with the following error: Access is denied.
    4/1/2012 12:12:00 PM, Error: Service Control Manager [7023] - The Rpskt service terminated with the following error: Access is denied.
    4/1/2012 11:57:00 AM, Error: Service Control Manager [7023] - The Emclisrv service terminated with the following error: Access is denied.
    4/1/2012 11:42:00 AM, Error: Service Control Manager [7023] - The Raysatxsi5_0server service terminated with the following error: Access is denied.
    4/1/2012 11:27:00 AM, Error: Service Control Manager [7023] - The Entertainment service terminated with the following error: Access is denied.
    4/1/2012 11:12:00 AM, Error: Service Control Manager [7023] - The Ccs service terminated with the following error: Access is denied.
    4/1/2012 10:57:00 AM, Error: Service Control Manager [7023] - The Fssfltr service terminated with the following error: Access is denied.
    4/1/2012 10:42:00 AM, Error: Service Control Manager [7023] - The Hpgate service terminated with the following error: Access is denied.
    4/1/2012 10:27:00 AM, Error: Service Control Manager [7023] - The ATMsg service terminated with the following error: Access is denied.
    4/1/2012 10:12:02 AM, Error: Service Control Manager [7023] - The Carboncopyscheduler service terminated with the following error: Access is denied.
    4/1/2012 1:57:00 PM, Error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied.
    4/1/2012 1:42:00 PM, Error: Service Control Manager [7023] - The Lxrjd31d service terminated with the following error: Access is denied.
    4/1/2012 1:27:00 PM, Error: Service Control Manager [7023] - The WUSB54Gv4SVC service terminated with the following error: Access is denied.
    4/1/2012 1:12:00 PM, Error: Service Control Manager [7023] - The Xpagentserver service terminated with the following error: Access is denied.
    3/31/2012 9:49:14 PM, Error: Service Control Manager [7023] - The Acedrv05 service terminated with the following error: Access is denied.
    3/31/2012 9:34:14 PM, Error: Service Control Manager [7023] - The NhcDriverDevice service terminated with the following error: Access is denied.
    3/31/2012 9:19:14 PM, Error: Service Control Manager [7023] - The Camdrl service terminated with the following error: Access is denied.
    3/31/2012 9:04:14 PM, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: Access is denied.
    3/31/2012 8:49:14 PM, Error: Service Control Manager [7023] - The Ibmpmdrv service terminated with the following error: Access is denied.
    3/31/2012 8:34:14 PM, Error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: Access is denied.
    3/31/2012 8:19:14 PM, Error: Service Control Manager [7023] - The PCDCODEC service terminated with the following error: Access is denied.
    3/31/2012 8:04:14 PM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: Access is denied.
    3/31/2012 7:49:14 PM, Error: Service Control Manager [7023] - The NetMsmqActivator service terminated with the following error: Access is denied.
    3/31/2012 7:34:14 PM, Error: Service Control Manager [7023] - The Pinnaclemarvinusb service terminated with the following error: Access is denied.
    3/31/2012 7:19:14 PM, Error: Service Control Manager [7023] - The Datunidr service terminated with the following error: Access is denied.
    3/31/2012 7:04:14 PM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: Access is denied.
    3/31/2012 6:49:14 PM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: Access is denied.
    3/31/2012 6:34:14 PM, Error: Service Control Manager [7023] - The Zebrsce service terminated with the following error: Access is denied.
    3/31/2012 6:19:14 PM, Error: Service Control Manager [7023] - The Icm10blk service terminated with the following error: Access is denied.
    3/31/2012 6:04:14 PM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: Access is denied.
    3/31/2012 5:49:14 PM, Error: Service Control Manager [7023] - The TdmService service terminated with the following error: Access is denied.
    3/31/2012 5:34:14 PM, Error: Service Control Manager [7023] - The Aeaudio service terminated with the following error: Access is denied.
    3/31/2012 5:19:14 PM, Error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: Access is denied.
    3/31/2012 5:04:14 PM, Error: Service Control Manager [7023] - The Procexp100 service terminated with the following error: Access is denied.
    3/31/2012 4:49:14 PM, Error: Service Control Manager [7023] - The F700iat service terminated with the following error: Access is denied.
    3/31/2012 4:34:14 PM, Error: Service Control Manager [7023] - The Se2Dnd5 service terminated with the following error: Access is denied.
    3/31/2012 4:19:14 PM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: Access is denied.
    3/31/2012 4:04:14 PM, Error: Service Control Manager [7023] - The ELacpi service terminated with the following error: Access is denied.
    3/31/2012 3:49:14 PM, Error: Service Control Manager [7023] - The W810bus service terminated with the following error: Access is denied.
    3/31/2012 3:34:15 PM, Error: Service Control Manager [7023] - The Servidor service terminated with the following error: Access is denied.
    3/31/2012 3:19:14 PM, Error: Service Control Manager [7023] - The Wtwservice service terminated with the following error: Access is denied.
    3/31/2012 3:04:14 PM, Error: Service Control Manager [7023] - The Pacsptisvr service terminated with the following error: Access is denied.
    3/31/2012 2:49:14 PM, Error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: Access is denied.
    3/31/2012 2:34:14 PM, Error: Service Control Manager [7023] - The Bt service terminated with the following error: Access is denied.
    3/31/2012 2:33:14 PM, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: Access is denied.
    3/31/2012 2:22:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/31/2012 2:19:45 PM, Error: Service Control Manager [7023] - The Ini910u service terminated with the following error: Access is denied.
    3/31/2012 2:04:45 PM, Error: Service Control Manager [7023] - The PGPsdkDriver service terminated with the following error: Access is denied.
    3/31/2012 12:50:14 PM, Error: Service Control Manager [7023] - The Wdmaud service terminated with the following error: Access is denied.
    3/31/2012 12:35:15 PM, Error: Service Control Manager [7023] - The Btdriver service terminated with the following error: Access is denied.
    3/31/2012 12:34:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/31/2012 12:17:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    3/31/2012 12:05:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/31/2012 10:49:14 PM, Error: Service Control Manager [7023] - The Pxfhbus service terminated with the following error: Access is denied.
    3/31/2012 10:34:15 PM, Error: Service Control Manager [7023] - The Vclone service terminated with the following error: Access is denied.
    3/31/2012 10:19:14 PM, Error: Service Control Manager [7023] - The Dpti2o service terminated with the following error: Access is denied.
    3/31/2012 10:04:14 PM, Error: Service Control Manager [7023] - The Omci service terminated with the following error: Access is denied.
    3/31/2012 1:49:45 PM, Error: Service Control Manager [7023] - The Anydlc service terminated with the following error: Access is denied.
    3/31/2012 1:48:47 PM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: Access is denied.
    3/31/2012 1:48:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/31/2012 1:35:14 PM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: Access is denied.
    3/31/2012 1:20:14 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_client-forms6ip9 service terminated with the following error: Access is denied.
    3/31/2012 1:05:14 PM, Error: Service Control Manager [7023] - The Lpx service terminated with the following error: Access is denied.
    3/30/2012 1:13:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/29/2012 2:52:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    3/29/2012 2:19:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/28/2012 9:38:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/27/2012 9:40:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/26/2012 3:31:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    3/25/2012 12:35:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    .
    ==== End Of File ===========================
     
  9. 2012/04/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================

    I'm little bit concern about your computing habits.
    You visited malware removal forum 4 times in 2011 and your computer is infected again.
    I strongly suggest you pay more attention to how you use the computer.


    =========================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    =========================================================
    As I indicated in our last encounter - http://www.windowsbbs.com/malware-virus-removal/100918-resolved-infected-ccproxy.html - I appreciate your concern and I strenuously thank you for your reply and assistance however once again, the computers that you refer to all belong to different friends. I am merely helping them through their problems (without regard to compensation I will add).

    My business is web design, not repair. It is a commercial effort and the reason my URL is not listed in my profile. I do have compassion for those close to me who run a muck and am pleased to assist whenever possible.

    This person is a retired school teacher whom I have known for many years. She is not wreckless in her computing practices, I can assure you.

    I shall run TDSSKiller shortly and respond
     
  11. 2012/04/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I see. My apology :)
     
  12. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    Thanks Broni

    18:07:22.0879 5540 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    18:07:23.0403 5540 ============================================================
    18:07:23.0403 5540 Current date / time: 2012/04/01 18:07:23.0403
    18:07:23.0403 5540 SystemInfo:
    18:07:23.0403 5540
    18:07:23.0403 5540 OS Version: 6.1.7601 ServicePack: 1.0
    18:07:23.0403 5540 Product type: Workstation
    18:07:23.0403 5540 ComputerName: MARGE-PERROTT
    18:07:23.0403 5540 UserName: Marge
    18:07:23.0403 5540 Windows directory: C:\Windows
    18:07:23.0403 5540 System windows directory: C:\Windows
    18:07:23.0403 5540 Processor architecture: Intel x86
    18:07:23.0403 5540 Number of processors: 2
    18:07:23.0403 5540 Page size: 0x1000
    18:07:23.0403 5540 Boot type: Normal boot
    18:07:23.0403 5540 ============================================================
    18:07:24.0592 5540 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:07:24.0726 5540 \Device\Harddisk0\DR0:
    18:07:24.0727 5540 MBR used
    18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x442A000
    18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C800, BlocksNum 0x50B5000
    18:07:24.0798 5540 Initialize success
    18:07:24.0798 5540 ============================================================
    18:07:46.0372 5640 ============================================================
    18:07:46.0372 5640 Scan started
    18:07:46.0372 5640 Mode: Manual;
    18:07:46.0372 5640 ============================================================
    18:07:48.0042 5640 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    18:07:48.0044 5640 1394ohci - ok
    18:07:48.0084 5640 a8djavs - ok
    18:07:48.0143 5640 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    18:07:48.0146 5640 ACPI - ok
    18:07:48.0185 5640 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    18:07:48.0186 5640 AcpiPmi - ok
    18:07:48.0209 5640 acs - ok
    18:07:48.0297 5640 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:07:48.0298 5640 AdobeARMservice - ok
    18:07:48.0372 5640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:07:48.0379 5640 adp94xx - ok
    18:07:48.0425 5640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    18:07:48.0429 5640 adpahci - ok
    18:07:48.0475 5640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    18:07:48.0478 5640 adpu320 - ok
    18:07:48.0537 5640 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    18:07:48.0538 5640 AeLookupSvc - ok
    18:07:48.0621 5640 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    18:07:48.0626 5640 AFD - ok
    18:07:48.0678 5640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    18:07:48.0679 5640 agp440 - ok
    18:07:48.0744 5640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    18:07:48.0745 5640 aic78xx - ok
    18:07:48.0814 5640 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    18:07:48.0816 5640 ALG - ok
    18:07:48.0862 5640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    18:07:48.0863 5640 aliide - ok
    18:07:48.0898 5640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    18:07:48.0899 5640 amdagp - ok
    18:07:48.0942 5640 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    18:07:48.0943 5640 amdide - ok
    18:07:49.0007 5640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    18:07:49.0008 5640 AmdK8 - ok
    18:07:49.0050 5640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    18:07:49.0051 5640 AmdPPM - ok
    18:07:49.0135 5640 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    18:07:49.0136 5640 amdsata - ok
    18:07:49.0193 5640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:07:49.0195 5640 amdsbs - ok
    18:07:49.0237 5640 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    18:07:49.0238 5640 amdxata - ok
    18:07:49.0311 5640 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    18:07:49.0312 5640 AppID - ok
    18:07:49.0390 5640 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    18:07:49.0391 5640 AppIDSvc - ok
    18:07:49.0447 5640 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    18:07:49.0448 5640 Appinfo - ok
    18:07:49.0514 5640 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:07:49.0515 5640 Apple Mobile Device - ok
    18:07:49.0578 5640 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    18:07:49.0580 5640 AppMgmt - ok
    18:07:49.0661 5640 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    18:07:49.0662 5640 arc - ok
    18:07:49.0709 5640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    18:07:49.0711 5640 arcsas - ok
    18:07:49.0769 5640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:07:49.0769 5640 AsyncMac - ok
    18:07:49.0803 5640 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    18:07:49.0803 5640 atapi - ok
    18:07:49.0851 5640 atfsd - ok
    18:07:49.0901 5640 ati - ok
    18:07:49.0986 5640 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:07:50.0029 5640 AudioEndpointBuilder - ok
    18:07:50.0053 5640 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:07:50.0056 5640 Audiosrv - ok
    18:07:50.0101 5640 avgascln - ok
    18:07:50.0182 5640 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    18:07:50.0184 5640 AxInstSV - ok
    18:07:50.0282 5640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    18:07:50.0289 5640 b06bdrv - ok
    18:07:50.0363 5640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    18:07:50.0366 5640 b57nd60x - ok
    18:07:50.0434 5640 bc_ip_f - ok
    18:07:50.0499 5640 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    18:07:50.0500 5640 BDESVC - ok
    18:07:50.0541 5640 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    18:07:50.0541 5640 Beep - ok
    18:07:50.0610 5640 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    18:07:50.0626 5640 BITS - ok
    18:07:50.0661 5640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:07:50.0661 5640 blbdrive - ok
    18:07:50.0734 5640 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    18:07:50.0740 5640 Bonjour Service - ok
    18:07:50.0784 5640 BootScreen - ok
    18:07:50.0846 5640 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    18:07:50.0848 5640 bowser - ok
    18:07:50.0889 5640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:07:50.0889 5640 BrFiltLo - ok
    18:07:50.0919 5640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:07:50.0919 5640 BrFiltUp - ok
    18:07:50.0969 5640 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    18:07:50.0971 5640 Browser - ok
    18:07:51.0011 5640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    18:07:51.0015 5640 Brserid - ok
    18:07:51.0045 5640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:07:51.0046 5640 BrSerWdm - ok
    18:07:51.0080 5640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:07:51.0081 5640 BrUsbMdm - ok
    18:07:51.0120 5640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:07:51.0121 5640 BrUsbSer - ok
    18:07:51.0161 5640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:07:51.0163 5640 BTHMODEM - ok
    18:07:51.0229 5640 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    18:07:51.0230 5640 bthserv - ok
    18:07:51.0262 5640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    18:07:51.0264 5640 cdfs - ok
    18:07:51.0347 5640 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    18:07:51.0349 5640 cdrom - ok
    18:07:51.0415 5640 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:07:51.0417 5640 CertPropSvc - ok
    18:07:51.0455 5640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    18:07:51.0456 5640 circlass - ok
    18:07:51.0513 5640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    18:07:51.0516 5640 CLFS - ok
    18:07:51.0589 5640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:07:51.0590 5640 clr_optimization_v2.0.50727_32 - ok
    18:07:51.0675 5640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:07:51.0677 5640 clr_optimization_v4.0.30319_32 - ok
    18:07:51.0739 5640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:07:51.0740 5640 CmBatt - ok
    18:07:51.0791 5640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    18:07:51.0792 5640 cmdide - ok
    18:07:51.0857 5640 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    18:07:51.0863 5640 CNG - ok
    18:07:51.0909 5640 commserver - ok
    18:07:51.0957 5640 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    18:07:51.0957 5640 Compbatt - ok
    18:07:52.0013 5640 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    18:07:52.0014 5640 CompositeBus - ok
    18:07:52.0050 5640 COMSysApp - ok
    18:07:52.0099 5640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:07:52.0100 5640 crcdisk - ok
    18:07:52.0171 5640 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    18:07:52.0172 5640 CryptSvc - ok
    18:07:52.0209 5640 CrystalSysInfo - ok
    18:07:52.0290 5640 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    18:07:52.0295 5640 CSC - ok
    18:07:52.0332 5640 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    18:07:52.0335 5640 CscService - ok
    18:07:52.0384 5640 ctxcpuusync - ok
    18:07:52.0434 5640 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:07:52.0440 5640 DcomLaunch - ok
    18:07:52.0498 5640 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\Windows\system32\drivers\DefragFS.sys
    18:07:52.0501 5640 DefragFS - ok
    18:07:52.0559 5640 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    18:07:52.0562 5640 defragsvc - ok
    18:07:52.0614 5640 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    18:07:52.0615 5640 DfsC - ok
    18:07:52.0694 5640 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    18:07:52.0696 5640 Dhcp - ok
    18:07:52.0767 5640 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    18:07:52.0768 5640 discache - ok
    18:07:52.0834 5640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    18:07:52.0835 5640 Disk - ok
    18:07:52.0881 5640 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    18:07:52.0886 5640 Dnscache - ok
    18:07:52.0949 5640 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    18:07:52.0952 5640 dot3svc - ok
    18:07:53.0022 5640 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    18:07:53.0025 5640 DPS - ok
    18:07:53.0081 5640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    18:07:53.0082 5640 drmkaud - ok
    18:07:53.0176 5640 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    18:07:53.0202 5640 DXGKrnl - ok
    18:07:53.0251 5640 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
    18:07:53.0254 5640 E100B - ok
    18:07:53.0288 5640 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    18:07:53.0290 5640 EapHost - ok
    18:07:53.0408 5640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    18:07:53.0490 5640 ebdrv - ok
    18:07:53.0522 5640 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    18:07:53.0523 5640 EFS - ok
    18:07:53.0591 5640 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    18:07:53.0615 5640 ehRecvr - ok
    18:07:53.0646 5640 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    18:07:53.0647 5640 ehSched - ok
    18:07:53.0676 5640 EhttpSrv - ok
    18:07:53.0762 5640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    18:07:53.0768 5640 elxstor - ok
    18:07:53.0801 5640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    18:07:53.0801 5640 ErrDev - ok
    18:07:53.0858 5640 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    18:07:53.0860 5640 EventSystem - ok
    18:07:53.0889 5640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    18:07:53.0892 5640 exfat - ok
    18:07:53.0902 5640 F700ius - ok
    18:07:53.0935 5640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    18:07:53.0938 5640 fastfat - ok
    18:07:53.0998 5640 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    18:07:54.0002 5640 Fax - ok
    18:07:54.0014 5640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    18:07:54.0015 5640 fdc - ok
    18:07:54.0053 5640 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    18:07:54.0054 5640 fdPHost - ok
    18:07:54.0091 5640 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    18:07:54.0092 5640 FDResPub - ok
    18:07:54.0114 5640 fgdxbus - ok
    18:07:54.0145 5640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    18:07:54.0147 5640 FileInfo - ok
    18:07:54.0182 5640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    18:07:54.0183 5640 Filetrace - ok
    18:07:54.0214 5640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:07:54.0215 5640 flpydisk - ok
    18:07:54.0267 5640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    18:07:54.0271 5640 FltMgr - ok
    18:07:54.0333 5640 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    18:07:54.0359 5640 FontCache - ok
    18:07:54.0417 5640 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:07:54.0418 5640 FontCache3.0.0.0 - ok
    18:07:54.0452 5640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    18:07:54.0453 5640 FsDepends - ok
    18:07:54.0483 5640 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    18:07:54.0484 5640 Fs_Rec - ok
    18:07:54.0547 5640 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    18:07:54.0549 5640 fvevol - ok
    18:07:54.0608 5640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:07:54.0609 5640 gagp30kx - ok
    18:07:54.0645 5640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:07:54.0645 5640 GEARAspiWDM - ok
    18:07:54.0708 5640 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    18:07:54.0726 5640 gpsvc - ok
    18:07:54.0778 5640 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:07:54.0780 5640 gusvc - ok
    18:07:54.0792 5640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    18:07:54.0792 5640 hcw85cir - ok
    18:07:54.0853 5640 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    18:07:54.0858 5640 HdAudAddService - ok
    18:07:54.0884 5640 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    18:07:54.0886 5640 HDAudBus - ok
    18:07:54.0913 5640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:07:54.0913 5640 HidBatt - ok
    18:07:54.0925 5640 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    18:07:54.0927 5640 HidBth - ok
    18:07:54.0942 5640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    18:07:54.0944 5640 HidIr - ok
    18:07:54.0976 5640 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    18:07:54.0977 5640 hidserv - ok
    18:07:55.0009 5640 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    18:07:55.0010 5640 HidUsb - ok
    18:07:55.0042 5640 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    18:07:55.0044 5640 hkmsvc - ok
    18:07:55.0085 5640 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    18:07:55.0087 5640 HomeGroupListener - ok
    18:07:55.0144 5640 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    18:07:55.0146 5640 HomeGroupProvider - ok
    18:07:55.0193 5640 HPFECP20 - ok
    18:07:55.0274 5640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    18:07:55.0275 5640 HpSAMD - ok
    18:07:55.0300 5640 hpzipr12 - ok
    18:07:55.0363 5640 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    18:07:55.0370 5640 HTTP - ok
    18:07:55.0401 5640 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    18:07:55.0402 5640 hwpolicy - ok
    18:07:55.0444 5640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    18:07:55.0445 5640 i8042prt - ok
    18:07:55.0464 5640 iaimtv1 - ok
    18:07:55.0538 5640 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    18:07:55.0543 5640 iaStorV - ok
    18:07:55.0653 5640 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:07:55.0679 5640 idsvc - ok
    18:07:55.0875 5640 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    18:07:55.0915 5640 igfx - ok
    18:07:55.0980 5640 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    18:07:55.0981 5640 iirsp - ok
    18:07:56.0034 5640 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    18:07:56.0039 5640 IKEEXT - ok
    18:07:56.0053 5640 IntelC51 - ok
    18:07:56.0077 5640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    18:07:56.0077 5640 intelide - ok
    18:07:56.0129 5640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    18:07:56.0130 5640 intelppm - ok
    18:07:56.0170 5640 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    18:07:56.0172 5640 IPBusEnum - ok
    18:07:56.0199 5640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:07:56.0201 5640 IpFilterDriver - ok
    18:07:56.0253 5640 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    18:07:56.0254 5640 IPMIDRV - ok
    18:07:56.0266 5640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    18:07:56.0271 5640 IPNAT - ok
    18:07:56.0331 5640 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
    18:07:56.0356 5640 iPod Service - ok
    18:07:56.0407 5640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    18:07:56.0408 5640 IRENUM - ok
    18:07:56.0454 5640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    18:07:56.0455 5640 isapnp - ok
    18:07:56.0483 5640 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    18:07:56.0486 5640 iScsiPrt - ok
    18:07:56.0521 5640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:07:56.0522 5640 kbdclass - ok
    18:07:56.0556 5640 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:07:56.0556 5640 kbdhid - ok
    18:07:56.0588 5640 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:07:56.0590 5640 KeyIso - ok
    18:07:56.0617 5640 KR10N - ok
    18:07:56.0641 5640 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    18:07:56.0642 5640 KSecDD - ok
    18:07:56.0677 5640 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    18:07:56.0680 5640 KSecPkg - ok
    18:07:56.0729 5640 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    18:07:56.0732 5640 KtmRm - ok
    18:07:56.0780 5640 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    18:07:56.0783 5640 LanmanServer - ok
    18:07:56.0825 5640 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    18:07:56.0828 5640 LanmanWorkstation - ok
    18:07:56.0901 5640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    18:07:56.0901 5640 lltdio - ok
    18:07:56.0933 5640 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    18:07:56.0937 5640 lltdsvc - ok
    18:07:56.0956 5640 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    18:07:56.0958 5640 lmhosts - ok
    18:07:57.0028 5640 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    18:07:57.0034 5640 LMIGuardianSvc - ok
    18:07:57.0059 5640 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    18:07:57.0059 5640 LMIInfo - ok
    18:07:57.0089 5640 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
    18:07:57.0090 5640 lmimirr - ok
    18:07:57.0123 5640 LMIRfsClientNP - ok
    18:07:57.0183 5640 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
    18:07:57.0184 5640 LMIRfsDriver - ok
    18:07:57.0220 5640 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    18:07:57.0226 5640 LogMeIn - ok
    18:07:57.0248 5640 LRMINIPORT - ok
    18:07:57.0316 5640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:07:57.0318 5640 LSI_FC - ok
    18:07:57.0352 5640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:07:57.0353 5640 LSI_SAS - ok
    18:07:57.0398 5640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:07:57.0399 5640 LSI_SAS2 - ok
    18:07:57.0413 5640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:07:57.0415 5640 LSI_SCSI - ok
    18:07:57.0460 5640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    18:07:57.0461 5640 luafv - ok
    18:07:57.0508 5640 lvckap - ok
    18:07:57.0536 5640 MA8032U - ok
    18:07:57.0570 5640 maya70docserver - ok
    18:07:57.0632 5640 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    18:07:57.0632 5640 MBAMProtector - ok
    18:07:57.0702 5640 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:07:57.0744 5640 MBAMService - ok
    18:07:57.0776 5640 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    18:07:57.0777 5640 Mcx2Svc - ok
    18:07:57.0820 5640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    18:07:57.0820 5640 megasas - ok
    18:07:57.0877 5640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:07:57.0880 5640 MegaSR - ok
    18:07:57.0920 5640 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:07:57.0922 5640 MMCSS - ok
    18:07:57.0964 5640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    18:07:57.0965 5640 Modem - ok
    18:07:58.0009 5640 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    18:07:58.0010 5640 monitor - ok
    18:07:58.0064 5640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    18:07:58.0064 5640 mouclass - ok
    18:07:58.0077 5640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    18:07:58.0078 5640 mouhid - ok
    18:07:58.0117 5640 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    18:07:58.0118 5640 mountmgr - ok
    18:07:58.0196 5640 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    18:07:58.0198 5640 MpFilter - ok
    18:07:58.0237 5640 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    18:07:58.0239 5640 mpio - ok
    18:07:58.0262 5640 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    18:07:58.0262 5640 MpNWMon - ok
    18:07:58.0286 5640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    18:07:58.0287 5640 mpsdrv - ok
    18:07:58.0311 5640 mqdmserd - ok
    18:07:58.0350 5640 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    18:07:58.0352 5640 MRxDAV - ok
    18:07:58.0406 5640 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:07:58.0407 5640 mrxsmb - ok
    18:07:58.0427 5640 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:07:58.0430 5640 mrxsmb10 - ok
    18:07:58.0452 5640 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
     
  13. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    18:07:58.0454 5640 mrxsmb20 - ok
    18:07:58.0498 5640 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    18:07:58.0499 5640 msahci - ok
    18:07:58.0535 5640 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    18:07:58.0536 5640 msdsm - ok
    18:07:58.0572 5640 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    18:07:58.0574 5640 MSDTC - ok
    18:07:58.0618 5640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    18:07:58.0619 5640 Msfs - ok
    18:07:58.0646 5640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    18:07:58.0647 5640 mshidkmdf - ok
    18:07:58.0658 5640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    18:07:58.0659 5640 msisadrv - ok
    18:07:58.0711 5640 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    18:07:58.0713 5640 MSiSCSI - ok
    18:07:58.0725 5640 msiserver - ok
    18:07:58.0767 5640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    18:07:58.0768 5640 MSKSSRV - ok
    18:07:58.0840 5640 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    18:07:58.0841 5640 MsMpSvc - ok
    18:07:58.0855 5640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:07:58.0856 5640 MSPCLOCK - ok
    18:07:58.0872 5640 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    18:07:58.0873 5640 MSPQM - ok
    18:07:58.0904 5640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    18:07:58.0907 5640 MsRPC - ok
    18:07:58.0943 5640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    18:07:58.0944 5640 mssmbios - ok
    18:07:58.0971 5640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    18:07:58.0972 5640 MSTEE - ok
    18:07:58.0983 5640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:07:58.0984 5640 MTConfig - ok
    18:07:59.0010 5640 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    18:07:59.0011 5640 Mup - ok
    18:07:59.0053 5640 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
    18:07:59.0060 5640 napagent - ok
    18:07:59.0097 5640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    18:07:59.0102 5640 NativeWifiP - ok
    18:07:59.0161 5640 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    18:07:59.0165 5640 NDIS - ok
    18:07:59.0193 5640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:07:59.0195 5640 NdisCap - ok
    18:07:59.0223 5640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:07:59.0223 5640 NdisTapi - ok
    18:07:59.0262 5640 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:07:59.0264 5640 Ndisuio - ok
    18:07:59.0302 5640 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:07:59.0304 5640 NdisWan - ok
    18:07:59.0334 5640 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    18:07:59.0335 5640 NDProxy - ok
    18:07:59.0362 5640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    18:07:59.0363 5640 NetBIOS - ok
    18:07:59.0403 5640 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    18:07:59.0406 5640 NetBT - ok
    18:07:59.0438 5640 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:07:59.0439 5640 Netlogon - ok
    18:07:59.0493 5640 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    18:07:59.0496 5640 Netman - ok
    18:07:59.0530 5640 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    18:07:59.0534 5640 netprofm - ok
    18:07:59.0594 5640 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:07:59.0598 5640 NetTcpPortSharing - ok
    18:07:59.0662 5640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:07:59.0663 5640 nfrd960 - ok
    18:07:59.0706 5640 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:07:59.0708 5640 NisDrv - ok
    18:07:59.0775 5640 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    18:07:59.0778 5640 NisSrv - ok
    18:07:59.0819 5640 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    18:07:59.0822 5640 NlaSvc - ok
    18:07:59.0853 5640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    18:07:59.0853 5640 Npfs - ok
    18:07:59.0892 5640 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    18:07:59.0894 5640 nsi - ok
    18:07:59.0929 5640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    18:07:59.0929 5640 nsiproxy - ok
    18:07:59.0958 5640 NSNDIS5 - ok
    18:08:00.0029 5640 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    18:08:00.0063 5640 Ntfs - ok
    18:08:00.0102 5640 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    18:08:00.0103 5640 Null - ok
    18:08:00.0166 5640 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    18:08:00.0168 5640 nvraid - ok
    18:08:00.0189 5640 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    18:08:00.0192 5640 nvstor - ok
    18:08:00.0204 5640 nvstor32 - ok
    18:08:00.0246 5640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    18:08:00.0247 5640 nv_agp - ok
    18:08:00.0328 5640 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:08:00.0344 5640 odserv - ok
    18:08:00.0377 5640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    18:08:00.0378 5640 ohci1394 - ok
    18:08:00.0388 5640 oracle_load_balancer_60_client-forms6ip14 - ok
    18:08:00.0419 5640 orbmediaservice - ok
    18:08:00.0459 5640 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:08:00.0462 5640 ose - ok
    18:08:00.0511 5640 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:08:00.0517 5640 p2pimsvc - ok
    18:08:00.0542 5640 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    18:08:00.0548 5640 p2psvc - ok
    18:08:00.0587 5640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    18:08:00.0589 5640 Parport - ok
    18:08:00.0623 5640 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    18:08:00.0624 5640 partmgr - ok
    18:08:00.0651 5640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    18:08:00.0651 5640 Parvdm - ok
    18:08:00.0685 5640 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    18:08:00.0689 5640 PcaSvc - ok
    18:08:00.0724 5640 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    18:08:00.0727 5640 pci - ok
    18:08:00.0746 5640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    18:08:00.0747 5640 pciide - ok
    18:08:00.0771 5640 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:08:00.0774 5640 pcmcia - ok
    18:08:00.0800 5640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    18:08:00.0801 5640 pcw - ok
    18:08:00.0899 5640 PDAgent (3ff5226c6dd90fe5f83d56c8a2c43e27) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    18:08:00.0941 5640 PDAgent - ok
    18:08:00.0988 5640 PDEngine (f10b9417f2fb8fc9bad241ef390ca609) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    18:08:01.0031 5640 PDEngine - ok
    18:08:01.0091 5640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    18:08:01.0109 5640 PEAUTH - ok
    18:08:01.0174 5640 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    18:08:01.0208 5640 PeerDistSvc - ok
    18:08:01.0261 5640 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
    18:08:01.0262 5640 pelmouse - ok
    18:08:01.0320 5640 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
    18:08:01.0321 5640 pelusblf - ok
    18:08:01.0352 5640 pinger - ok
    18:08:01.0434 5640 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    18:08:01.0467 5640 pla - ok
    18:08:01.0573 5640 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    18:08:01.0576 5640 PlugPlay - ok
    18:08:01.0621 5640 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    18:08:01.0622 5640 PNRPAutoReg - ok
    18:08:01.0653 5640 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:08:01.0656 5640 PNRPsvc - ok
    18:08:01.0698 5640 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    18:08:01.0703 5640 PolicyAgent - ok
    18:08:01.0732 5640 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    18:08:01.0735 5640 Power - ok
    18:08:01.0798 5640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    18:08:01.0800 5640 PptpMiniport - ok
    18:08:01.0825 5640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    18:08:01.0826 5640 Processor - ok
    18:08:01.0876 5640 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    18:08:01.0879 5640 ProfSvc - ok
    18:08:01.0912 5640 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:08:01.0915 5640 ProtectedStorage - ok
    18:08:01.0946 5640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    18:08:01.0947 5640 Psched - ok
    18:08:02.0005 5640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    18:08:02.0017 5640 ql2300 - ok
    18:08:02.0051 5640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:08:02.0053 5640 ql40xx - ok
    18:08:02.0092 5640 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    18:08:02.0097 5640 QWAVE - ok
    18:08:02.0124 5640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    18:08:02.0125 5640 QWAVEdrv - ok
    18:08:02.0144 5640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    18:08:02.0145 5640 RasAcd - ok
    18:08:02.0173 5640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:08:02.0174 5640 RasAgileVpn - ok
    18:08:02.0200 5640 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    18:08:02.0203 5640 RasAuto - ok
    18:08:02.0230 5640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:08:02.0232 5640 Rasl2tp - ok
    18:08:02.0279 5640 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    18:08:02.0283 5640 RasMan - ok
    18:08:02.0296 5640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:08:02.0298 5640 RasPppoe - ok
    18:08:02.0337 5640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    18:08:02.0339 5640 RasSstp - ok
    18:08:02.0370 5640 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    18:08:02.0374 5640 rdbss - ok
    18:08:02.0386 5640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:08:02.0387 5640 rdpbus - ok
    18:08:02.0430 5640 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:08:02.0431 5640 RDPCDD - ok
    18:08:02.0470 5640 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    18:08:02.0472 5640 RDPDR - ok
    18:08:02.0510 5640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    18:08:02.0510 5640 RDPENCDD - ok
    18:08:02.0538 5640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    18:08:02.0538 5640 RDPREFMP - ok
    18:08:02.0576 5640 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    18:08:02.0578 5640 RDPWD - ok
    18:08:02.0628 5640 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    18:08:02.0631 5640 rdyboost - ok
    18:08:02.0666 5640 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    18:08:02.0668 5640 RemoteAccess - ok
    18:08:02.0706 5640 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    18:08:02.0710 5640 RemoteRegistry - ok
    18:08:02.0755 5640 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    18:08:02.0758 5640 RpcEptMapper - ok
    18:08:02.0780 5640 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    18:08:02.0782 5640 RpcLocator - ok
    18:08:02.0824 5640 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:08:02.0828 5640 RpcSs - ok
    18:08:02.0877 5640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    18:08:02.0879 5640 rspndr - ok
    18:08:02.0901 5640 rt2870 - ok
    18:08:02.0941 5640 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    18:08:02.0942 5640 s3cap - ok
    18:08:02.0964 5640 SaiMini (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\framework.dll
    18:08:02.0965 5640 SaiMini ( Backdoor.Multi.ZAccess.gen ) - infected
    18:08:02.0965 5640 SaiMini - detected Backdoor.Multi.ZAccess.gen (0)
    18:08:02.0996 5640 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:08:02.0997 5640 SamSs - ok
    18:08:03.0037 5640 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    18:08:03.0039 5640 sbp2port - ok
    18:08:03.0073 5640 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    18:08:03.0076 5640 SCardSvr - ok
    18:08:03.0113 5640 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    18:08:03.0117 5640 scfilter - ok
    18:08:03.0180 5640 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    18:08:03.0206 5640 Schedule - ok
    18:08:03.0247 5640 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:08:03.0248 5640 SCPolicySvc - ok
    18:08:03.0277 5640 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    18:08:03.0280 5640 SDRSVC - ok
    18:08:03.0302 5640 se44nd5 - ok
    18:08:03.0386 5640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    18:08:03.0387 5640 secdrv - ok
    18:08:03.0419 5640 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    18:08:03.0422 5640 seclogon - ok
    18:08:03.0466 5640 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    18:08:03.0469 5640 SENS - ok
    18:08:03.0498 5640 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    18:08:03.0501 5640 SensrSvc - ok
    18:08:03.0556 5640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    18:08:03.0557 5640 Serenum - ok
    18:08:03.0588 5640 Serial (b88cc66e0c4dc9c82113e196623774da) C:\Windows\system32\DRIVERS\serial.sys
    18:08:03.0589 5640 Serial - ok
    18:08:03.0620 5640 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    18:08:03.0620 5640 sermouse - ok
    18:08:03.0688 5640 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    18:08:03.0691 5640 SessionEnv - ok
    18:08:03.0755 5640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    18:08:03.0755 5640 sffdisk - ok
    18:08:03.0789 5640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    18:08:03.0790 5640 sffp_mmc - ok
    18:08:03.0826 5640 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    18:08:03.0826 5640 sffp_sd - ok
    18:08:03.0859 5640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:08:03.0860 5640 sfloppy - ok
    18:08:03.0903 5640 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    18:08:03.0908 5640 SharedAccess - ok
    18:08:03.0948 5640 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    18:08:03.0951 5640 ShellHWDetection - ok
    18:08:03.0979 5640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    18:08:03.0981 5640 sisagp - ok
    18:08:04.0020 5640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:08:04.0021 5640 SiSRaid2 - ok
    18:08:04.0056 5640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:08:04.0057 5640 SiSRaid4 - ok
    18:08:04.0070 5640 SlNtHal - ok
    18:08:04.0116 5640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    18:08:04.0118 5640 Smb - ok
    18:08:04.0184 5640 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    18:08:04.0187 5640 SNMPTRAP - ok
    18:08:04.0210 5640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    18:08:04.0211 5640 spldr - ok
    18:08:04.0270 5640 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    18:08:04.0277 5640 Spooler - ok
    18:08:04.0375 5640 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    18:08:04.0426 5640 sppsvc - ok
    18:08:04.0460 5640 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    18:08:04.0463 5640 sppuinotify - ok
    18:08:04.0497 5640 sp_clamsrv - ok
    18:08:04.0565 5640 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    18:08:04.0570 5640 srv - ok
    18:08:04.0627 5640 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    18:08:04.0632 5640 srv2 - ok
    18:08:04.0667 5640 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    18:08:04.0669 5640 srvnet - ok
    18:08:04.0723 5640 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    18:08:04.0727 5640 SSDPSRV - ok
    18:08:04.0756 5640 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    18:08:04.0759 5640 SstpSvc - ok
    18:08:04.0791 5640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    18:08:04.0792 5640 stexstor - ok
    18:08:04.0836 5640 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    18:08:04.0844 5640 StiSvc - ok
    18:08:04.0879 5640 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    18:08:04.0881 5640 storflt - ok
    18:08:04.0915 5640 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    18:08:04.0917 5640 StorSvc - ok
    18:08:04.0956 5640 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    18:08:04.0958 5640 storvsc - ok
    18:08:04.0990 5640 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    18:08:04.0991 5640 swenum - ok
    18:08:05.0039 5640 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    18:08:05.0043 5640 swprv - ok
    18:08:05.0108 5640 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    18:08:05.0117 5640 SysMain - ok
    18:08:05.0156 5640 sysmonlog (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\framework.dll
    18:08:05.0157 5640 sysmonlog ( Backdoor.Multi.ZAccess.gen ) - infected
    18:08:05.0157 5640 sysmonlog - detected Backdoor.Multi.ZAccess.gen (0)
    18:08:05.0195 5640 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    18:08:05.0199 5640 TabletInputService - ok
    18:08:05.0251 5640 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    18:08:05.0257 5640 TapiSrv - ok
    18:08:05.0293 5640 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    18:08:05.0296 5640 TBS - ok
    18:08:05.0391 5640 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    18:08:05.0425 5640 Tcpip - ok
    18:08:05.0515 5640 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    18:08:05.0522 5640 TCPIP6 - ok
    18:08:05.0557 5640 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:08:05.0558 5640 tcpipreg - ok
    18:08:05.0607 5640 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    18:08:05.0608 5640 TDPIPE - ok
    18:08:05.0648 5640 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    18:08:05.0649 5640 TDTCP - ok
    18:08:05.0713 5640 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    18:08:05.0714 5640 tdx - ok
    18:08:05.0742 5640 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    18:08:05.0743 5640 TermDD - ok
    18:08:05.0794 5640 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    18:08:05.0799 5640 TermService - ok
    18:08:05.0839 5640 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    18:08:05.0843 5640 Themes - ok
    18:08:05.0878 5640 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:08:05.0880 5640 THREADORDER - ok
    18:08:05.0905 5640 tifm - ok
    18:08:05.0941 5640 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    18:08:05.0944 5640 TrkWks - ok
    18:08:05.0984 5640 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    18:08:05.0986 5640 TrustedInstaller - ok
    18:08:06.0052 5640 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:08:06.0053 5640 tssecsrv - ok
    18:08:06.0104 5640 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    18:08:06.0106 5640 TsUsbFlt - ok
    18:08:06.0146 5640 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    18:08:06.0147 5640 tunnel - ok
    18:08:06.0181 5640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    18:08:06.0182 5640 uagp35 - ok
    18:08:06.0226 5640 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    18:08:06.0229 5640 udfs - ok
    18:08:06.0278 5640 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    18:08:06.0281 5640 UI0Detect - ok
    18:08:06.0332 5640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    18:08:06.0333 5640 uliagpkx - ok
    18:08:06.0351 5640 ultra - ok
    18:08:06.0389 5640 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    18:08:06.0390 5640 umbus - ok
    18:08:06.0425 5640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    18:08:06.0426 5640 UmPass - ok
    18:08:06.0460 5640 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    18:08:06.0463 5640 UmRdpService - ok
    18:08:06.0501 5640 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    18:08:06.0507 5640 upnphost - ok
    18:08:06.0533 5640 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:08:06.0534 5640 usbccgp - ok
    18:08:06.0558 5640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    18:08:06.0559 5640 usbcir - ok
    18:08:06.0572 5640 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:08:06.0573 5640 usbehci - ok
    18:08:06.0621 5640 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    18:08:06.0625 5640 usbhub - ok
    18:08:06.0646 5640 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    18:08:06.0646 5640 usbohci - ok
    18:08:06.0692 5640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    18:08:06.0694 5640 usbprint - ok
    18:08:06.0721 5640 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    18:08:06.0722 5640 usbscan - ok
    18:08:06.0738 5640 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:08:06.0740 5640 USBSTOR - ok
    18:08:06.0768 5640 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    18:08:06.0769 5640 usbuhci - ok
    18:08:06.0807 5640 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    18:08:06.0810 5640 UxSms - ok
    18:08:06.0838 5640 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:08:06.0839 5640 VaultSvc - ok
    18:08:06.0849 5640 VCIDRV - ok
    18:08:06.0906 5640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    18:08:06.0907 5640 vdrvroot - ok
    18:08:06.0951 5640 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    18:08:06.0968 5640 vds - ok
    18:08:07.0015 5640 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:08:07.0016 5640 vga - ok
    18:08:07.0044 5640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    18:08:07.0044 5640 VgaSave - ok
    18:08:07.0076 5640 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    18:08:07.0079 5640 vhdmp - ok
    18:08:07.0136 5640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    18:08:07.0137 5640 viaagp - ok
    18:08:07.0151 5640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    18:08:07.0152 5640 ViaC7 - ok
    18:08:07.0189 5640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    18:08:07.0189 5640 viaide - ok
    18:08:07.0227 5640 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    18:08:07.0230 5640 vmbus - ok
    18:08:07.0259 5640 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    18:08:07.0260 5640 VMBusHID - ok
    18:08:07.0290 5640 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    18:08:07.0292 5640 volmgr - ok
    18:08:07.0319 5640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    18:08:07.0322 5640 volmgrx - ok
    18:08:07.0362 5640 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    18:08:07.0366 5640 volsnap - ok
    18:08:07.0411 5640 vpcbus - ok
    18:08:07.0436 5640 vsmon - ok
    18:08:07.0504 5640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:08:07.0506 5640 vsmraid - ok
    18:08:07.0561 5640 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    18:08:07.0569 5640 VSS - ok
    18:08:07.0596 5640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    18:08:07.0597 5640 vwifibus - ok
    18:08:07.0644 5640 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    18:08:07.0648 5640 W32Time - ok
    18:08:07.0688 5640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    18:08:07.0689 5640 WacomPen - ok
    18:08:07.0762 5640 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:08:07.0764 5640 WANARP - ok
    18:08:07.0770 5640 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:08:07.0771 5640 Wanarpv6 - ok
    18:08:07.0842 5640 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:08:07.0855 5640 WatAdminSvc - ok
    18:08:07.0941 5640 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    18:08:07.0958 5640 wbengine - ok
    18:08:07.0997 5640 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    18:08:08.0002 5640 WbioSrvc - ok
    18:08:08.0040 5640 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    18:08:08.0045 5640 wcncsvc - ok
    18:08:08.0088 5640 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    18:08:08.0091 5640 WcsPlugInService - ok
    18:08:08.0159 5640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    18:08:08.0160 5640 Wd - ok
    18:08:08.0202 5640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    18:08:08.0208 5640 Wdf01000 - ok
    18:08:08.0234 5640 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:08:08.0237 5640 WdiServiceHost - ok
    18:08:08.0244 5640 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:08:08.0247 5640 WdiSystemHost - ok
    18:08:08.0288 5640 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    18:08:08.0293 5640 WebClient - ok
    18:08:08.0327 5640 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    18:08:08.0331 5640 Wecsvc - ok
    18:08:08.0359 5640 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    18:08:08.0362 5640 wercplsupport - ok
    18:08:08.0405 5640 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    18:08:08.0408 5640 WerSvc - ok
    18:08:08.0443 5640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:08:08.0443 5640 WfpLwf - ok
    18:08:08.0474 5640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    18:08:08.0475 5640 WIMMount - ok
    18:08:08.0485 5640 WinHttpAutoProxySvc - ok
    18:08:08.0546 5640 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    18:08:08.0549 5640 Winmgmt - ok
    18:08:08.0630 5640 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    18:08:08.0639 5640 WinRM - ok
    18:08:08.0759 5640 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    18:08:08.0783 5640 Wlansvc - ok
    18:08:08.0793 5640 wm - ok
    18:08:08.0853 5640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    18:08:08.0853 5640 WmiAcpi - ok
    18:08:08.0914 5640 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    18:08:08.0916 5640 wmiApSrv - ok
    18:08:08.0998 5640 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:08:09.0033 5640 WMPNetworkSvc - ok
    18:08:09.0071 5640 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    18:08:09.0074 5640 WPCSvc - ok
    18:08:09.0107 5640 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    18:08:09.0112 5640 WPDBusEnum - ok
    18:08:09.0159 5640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    18:08:09.0159 5640 ws2ifsl - ok
    18:08:09.0170 5640 WSearch - ok
    18:08:09.0249 5640 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    18:08:09.0262 5640 wuauserv - ok
    18:08:09.0296 5640 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    18:08:09.0297 5640 WudfPf - ok
    18:08:09.0333 5640 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:08:09.0335 5640 WUDFRd - ok
    18:08:09.0382 5640 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    18:08:09.0385 5640 wudfsvc - ok
    18:08:09.0424 5640 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    18:08:09.0430 5640 WwanSvc - ok
    18:08:09.0515 5640 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    18:08:09.0549 5640 YahooAUService - ok
    18:08:09.0576 5640 zebrceb - ok
    18:08:09.0591 5640 zpmysql - ok
    18:08:09.0631 5640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    18:08:09.0672 5640 \Device\Harddisk0\DR0 - ok
    18:08:09.0677 5640 Boot (0x1200) (6227b4251492fabca4d9c19a940bfab6) \Device\Harddisk0\DR0\Partition0
    18:08:09.0680 5640 \Device\Harddisk0\DR0\Partition0 - ok
    18:08:09.0707 5640 Boot (0x1200) (619e6683ae71453345b8d00beeab4f8a) \Device\Harddisk0\DR0\Partition1
    18:08:09.0709 5640 \Device\Harddisk0\DR0\Partition1 - ok
    18:08:09.0732 5640 Boot (0x1200) (71ab87ef6aa3daebfe5991c889dcc4ee) \Device\Harddisk0\DR0\Partition2
    18:08:09.0733 5640 \Device\Harddisk0\DR0\Partition2 - ok
    18:08:09.0734 5640 ============================================================
    18:08:09.0734 5640 Scan finished
    18:08:09.0734 5640 ============================================================
    18:08:09.0755 4424 Detected object count: 2
    18:08:09.0755 4424 Actual detected object count: 2
    18:08:32.0647 4424 C:\Windows\system32\framework.dll - copied to quarantine
    18:08:32.0660 4424 HKLM\SYSTEM\ControlSet001\services\SaiMini - will be deleted on reboot
    18:08:32.0681 4424 HKLM\SYSTEM\ControlSet002\services\SaiMini - will be deleted on reboot
    18:08:32.0785 4424 C:\Windows\system32\framework.dll - will be deleted on reboot
    18:08:32.0785 4424 SaiMini ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    18:08:32.0794 4424 C:\Windows\system32\framework.dll - copied to quarantine
    18:08:32.0795 4424 HKLM\SYSTEM\ControlSet001\services\sysmonlog - will be deleted on reboot
    18:08:32.0798 4424 C:\Windows\system32\framework.dll - will be deleted on reboot
    18:08:32.0798 4424 sysmonlog ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    18:08:40.0313 4196 Deinitialize success
     
  14. 2012/04/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run TDSSKiller one more time.

    Then post new aswMBR log.
     
  15. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-01 18:51:39
    -----------------------------
    18:51:39.138 OS Version: Windows 6.1.7601 Service Pack 1
    18:51:39.139 Number of processors: 2 586 0x1706
    18:51:39.141 ComputerName: MARGE-PERROTT UserName: Marge
    18:51:52.546 Initialize success
    18:56:45.837 AVAST engine defs: 12040101
    18:57:03.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:57:03.642 Disk 0 Vendor: Maxtor_6Y080M0 YAR511W0 Size: 76324MB BusType: 3
    18:57:03.654 Disk 0 MBR read successfully
    18:57:03.659 Disk 0 MBR scan
    18:57:03.666 Disk 0 Windows 7 default MBR code
    18:57:03.686 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:57:03.705 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34900 MB offset 206848
    18:57:03.729 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 41322 MB offset 71682048
    18:57:03.754 Disk 0 scanning sectors +156309504
    18:57:03.814 Disk 0 scanning C:\Windows\system32\drivers
    18:57:11.577 Service scanning
    18:57:19.946 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
    18:57:29.462 Modules scanning
    18:57:32.846 Disk 0 trace - called modules:
    18:57:32.876 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
    18:57:32.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d54a78]
    18:57:32.894 3 CLASSPNP.SYS[8afdd59e] -> nt!IofCallDriver -> [0x858968d8]
    18:57:32.906 5 ACPI.sys[8ac8c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858b8030]
    18:57:33.236 AVAST engine scan C:\Windows
    18:57:34.186 AVAST engine scan C:\Windows\system32
    18:59:38.350 AVAST engine scan C:\Windows\system32\drivers
    18:59:47.757 AVAST engine scan C:\Users\Marge
    19:01:19.017 AVAST engine scan C:\ProgramData
    19:01:51.950 Scan finished successfully
    19:02:07.083 Disk 0 MBR has been saved successfully to "d:\Marge\Desktop\tom\MBR.dat "
    19:02:07.095 The log file has been saved successfully to "d:\Marge\Desktop\tom\aswMBR2.txt "
     
  16. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    18:46:33.0409 5336 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    18:46:33.0859 5336 ============================================================
    18:46:33.0859 5336 Current date / time: 2012/04/01 18:46:33.0859
    18:46:33.0859 5336 SystemInfo:
    18:46:33.0859 5336
    18:46:33.0859 5336 OS Version: 6.1.7601 ServicePack: 1.0
    18:46:33.0859 5336 Product type: Workstation
    18:46:33.0859 5336 ComputerName: MARGE-PERROTT
    18:46:33.0859 5336 UserName: Marge
    18:46:33.0859 5336 Windows directory: C:\Windows
    18:46:33.0859 5336 System windows directory: C:\Windows
    18:46:33.0859 5336 Processor architecture: Intel x86
    18:46:33.0859 5336 Number of processors: 2
    18:46:33.0859 5336 Page size: 0x1000
    18:46:33.0860 5336 Boot type: Normal boot
    18:46:33.0860 5336 ============================================================
    18:46:34.0930 5336 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:46:34.0946 5336 \Device\Harddisk0\DR0:
    18:46:34.0946 5336 MBR used
    18:46:34.0946 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    18:46:34.0946 5336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x442A000
    18:46:34.0947 5336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C800, BlocksNum 0x50B5000
    18:46:35.0020 5336 Initialize success
    18:46:35.0020 5336 ============================================================
    18:46:37.0830 5540 ============================================================
    18:46:37.0830 5540 Scan started
    18:46:37.0830 5540 Mode: Manual;
    18:46:37.0830 5540 ============================================================
    18:46:39.0657 5540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    18:46:39.0660 5540 1394ohci - ok
    18:46:39.0716 5540 a8djavs - ok
    18:46:39.0927 5540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    18:46:39.0929 5540 ACPI - ok
    18:46:39.0975 5540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    18:46:39.0976 5540 AcpiPmi - ok
    18:46:39.0999 5540 acs - ok
    18:46:40.0087 5540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:46:40.0088 5540 AdobeARMservice - ok
    18:46:40.0162 5540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:46:40.0169 5540 adp94xx - ok
    18:46:40.0215 5540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    18:46:40.0220 5540 adpahci - ok
    18:46:40.0257 5540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    18:46:40.0260 5540 adpu320 - ok
    18:46:40.0319 5540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
    18:46:40.0319 5540 AeLookupSvc - ok
    18:46:40.0377 5540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
    18:46:40.0382 5540 AFD - ok
    18:46:40.0426 5540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    18:46:40.0427 5540 agp440 - ok
    18:46:40.0483 5540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    18:46:40.0485 5540 aic78xx - ok
    18:46:40.0554 5540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
    18:46:40.0556 5540 ALG - ok
    18:46:40.0602 5540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    18:46:40.0603 5540 aliide - ok
    18:46:40.0637 5540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    18:46:40.0639 5540 amdagp - ok
    18:46:40.0682 5540 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    18:46:40.0684 5540 amdide - ok
    18:46:40.0755 5540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    18:46:40.0757 5540 AmdK8 - ok
    18:46:40.0798 5540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    18:46:40.0800 5540 AmdPPM - ok
    18:46:40.0858 5540 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
    18:46:40.0860 5540 amdsata - ok
    18:46:40.0908 5540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:46:40.0911 5540 amdsbs - ok
    18:46:40.0935 5540 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
    18:46:40.0937 5540 amdxata - ok
    18:46:40.0993 5540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    18:46:40.0994 5540 AppID - ok
    18:46:41.0088 5540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
    18:46:41.0089 5540 AppIDSvc - ok
    18:46:41.0158 5540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
    18:46:41.0159 5540 Appinfo - ok
    18:46:41.0212 5540 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:46:41.0213 5540 Apple Mobile Device - ok
    18:46:41.0278 5540 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
    18:46:41.0279 5540 AppMgmt - ok
    18:46:41.0376 5540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    18:46:41.0377 5540 arc - ok
    18:46:41.0416 5540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    18:46:41.0418 5540 arcsas - ok
    18:46:41.0474 5540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:46:41.0475 5540 AsyncMac - ok
    18:46:41.0522 5540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    18:46:41.0523 5540 atapi - ok
    18:46:41.0557 5540 atfsd - ok
    18:46:41.0607 5540 ati - ok
    18:46:41.0693 5540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:46:41.0696 5540 AudioEndpointBuilder - ok
    18:46:41.0734 5540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
    18:46:41.0737 5540 Audiosrv - ok
    18:46:41.0773 5540 avgascln - ok
    18:46:41.0855 5540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
    18:46:41.0857 5540 AxInstSV - ok
    18:46:41.0955 5540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    18:46:41.0973 5540 b06bdrv - ok
    18:46:42.0061 5540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    18:46:42.0065 5540 b57nd60x - ok
    18:46:42.0115 5540 bc_ip_f - ok
    18:46:42.0180 5540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
    18:46:42.0182 5540 BDESVC - ok
    18:46:42.0225 5540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    18:46:42.0226 5540 Beep - ok
    18:46:42.0291 5540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
    18:46:42.0296 5540 BITS - ok
    18:46:42.0335 5540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:46:42.0337 5540 blbdrive - ok
    18:46:42.0433 5540 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
    18:46:42.0438 5540 Bonjour Service - ok
    18:46:42.0482 5540 BootScreen - ok
    18:46:42.0553 5540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    18:46:42.0554 5540 bowser - ok
    18:46:42.0587 5540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:46:42.0589 5540 BrFiltLo - ok
    18:46:42.0625 5540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:46:42.0626 5540 BrFiltUp - ok
    18:46:42.0692 5540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
    18:46:42.0693 5540 Browser - ok
    18:46:42.0734 5540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    18:46:42.0738 5540 Brserid - ok
    18:46:42.0776 5540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:46:42.0779 5540 BrSerWdm - ok
    18:46:42.0828 5540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:46:42.0829 5540 BrUsbMdm - ok
    18:46:42.0850 5540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:46:42.0851 5540 BrUsbSer - ok
    18:46:42.0892 5540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:46:42.0894 5540 BTHMODEM - ok
    18:46:42.0994 5540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
    18:46:42.0995 5540 bthserv - ok
    18:46:43.0034 5540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    18:46:43.0037 5540 cdfs - ok
    18:46:43.0120 5540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    18:46:43.0123 5540 cdrom - ok
    18:46:43.0180 5540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:46:43.0181 5540 CertPropSvc - ok
    18:46:43.0220 5540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    18:46:43.0221 5540 circlass - ok
    18:46:43.0275 5540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    18:46:43.0277 5540 CLFS - ok
    18:46:43.0354 5540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:46:43.0356 5540 clr_optimization_v2.0.50727_32 - ok
    18:46:43.0482 5540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:46:43.0484 5540 clr_optimization_v4.0.30319_32 - ok
    18:46:43.0562 5540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:46:43.0563 5540 CmBatt - ok
    18:46:43.0614 5540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    18:46:43.0615 5540 cmdide - ok
    18:46:43.0705 5540 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
    18:46:43.0711 5540 CNG - ok
    18:46:43.0757 5540 commserver - ok
    18:46:43.0813 5540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    18:46:43.0814 5540 Compbatt - ok
    18:46:43.0878 5540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    18:46:43.0879 5540 CompositeBus - ok
    18:46:43.0915 5540 COMSysApp - ok
    18:46:43.0972 5540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:46:43.0974 5540 crcdisk - ok
    18:46:44.0027 5540 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
    18:46:44.0029 5540 CryptSvc - ok
    18:46:44.0065 5540 CrystalSysInfo - ok
    18:46:44.0138 5540 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    18:46:44.0145 5540 CSC - ok
    18:46:44.0188 5540 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
    18:46:44.0192 5540 CscService - ok
    18:46:44.0240 5540 ctxcpuusync - ok
    18:46:44.0298 5540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:46:44.0302 5540 DcomLaunch - ok
    18:46:44.0411 5540 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\Windows\system32\drivers\DefragFS.sys
    18:46:44.0413 5540 DefragFS - ok
    18:46:44.0491 5540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
    18:46:44.0495 5540 defragsvc - ok
    18:46:44.0548 5540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    18:46:44.0550 5540 DfsC - ok
    18:46:44.0617 5540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
    18:46:44.0619 5540 Dhcp - ok
    18:46:44.0684 5540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    18:46:44.0684 5540 discache - ok
    18:46:44.0723 5540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    18:46:44.0724 5540 Disk - ok
    18:46:44.0771 5540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
    18:46:44.0772 5540 Dnscache - ok
    18:46:44.0831 5540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
    18:46:44.0835 5540 dot3svc - ok
    18:46:44.0886 5540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
    18:46:44.0888 5540 DPS - ok
    18:46:45.0163 5540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    18:46:45.0163 5540 drmkaud - ok
    18:46:45.0240 5540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    18:46:45.0245 5540 DXGKrnl - ok
    18:46:45.0282 5540 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
    18:46:45.0284 5540 E100B - ok
    18:46:45.0368 5540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
    18:46:45.0370 5540 EapHost - ok
    18:46:45.0496 5540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    18:46:45.0591 5540 ebdrv - ok
    18:46:45.0645 5540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
    18:46:45.0647 5540 EFS - ok
    18:46:45.0692 5540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
    18:46:45.0734 5540 ehRecvr - ok
    18:46:45.0777 5540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
    18:46:45.0779 5540 ehSched - ok
    18:46:45.0840 5540 EhttpSrv - ok
    18:46:45.0952 5540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    18:46:45.0969 5540 elxstor - ok
    18:46:46.0024 5540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    18:46:46.0025 5540 ErrDev - ok
    18:46:46.0106 5540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
    18:46:46.0108 5540 EventSystem - ok
    18:46:46.0162 5540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    18:46:46.0165 5540 exfat - ok
    18:46:46.0206 5540 F700ius - ok
    18:46:46.0252 5540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    18:46:46.0255 5540 fastfat - ok
    18:46:46.0379 5540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
    18:46:46.0383 5540 Fax - ok
    18:46:46.0419 5540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    18:46:46.0420 5540 fdc - ok
    18:46:46.0461 5540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
    18:46:46.0462 5540 fdPHost - ok
    18:46:46.0490 5540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
    18:46:46.0491 5540 FDResPub - ok
    18:46:46.0531 5540 fgdxbus - ok
    18:46:46.0571 5540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    18:46:46.0572 5540 FileInfo - ok
    18:46:46.0614 5540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    18:46:46.0615 5540 Filetrace - ok
    18:46:46.0654 5540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:46:46.0655 5540 flpydisk - ok
    18:46:46.0707 5540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    18:46:46.0710 5540 FltMgr - ok
    18:46:46.0773 5540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
    18:46:46.0778 5540 FontCache - ok
    18:46:46.0833 5540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:46:46.0834 5540 FontCache3.0.0.0 - ok
    18:46:46.0867 5540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    18:46:46.0868 5540 FsDepends - ok
    18:46:46.0898 5540 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    18:46:46.0899 5540 Fs_Rec - ok
    18:46:46.0953 5540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    18:46:46.0954 5540 fvevol - ok
    18:46:46.0998 5540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:46:47.0000 5540 gagp30kx - ok
    18:46:47.0056 5540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:46:47.0057 5540 GEARAspiWDM - ok
    18:46:47.0131 5540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
    18:46:47.0149 5540 gpsvc - ok
    18:46:47.0217 5540 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:46:47.0220 5540 gusvc - ok
    18:46:47.0265 5540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    18:46:47.0266 5540 hcw85cir - ok
    18:46:47.0334 5540 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
    18:46:47.0339 5540 HdAudAddService - ok
    18:46:47.0382 5540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    18:46:47.0383 5540 HDAudBus - ok
    18:46:47.0408 5540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:46:47.0409 5540 HidBatt - ok
    18:46:47.0447 5540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    18:46:47.0449 5540 HidBth - ok
    18:46:47.0491 5540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    18:46:47.0493 5540 HidIr - ok
    18:46:47.0541 5540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
    18:46:47.0542 5540 hidserv - ok
    18:46:47.0614 5540 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    18:46:47.0615 5540 HidUsb - ok
    18:46:47.0665 5540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
    18:46:47.0666 5540 hkmsvc - ok
    18:46:47.0716 5540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
    18:46:47.0720 5540 HomeGroupListener - ok
    18:46:47.0750 5540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
    18:46:47.0753 5540 HomeGroupProvider - ok
    18:46:47.0798 5540 HPFECP20 - ok
    18:46:47.0888 5540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    18:46:47.0890 5540 HpSAMD - ok
    18:46:47.0948 5540 hpzipr12 - ok
    18:46:48.0011 5540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    18:46:48.0028 5540 HTTP - ok
    18:46:48.0066 5540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    18:46:48.0067 5540 hwpolicy - ok
    18:46:48.0117 5540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    18:46:48.0119 5540 i8042prt - ok
    18:46:48.0156 5540 iaimtv1 - ok
    18:46:48.0227 5540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
    18:46:48.0233 5540 iaStorV - ok
    18:46:48.0310 5540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:46:48.0316 5540 idsvc - ok
    18:46:48.0471 5540 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
    18:46:48.0582 5540 igfx - ok
    18:46:48.0636 5540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    18:46:48.0637 5540 iirsp - ok
    18:46:48.0710 5540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
    18:46:48.0715 5540 IKEEXT - ok
    18:46:48.0739 5540 IntelC51 - ok
    18:46:48.0776 5540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    18:46:48.0777 5540 intelide - ok
    18:46:48.0808 5540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    18:46:48.0809 5540 intelppm - ok
    18:46:48.0851 5540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
    18:46:48.0853 5540 IPBusEnum - ok
    18:46:48.0889 5540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:46:48.0891 5540 IpFilterDriver - ok
    18:46:48.0943 5540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    18:46:48.0945 5540 IPMIDRV - ok
    18:46:48.0975 5540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    18:46:48.0978 5540 IPNAT - ok
    18:46:49.0028 5540 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
    18:46:49.0054 5540 iPod Service - ok
    18:46:49.0105 5540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    18:46:49.0106 5540 IRENUM - ok
    18:46:49.0152 5540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    18:46:49.0154 5540 isapnp - ok
    18:46:49.0223 5540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    18:46:49.0227 5540 iScsiPrt - ok
    18:46:49.0278 5540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    18:46:49.0279 5540 kbdclass - ok
    18:46:49.0320 5540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    18:46:49.0321 5540 kbdhid - ok
    18:46:49.0361 5540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:46:49.0363 5540 KeyIso - ok
    18:46:49.0406 5540 KR10N - ok
    18:46:49.0455 5540 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
    18:46:49.0457 5540 KSecDD - ok
    18:46:49.0509 5540 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
    18:46:49.0511 5540 KSecPkg - ok
    18:46:49.0577 5540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
    18:46:49.0583 5540 KtmRm - ok
    18:46:49.0636 5540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
    18:46:49.0639 5540 LanmanServer - ok
    18:46:49.0723 5540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
    18:46:49.0726 5540 LanmanWorkstation - ok
    18:46:49.0845 5540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    18:46:49.0847 5540 lltdio - ok
    18:46:49.0889 5540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
    18:46:49.0893 5540 lltdsvc - ok
    18:46:49.0937 5540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
    18:46:49.0939 5540 lmhosts - ok
    18:46:50.0026 5540 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    18:46:50.0029 5540 LMIGuardianSvc - ok
    18:46:50.0057 5540 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    18:46:50.0057 5540 LMIInfo - ok
    18:46:50.0129 5540 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
    18:46:50.0130 5540 lmimirr - ok
    18:46:50.0169 5540 LMIRfsClientNP - ok
    18:46:50.0232 5540 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
    18:46:50.0232 5540 LMIRfsDriver - ok
    18:46:50.0268 5540 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
    18:46:50.0271 5540 LogMeIn - ok
    18:46:50.0314 5540 LRMINIPORT - ok
    18:46:50.0381 5540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:46:50.0383 5540 LSI_FC - ok
    18:46:50.0433 5540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:46:50.0435 5540 LSI_SAS - ok
    18:46:50.0471 5540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:46:50.0473 5540 LSI_SAS2 - ok
    18:46:50.0508 5540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:46:50.0511 5540 LSI_SCSI - ok
    18:46:50.0550 5540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    18:46:50.0552 5540 luafv - ok
    18:46:50.0589 5540 lvckap - ok
    18:46:50.0639 5540 MA8032U - ok
    18:46:50.0681 5540 maya70docserver - ok
    18:46:50.0756 5540 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
    18:46:50.0757 5540 MBAMProtector - ok
    18:46:50.0842 5540 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:46:50.0845 5540 MBAMService - ok
    18:46:50.0898 5540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
    18:46:50.0901 5540 Mcx2Svc - ok
    18:46:50.0943 5540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    18:46:50.0944 5540 megasas - ok
    18:46:51.0000 5540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:46:51.0004 5540 MegaSR - ok
    18:46:51.0067 5540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:46:51.0069 5540 MMCSS - ok
    18:46:51.0104 5540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    18:46:51.0105 5540 Modem - ok
    18:46:51.0169 5540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    18:46:51.0169 5540 monitor - ok
    18:46:51.0212 5540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    18:46:51.0212 5540 mouclass - ok
    18:46:51.0233 5540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    18:46:51.0234 5540 mouhid - ok
    18:46:51.0274 5540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    18:46:51.0275 5540 mountmgr - ok
    18:46:51.0327 5540 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
    18:46:51.0329 5540 MpFilter - ok
    18:46:51.0385 5540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    18:46:51.0387 5540 mpio - ok
    18:46:51.0434 5540 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
    18:46:51.0435 5540 MpNWMon - ok
    18:46:51.0489 5540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    18:46:51.0491 5540 mpsdrv - ok
    18:46:51.0539 5540 mqdmserd - ok
    18:46:51.0581 5540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    18:46:51.0583 5540 MRxDAV - ok
    18:46:51.0645 5540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:46:51.0648 5540 mrxsmb - ok
    18:46:51.0677 5540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:46:51.0681 5540 mrxsmb10 - ok
    18:46:51.0709 5540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:46:51.0711 5540 mrxsmb20 - ok
    18:46:51.0763 5540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    18:46:51.0764 5540 msahci - ok
    18:46:51.0816 5540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    18:46:51.0818 5540 msdsm - ok
    18:46:51.0869 5540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
    18:46:51.0873 5540 MSDTC - ok
    18:46:51.0941 5540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    18:46:51.0942 5540 Msfs - ok
    18:46:51.0977 5540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    18:46:51.0978 5540 mshidkmdf - ok
    18:46:52.0025 5540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    18:46:52.0026 5540 msisadrv - ok
    18:46:52.0068 5540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
    18:46:52.0071 5540 MSiSCSI - ok
    18:46:52.0097 5540 msiserver - ok
    18:46:52.0140 5540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    18:46:52.0141 5540 MSKSSRV - ok
    18:46:52.0222 5540 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    18:46:52.0222 5540 MsMpSvc - ok
    18:46:52.0248 5540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:46:52.0249 5540 MSPCLOCK - ok
    18:46:52.0273 5540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    18:46:52.0274 5540 MSPQM - ok
    18:46:52.0311 5540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    18:46:52.0314 5540 MsRPC - ok
    18:46:52.0349 5540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    18:46:52.0349 5540 mssmbios - ok
    18:46:52.0386 5540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    18:46:52.0386 5540 MSTEE - ok
    18:46:52.0415 5540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:46:52.0416 5540 MTConfig - ok
    18:46:52.0453 5540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    18:46:52.0454 5540 Mup - ok
    18:46:52.0509 5540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
     
  17. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    18:46:52.0513 5540 napagent - ok
    18:46:52.0567 5540 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    18:46:52.0571 5540 NativeWifiP - ok
    18:46:52.0633 5540 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    18:46:52.0637 5540 NDIS - ok
    18:46:52.0675 5540 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:46:52.0676 5540 NdisCap - ok
    18:46:52.0708 5540 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:46:52.0709 5540 NdisTapi - ok
    18:46:52.0760 5540 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:46:52.0762 5540 Ndisuio - ok
    18:46:52.0808 5540 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:46:52.0810 5540 NdisWan - ok
    18:46:52.0857 5540 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    18:46:52.0858 5540 NDProxy - ok
    18:46:52.0893 5540 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    18:46:52.0894 5540 NetBIOS - ok
    18:46:52.0934 5540 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    18:46:52.0937 5540 NetBT - ok
    18:46:52.0977 5540 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:46:52.0979 5540 Netlogon - ok
    18:46:53.0049 5540 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
    18:46:53.0052 5540 Netman - ok
    18:46:53.0086 5540 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
    18:46:53.0089 5540 netprofm - ok
    18:46:53.0154 5540 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:46:53.0155 5540 NetTcpPortSharing - ok
    18:46:53.0251 5540 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:46:53.0253 5540 nfrd960 - ok
    18:46:53.0295 5540 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:46:53.0297 5540 NisDrv - ok
    18:46:53.0373 5540 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    18:46:53.0374 5540 NisSrv - ok
    18:46:53.0425 5540 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
    18:46:53.0428 5540 NlaSvc - ok
    18:46:53.0486 5540 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    18:46:53.0487 5540 Npfs - ok
    18:46:53.0542 5540 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
    18:46:53.0545 5540 nsi - ok
    18:46:53.0576 5540 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    18:46:53.0576 5540 nsiproxy - ok
    18:46:53.0605 5540 NSNDIS5 - ok
    18:46:53.0685 5540 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
    18:46:53.0719 5540 Ntfs - ok
    18:46:53.0759 5540 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    18:46:53.0760 5540 Null - ok
    18:46:53.0814 5540 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
    18:46:53.0816 5540 nvraid - ok
    18:46:53.0879 5540 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
    18:46:53.0882 5540 nvstor - ok
    18:46:53.0914 5540 nvstor32 - ok
    18:46:53.0968 5540 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    18:46:53.0971 5540 nv_agp - ok
    18:46:54.0051 5540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:46:54.0085 5540 odserv - ok
    18:46:54.0150 5540 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    18:46:54.0152 5540 ohci1394 - ok
    18:46:54.0172 5540 oracle_load_balancer_60_client-forms6ip14 - ok
    18:46:54.0222 5540 orbmediaservice - ok
    18:46:54.0266 5540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:46:54.0267 5540 ose - ok
    18:46:54.0367 5540 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:46:54.0372 5540 p2pimsvc - ok
    18:46:54.0410 5540 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
    18:46:54.0416 5540 p2psvc - ok
    18:46:54.0493 5540 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    18:46:54.0495 5540 Parport - ok
    18:46:54.0579 5540 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    18:46:54.0580 5540 partmgr - ok
    18:46:54.0615 5540 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    18:46:54.0616 5540 Parvdm - ok
    18:46:54.0650 5540 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
    18:46:54.0652 5540 PcaSvc - ok
    18:46:54.0720 5540 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    18:46:54.0723 5540 pci - ok
    18:46:54.0777 5540 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    18:46:54.0779 5540 pciide - ok
    18:46:54.0827 5540 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:46:54.0830 5540 pcmcia - ok
    18:46:54.0878 5540 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    18:46:54.0879 5540 pcw - ok
    18:46:55.0046 5540 PDAgent (3ff5226c6dd90fe5f83d56c8a2c43e27) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    18:46:55.0092 5540 PDAgent - ok
    18:46:55.0154 5540 PDEngine (f10b9417f2fb8fc9bad241ef390ca609) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    18:46:55.0162 5540 PDEngine - ok
    18:46:55.0239 5540 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    18:46:55.0256 5540 PEAUTH - ok
    18:46:55.0368 5540 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
    18:46:55.0374 5540 PeerDistSvc - ok
    18:46:55.0417 5540 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
    18:46:55.0418 5540 pelmouse - ok
    18:46:55.0449 5540 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
    18:46:55.0450 5540 pelusblf - ok
    18:46:55.0488 5540 pinger - ok
    18:46:55.0574 5540 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
    18:46:55.0584 5540 pla - ok
    18:46:55.0637 5540 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
    18:46:55.0641 5540 PlugPlay - ok
    18:46:55.0692 5540 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
    18:46:55.0694 5540 PNRPAutoReg - ok
    18:46:55.0726 5540 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
    18:46:55.0730 5540 PNRPsvc - ok
    18:46:55.0772 5540 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
    18:46:55.0778 5540 PolicyAgent - ok
    18:46:55.0814 5540 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
    18:46:55.0817 5540 Power - ok
    18:46:55.0897 5540 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    18:46:55.0899 5540 PptpMiniport - ok
    18:46:55.0941 5540 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    18:46:55.0942 5540 Processor - ok
    18:46:56.0001 5540 procexp100 (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\dmadmin.dll
    18:46:56.0002 5540 procexp100 ( Backdoor.Multi.ZAccess.gen ) - infected
    18:46:56.0002 5540 procexp100 - detected Backdoor.Multi.ZAccess.gen (0)
    18:46:56.0058 5540 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
    18:46:56.0061 5540 ProfSvc - ok
    18:46:56.0103 5540 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:46:56.0104 5540 ProtectedStorage - ok
    18:46:56.0193 5540 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    18:46:56.0194 5540 Psched - ok
    18:46:56.0262 5540 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    18:46:56.0296 5540 ql2300 - ok
    18:46:56.0341 5540 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:46:56.0344 5540 ql40xx - ok
    18:46:56.0385 5540 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
    18:46:56.0388 5540 QWAVE - ok
    18:46:56.0422 5540 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    18:46:56.0424 5540 QWAVEdrv - ok
    18:46:56.0460 5540 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    18:46:56.0461 5540 RasAcd - ok
    18:46:56.0495 5540 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:46:56.0496 5540 RasAgileVpn - ok
    18:46:56.0529 5540 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
    18:46:56.0531 5540 RasAuto - ok
    18:46:56.0579 5540 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:46:56.0581 5540 Rasl2tp - ok
    18:46:56.0653 5540 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
    18:46:56.0657 5540 RasMan - ok
    18:46:56.0697 5540 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:46:56.0698 5540 RasPppoe - ok
    18:46:56.0740 5540 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    18:46:56.0742 5540 RasSstp - ok
    18:46:56.0793 5540 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    18:46:56.0798 5540 rdbss - ok
    18:46:56.0824 5540 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:46:56.0826 5540 rdpbus - ok
    18:46:56.0870 5540 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:46:56.0871 5540 RDPCDD - ok
    18:46:56.0927 5540 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    18:46:56.0929 5540 RDPDR - ok
    18:46:56.0975 5540 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    18:46:56.0976 5540 RDPENCDD - ok
    18:46:57.0008 5540 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    18:46:57.0009 5540 RDPREFMP - ok
    18:46:57.0058 5540 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
    18:46:57.0061 5540 RDPWD - ok
    18:46:57.0126 5540 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    18:46:57.0130 5540 rdyboost - ok
    18:46:57.0181 5540 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
    18:46:57.0184 5540 RemoteAccess - ok
    18:46:57.0239 5540 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
    18:46:57.0242 5540 RemoteRegistry - ok
    18:46:57.0290 5540 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
    18:46:57.0293 5540 RpcEptMapper - ok
    18:46:57.0329 5540 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
    18:46:57.0331 5540 RpcLocator - ok
    18:46:57.0389 5540 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
    18:46:57.0394 5540 RpcSs - ok
    18:46:57.0490 5540 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    18:46:57.0492 5540 rspndr - ok
    18:46:57.0547 5540 rt2870 - ok
    18:46:57.0615 5540 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    18:46:57.0616 5540 s3cap - ok
    18:46:57.0661 5540 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:46:57.0662 5540 SamSs - ok
    18:46:57.0711 5540 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    18:46:57.0713 5540 sbp2port - ok
    18:46:57.0785 5540 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
    18:46:57.0787 5540 SCardSvr - ok
    18:46:57.0845 5540 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    18:46:57.0846 5540 scfilter - ok
    18:46:57.0904 5540 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
    18:46:57.0929 5540 Schedule - ok
    18:46:57.0970 5540 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
    18:46:57.0971 5540 SCPolicySvc - ok
    18:46:58.0022 5540 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
    18:46:58.0025 5540 SDRSVC - ok
    18:46:58.0056 5540 se44nd5 - ok
    18:46:58.0152 5540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    18:46:58.0153 5540 secdrv - ok
    18:46:58.0195 5540 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
    18:46:58.0198 5540 seclogon - ok
    18:46:58.0230 5540 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
    18:46:58.0233 5540 SENS - ok
    18:46:58.0321 5540 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
    18:46:58.0324 5540 SensrSvc - ok
    18:46:58.0379 5540 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    18:46:58.0380 5540 Serenum - ok
    18:46:58.0429 5540 Serial (b88cc66e0c4dc9c82113e196623774da) C:\Windows\system32\DRIVERS\serial.sys
    18:46:58.0429 5540 Suspicious file (Forged): C:\Windows\system32\DRIVERS\serial.sys. Real md5: b88cc66e0c4dc9c82113e196623774da, Fake md5: 5fb7fcea0490d821f26f39cc5ea3d1e2
    18:46:58.0430 5540 Serial ( Virus.Win32.ZAccess.aml ) - infected
    18:46:58.0430 5540 Serial - detected Virus.Win32.ZAccess.aml (0)
    18:46:58.0468 5540 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    18:46:58.0469 5540 sermouse - ok
    18:46:58.0555 5540 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
    18:46:58.0558 5540 SessionEnv - ok
    18:46:58.0603 5540 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    18:46:58.0604 5540 sffdisk - ok
    18:46:58.0646 5540 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    18:46:58.0647 5540 sffp_mmc - ok
    18:46:58.0683 5540 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    18:46:58.0683 5540 sffp_sd - ok
    18:46:58.0729 5540 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:46:58.0730 5540 sfloppy - ok
    18:46:58.0768 5540 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
    18:46:58.0773 5540 SharedAccess - ok
    18:46:58.0846 5540 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
    18:46:58.0850 5540 ShellHWDetection - ok
    18:46:58.0895 5540 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    18:46:58.0896 5540 sisagp - ok
    18:46:58.0933 5540 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:46:58.0934 5540 SiSRaid2 - ok
    18:46:58.0971 5540 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:46:58.0973 5540 SiSRaid4 - ok
    18:46:58.0997 5540 SlNtHal - ok
    18:46:59.0089 5540 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    18:46:59.0091 5540 Smb - ok
    18:46:59.0160 5540 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
    18:46:59.0163 5540 SNMPTRAP - ok
    18:46:59.0192 5540 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    18:46:59.0193 5540 spldr - ok
    18:46:59.0251 5540 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
    18:46:59.0258 5540 Spooler - ok
    18:46:59.0373 5540 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
    18:46:59.0392 5540 sppsvc - ok
    18:46:59.0441 5540 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
    18:46:59.0444 5540 sppuinotify - ok
    18:46:59.0489 5540 sp_clamsrv - ok
    18:46:59.0588 5540 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
    18:46:59.0593 5540 srv - ok
    18:46:59.0642 5540 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
    18:46:59.0647 5540 srv2 - ok
    18:46:59.0689 5540 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
    18:46:59.0692 5540 srvnet - ok
    18:46:59.0738 5540 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
    18:46:59.0743 5540 SSDPSRV - ok
    18:46:59.0796 5540 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
    18:46:59.0799 5540 SstpSvc - ok
    18:46:59.0864 5540 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    18:46:59.0865 5540 stexstor - ok
    18:46:59.0925 5540 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
    18:46:59.0992 5540 StiSvc - ok
    18:47:00.0060 5540 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    18:47:00.0062 5540 storflt - ok
    18:47:00.0129 5540 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
    18:47:00.0132 5540 StorSvc - ok
    18:47:00.0179 5540 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    18:47:00.0180 5540 storvsc - ok
    18:47:00.0246 5540 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    18:47:00.0247 5540 swenum - ok
    18:47:00.0293 5540 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
    18:47:00.0297 5540 swprv - ok
    18:47:00.0383 5540 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
    18:47:00.0392 5540 SysMain - ok
    18:47:00.0451 5540 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
    18:47:00.0455 5540 TabletInputService - ok
    18:47:00.0532 5540 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
    18:47:00.0538 5540 TapiSrv - ok
    18:47:00.0574 5540 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
    18:47:00.0576 5540 TBS - ok
    18:47:00.0672 5540 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
    18:47:00.0705 5540 Tcpip - ok
    18:47:00.0771 5540 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
    18:47:00.0779 5540 TCPIP6 - ok
    18:47:00.0838 5540 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    18:47:00.0839 5540 tcpipreg - ok
    18:47:00.0888 5540 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    18:47:00.0889 5540 TDPIPE - ok
    18:47:00.0937 5540 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
    18:47:00.0939 5540 TDTCP - ok
    18:47:00.0994 5540 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    18:47:00.0996 5540 tdx - ok
    18:47:01.0032 5540 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    18:47:01.0032 5540 TermDD - ok
    18:47:01.0111 5540 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
    18:47:01.0116 5540 TermService - ok
    18:47:01.0182 5540 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
    18:47:01.0185 5540 Themes - ok
    18:47:01.0234 5540 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
    18:47:01.0236 5540 THREADORDER - ok
    18:47:01.0288 5540 tifm - ok
    18:47:01.0330 5540 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
    18:47:01.0333 5540 TrkWks - ok
    18:47:01.0368 5540 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
    18:47:01.0369 5540 TrustedInstaller - ok
    18:47:01.0441 5540 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:47:01.0443 5540 tssecsrv - ok
    18:47:01.0510 5540 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    18:47:01.0512 5540 TsUsbFlt - ok
    18:47:01.0574 5540 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    18:47:01.0576 5540 tunnel - ok
    18:47:01.0645 5540 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    18:47:01.0647 5540 uagp35 - ok
    18:47:01.0698 5540 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    18:47:01.0702 5540 udfs - ok
    18:47:01.0759 5540 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
    18:47:01.0762 5540 UI0Detect - ok
    18:47:01.0813 5540 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    18:47:01.0815 5540 uliagpkx - ok
    18:47:01.0838 5540 ultra - ok
    18:47:01.0887 5540 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    18:47:01.0888 5540 umbus - ok
    18:47:01.0931 5540 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    18:47:01.0932 5540 UmPass - ok
    18:47:01.0982 5540 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
    18:47:01.0986 5540 UmRdpService - ok
    18:47:02.0036 5540 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
    18:47:02.0040 5540 upnphost - ok
    18:47:02.0089 5540 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:47:02.0091 5540 usbccgp - ok
    18:47:02.0147 5540 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    18:47:02.0149 5540 usbcir - ok
    18:47:02.0175 5540 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:47:02.0177 5540 usbehci - ok
    18:47:02.0218 5540 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
    18:47:02.0222 5540 usbhub - ok
    18:47:02.0251 5540 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
    18:47:02.0253 5540 usbohci - ok
    18:47:02.0306 5540 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    18:47:02.0307 5540 usbprint - ok
    18:47:02.0343 5540 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
    18:47:02.0345 5540 usbscan - ok
    18:47:02.0378 5540 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:47:02.0380 5540 USBSTOR - ok
    18:47:02.0399 5540 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    18:47:02.0401 5540 usbuhci - ok
    18:47:02.0440 5540 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
    18:47:02.0442 5540 UxSms - ok
    18:47:02.0485 5540 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
    18:47:02.0487 5540 VaultSvc - ok
    18:47:02.0505 5540 VCIDRV - ok
    18:47:02.0562 5540 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    18:47:02.0564 5540 vdrvroot - ok
    18:47:02.0615 5540 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
    18:47:02.0632 5540 vds - ok
    18:47:02.0679 5540 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:47:02.0680 5540 vga - ok
    18:47:02.0716 5540 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    18:47:02.0717 5540 VgaSave - ok
    18:47:02.0765 5540 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    18:47:02.0768 5540 vhdmp - ok
    18:47:02.0817 5540 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    18:47:02.0818 5540 viaagp - ok
    18:47:02.0851 5540 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    18:47:02.0852 5540 ViaC7 - ok
    18:47:02.0895 5540 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    18:47:02.0896 5540 viaide - ok
    18:47:02.0949 5540 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    18:47:02.0953 5540 vmbus - ok
    18:47:02.0982 5540 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    18:47:02.0983 5540 VMBusHID - ok
    18:47:03.0038 5540 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    18:47:03.0040 5540 volmgr - ok
    18:47:03.0091 5540 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    18:47:03.0093 5540 volmgrx - ok
    18:47:03.0135 5540 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    18:47:03.0137 5540 volsnap - ok
    18:47:03.0172 5540 vpcbus - ok
    18:47:03.0213 5540 vsmon - ok
    18:47:03.0310 5540 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:47:03.0313 5540 vsmraid - ok
    18:47:03.0392 5540 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
    18:47:03.0400 5540 VSS - ok
    18:47:03.0443 5540 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    18:47:03.0444 5540 vwifibus - ok
    18:47:03.0497 5540 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
    18:47:03.0501 5540 W32Time - ok
    18:47:03.0552 5540 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    18:47:03.0553 5540 WacomPen - ok
    18:47:03.0610 5540 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:47:03.0613 5540 WANARP - ok
    18:47:03.0618 5540 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    18:47:03.0619 5540 Wanarpv6 - ok
    18:47:03.0697 5540 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
    18:47:03.0731 5540 WatAdminSvc - ok
    18:47:03.0822 5540 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
    18:47:03.0856 5540 wbengine - ok
    18:47:03.0919 5540 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
    18:47:03.0924 5540 WbioSrvc - ok
    18:47:03.0988 5540 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
    18:47:03.0992 5540 wcncsvc - ok
    18:47:04.0044 5540 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
    18:47:04.0047 5540 WcsPlugInService - ok
    18:47:04.0157 5540 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    18:47:04.0158 5540 Wd - ok
    18:47:04.0218 5540 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    18:47:04.0260 5540 Wdf01000 - ok
    18:47:04.0315 5540 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:47:04.0318 5540 WdiServiceHost - ok
    18:47:04.0323 5540 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
    18:47:04.0326 5540 WdiSystemHost - ok
    18:47:04.0369 5540 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
    18:47:04.0374 5540 WebClient - ok
    18:47:04.0408 5540 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
    18:47:04.0413 5540 Wecsvc - ok
    18:47:04.0448 5540 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
    18:47:04.0450 5540 wercplsupport - ok
    18:47:04.0494 5540 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
    18:47:04.0497 5540 WerSvc - ok
    18:47:04.0574 5540 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:47:04.0575 5540 WfpLwf - ok
    18:47:04.0613 5540 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    18:47:04.0614 5540 WIMMount - ok
    18:47:04.0622 5540 WinHttpAutoProxySvc - ok
    18:47:04.0702 5540 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
    18:47:04.0703 5540 Winmgmt - ok
    18:47:04.0782 5540 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
    18:47:04.0791 5540 WinRM - ok
    18:47:04.0873 5540 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
    18:47:04.0899 5540 Wlansvc - ok
    18:47:04.0922 5540 wm - ok
    18:47:04.0992 5540 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    18:47:04.0993 5540 WmiAcpi - ok
    18:47:05.0095 5540 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
    18:47:05.0098 5540 wmiApSrv - ok
    18:47:05.0204 5540 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:47:05.0238 5540 WMPNetworkSvc - ok
    18:47:05.0277 5540 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
    18:47:05.0280 5540 WPCSvc - ok
    18:47:05.0313 5540 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
    18:47:05.0316 5540 WPDBusEnum - ok
    18:47:05.0373 5540 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    18:47:05.0374 5540 ws2ifsl - ok
    18:47:05.0385 5540 WSearch - ok
    18:47:05.0471 5540 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
    18:47:05.0484 5540 wuauserv - ok
    18:47:05.0527 5540 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    18:47:05.0529 5540 WudfPf - ok
    18:47:05.0564 5540 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:47:05.0566 5540 WUDFRd - ok
    18:47:05.0646 5540 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
    18:47:05.0649 5540 wudfsvc - ok
    18:47:05.0722 5540 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
    18:47:05.0727 5540 WwanSvc - ok
    18:47:05.0830 5540 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    18:47:05.0871 5540 YahooAUService - ok
    18:47:05.0907 5540 zebrceb - ok
    18:47:05.0924 5540 zpmysql - ok
    18:47:05.0962 5540 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    18:47:06.0003 5540 \Device\Harddisk0\DR0 - ok
    18:47:06.0008 5540 Boot (0x1200) (6227b4251492fabca4d9c19a940bfab6) \Device\Harddisk0\DR0\Partition0
    18:47:06.0009 5540 \Device\Harddisk0\DR0\Partition0 - ok
    18:47:06.0038 5540 Boot (0x1200) (619e6683ae71453345b8d00beeab4f8a) \Device\Harddisk0\DR0\Partition1
    18:47:06.0039 5540 \Device\Harddisk0\DR0\Partition1 - ok
    18:47:06.0054 5540 Boot (0x1200) (71ab87ef6aa3daebfe5991c889dcc4ee) \Device\Harddisk0\DR0\Partition2
    18:47:06.0055 5540 \Device\Harddisk0\DR0\Partition2 - ok
    18:47:06.0057 5540 ============================================================
    18:47:06.0057 5540 Scan finished
    18:47:06.0057 5540 ============================================================
    18:47:06.0070 5532 Detected object count: 2
    18:47:06.0070 5532 Actual detected object count: 2
    18:47:13.0343 5532 C:\Windows\system32\dmadmin.dll - copied to quarantine
    18:47:13.0344 5532 HKLM\SYSTEM\ControlSet001\services\procexp100 - will be deleted on reboot
    18:47:13.0469 5532 C:\Windows\system32\dmadmin.dll - will be deleted on reboot
    18:47:13.0469 5532 procexp100 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    18:47:13.0589 5532 C:\Windows\system32\DRIVERS\serial.sys - copied to quarantine
    18:47:13.0592 5532 C:\Windows\$NtUninstallKB65170$\2225240624\@ - copied to quarantine
    18:47:13.0593 5532 C:\Windows\$NtUninstallKB65170$\2225240624\cfg.ini - copied to quarantine
    18:47:13.0594 5532 C:\Windows\$NtUninstallKB65170$\2225240624\Desktop.ini - copied to quarantine
    18:47:13.0608 5532 C:\Windows\$NtUninstallKB65170$\2225240624\L\xadqgnnk - copied to quarantine
    18:47:13.0609 5532 C:\Windows\$NtUninstallKB65170$\2225240624\oemid - copied to quarantine
    18:47:13.0617 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000001.@ - copied to quarantine
    18:47:13.0658 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000002.@ - copied to quarantine
    18:47:13.0668 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000004.@ - copied to quarantine
    18:47:13.0696 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000000.@ - copied to quarantine
    18:47:13.0713 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000004.@ - copied to quarantine
    18:47:13.0714 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000032.@ - copied to quarantine
    18:47:13.0716 5532 C:\Windows\$NtUninstallKB65170$\2225240624\version - copied to quarantine
    18:47:13.0874 5532 Backup copy not found, trying to cure infected file..
    18:47:13.0875 5532 Cure success, using it..
    18:47:13.0882 5532 C:\Windows\system32\DRIVERS\serial.sys - will be cured on reboot
    18:47:18.0389 5532 C:\Windows\$NtUninstallKB65170$\2225240624\@ - will be deleted on reboot
    18:47:18.0389 5532 C:\Windows\$NtUninstallKB65170$\2225240624\cfg.ini - will be deleted on reboot
    18:47:18.0389 5532 C:\Windows\$NtUninstallKB65170$\2225240624\Desktop.ini - will be deleted on reboot
    18:47:18.0390 5532 C:\Windows\$NtUninstallKB65170$\2225240624\oemid - will be deleted on reboot
    18:47:18.0390 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000001.@ - will be deleted on reboot
    18:47:18.0390 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000002.@ - will be deleted on reboot
    18:47:18.0391 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\00000004.@ - will be deleted on reboot
    18:47:18.0391 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000000.@ - will be deleted on reboot
    18:47:18.0391 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000004.@ - will be deleted on reboot
    18:47:18.0391 5532 C:\Windows\$NtUninstallKB65170$\2225240624\U\80000032.@ - will be deleted on reboot
    18:47:18.0391 5532 C:\Windows\$NtUninstallKB65170$\2225240624\version - will be deleted on reboot
    18:47:18.0392 5532 C:\Windows\$NtUninstallKB65170$\4035003871 - will be deleted on reboot
    18:47:18.0393 5532 Serial ( Virus.Win32.ZAccess.aml ) - User select action: Cure
    18:47:24.0155 5160 Deinitialize success
     
  18. 2012/04/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. 2012/04/01
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    I shall have to do it tomorrow morning. I am working remotely with the owner and it is past her bed time.

    I shall post it when I have it and await your response when you can get to it.

    Thanks again
     
  20. 2012/04/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
  21. 2012/04/02
    cspgsl Lifetime Subscription

    cspgsl Geek Member Thread Starter

    Joined:
    2008/07/23
    Messages:
    1,044
    Likes Received:
    8
    ComboFix 12-04-01.03 - Marge 04/02/2012 17:22:46.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.2494 [GMT -3:00]
    Running from: d:\marge\Desktop\tom\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB65170$
    c:\windows\$NtUninstallKB65170$\2225240624\L\xadqgnnk
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 20:28 . 2012-04-02 20:31 -------- d-----w- c:\users\Marge\AppData\Local\temp
    2012-04-02 20:28 . 2012-04-02 20:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-04-02 20:28 . 2012-04-02 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-01 21:47 . 2012-04-01 21:47 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-01 21:20 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5283F906-A5C7-4B40-A8DB-BDD28C3C0456}\mpengine.dll
    2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
    2012-03-15 01:15 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-15 01:15 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 11:47 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 11:47 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 11:46 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 11:46 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 11:46 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 11:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 11:46 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 11:46 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-01 21:48 . 2009-07-13 23:45 83456 ----a-w- c:\windows\system32\drivers\serial.sys
    2012-03-14 02:15 . 2011-09-05 20:26 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-16 16:04 . 2011-09-06 10:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-11 02:13 . 2012-02-11 02:13 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECB2CC9F-2222-4492-9A51-2EE2FDF14FB4}\gapaengine.dll
    2012-02-06 21:05 . 2011-09-05 15:09 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-02-06 21:05 . 2011-09-05 15:09 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-02-06 21:05 . 2011-09-05 15:09 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-02-06 21:05 . 2011-09-05 15:09 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-01-31 12:44 . 2011-09-05 15:21 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-04 08:58 . 2012-02-15 00:17 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2011-09-03 06:01 . 2011-09-08 17:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence "= "c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-01-11 63048]
    "MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "Mouse Suite 98 Daemon "= "ICO.EXE" [2004-07-14 57344]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
    "Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "TkBellExe "= "c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-28 296056]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin "= 0 (0x0)
    "ConsentPromptBehaviorUser "= 3 (0x3)
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)
    "PromptOnSecureDesktop "= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264} "= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @= "Service "
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1343400]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-02-06 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-01-11 12856]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    SlNtHal
    MA8032U
    CrystalSysInfo
    fgdxbus
    tifm
    atfsd
    se44nd5
    vpcbus
    avgascln
    SaiMini
    lvckap
    KR10N
    HPFECP20
    commserver
    zebrceb
    ctxcpuusync
    rt2870
    bc_ip_f
    LRMINIPORT
    acs
    a8djavs
    procexp100
    sysmonlog
    IntelC51
    pinger
    sp_clamsrv
    vsmon
    orbmediaservice
    zpmysql
    BootScreen
    EhttpSrv
    oracle_load_balancer_60_client-forms6ip14
    maya70docserver
    VCIDRV
    nvstor32
    NSNDIS5
    wm
    mqdmserd
    F700ius
    iaimtv1
    hpzipr12
    ati
    ultra
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Marge\AppData\Roaming\Mozilla\Firefox\Profiles\wn04tyb9.default\
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-43443442.sys
    SafeBoot-84988503.sys
    AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2080)
    c:\program files\Stardock\Fences\FencesMenu.dll
    c:\program files\stardock\fences\DesktopDock.dll
    c:\windows\System32\pelscrll.dll
    c:\windows\System32\PELCOMM.dll
    c:\windows\System32\PELHOOKS.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\windows\system32\conhost.exe
    c:\program files\Raxco\PerfectDisk\PDAgent.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\System32\ico.exe
    c:\windows\System32\FSRremoS.EXE
    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    c:\windows\System32\Pelmiced.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Raxco\PerfectDisk\PDEngine.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\windows\system32\sppsvc.exe
    c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    c:\windows\system32\DllHost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-02 17:35:33 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-02 20:35
    .
    Pre-Run: 11,374,333,952 bytes free
    Post-Run: 11,193,131,008 bytes free
    .
    - - End Of File - - 2B4CA99FF05D0438CEF37067903FF722
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.