Windows, Operating System, Security, Networking, Malware, Support, Forum, Help Site Check Our Facebook Page!
Notices
Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.


Register your FREE account to unlock additional features at WindowsBBS.com
   
 
 
LinkBack Thread Tools
Old 1st April 2012   #1
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System

[Resolved] Infected with trojans


I have a computer infected with trojan:win32/sirefef.AC and trojan:win32/sirefef.AH

MS MSE has not been able to remove them

The following posts are the first of the logs required

Thanks

cspgsl is offline  
Old 1st April 2012   #2
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.01.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Marge :: MARGE-PERROTT [administrator]

Protection: Disabled

4/1/2012 3:09:43 PM
mbam-log-2012-04-01 (15-09-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 199543
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cspgsl is offline  
Old 1st April 2012   #3
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-01 15:28:02
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Maxtor_6Y080M0 rev.YAR511W0
Running: drgu2r8w.exe; Driver: C:\Users\Marge\AppData\Local\Temp\kglyyuob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A7A3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtOpenProcess 77435D88 5 Bytes JMP 00270010
.text C:\Windows\system32\lsm.exe[568] ntdll.dll!NtTerminateProcess 774368C8 5 Bytes JMP 00280010
.text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateProcess 77435698 5 Bytes JMP 0041000A
.text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateProcessEx 774356A8 5 Bytes JMP 0042000A
.text C:\Windows\System32\ping.exe[1276] ntdll.dll!NtCreateUserProcess 77435778 5 Bytes JMP 0043000A
.text C:\Windows\System32\ping.exe[1276] USER32.dll!GetCursorPos 75C7A4B3 5 Bytes JMP 005B000A
.text C:\Windows\System32\ping.exe[1276] USER32.dll!CreateWindowExW 75C7EC7C 5 Bytes JMP 0062000A
.text C:\Windows\System32\ping.exe[1276] USER32.dll!GetForegroundWindow 75C8335D 5 Bytes JMP 0061000A
.text C:\Windows\System32\ping.exe[1276] USER32.dll!WindowFromPoint 75CA6BE9 5 Bytes JMP 005C000A
.text C:\Windows\System32\ping.exe[1276] ole32.dll!CoCreateInstance 75EE9D0B 5 Bytes JMP 005A000A
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3144] kernel32.dll!SetUnhandledExceptionFilter 7604F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateProcess 77435698 5 Bytes JMP 005A000A
.text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateProcessEx 774356A8 5 Bytes JMP 005C000A
.text C:\Windows\System32\ping.exe[5908] ntdll.dll!NtCreateUserProcess 77435778 5 Bytes JMP 005D000A
.text C:\Windows\System32\ping.exe[5908] USER32.dll!GetCursorPos 75C7A4B3 5 Bytes JMP 0080000A
.text C:\Windows\System32\ping.exe[5908] USER32.dll!CreateWindowExW 75C7EC7C 5 Bytes JMP 00B8000A
.text C:\Windows\System32\ping.exe[5908] USER32.dll!GetForegroundWindow 75C8335D 5 Bytes JMP 00B7000A
.text C:\Windows\System32\ping.exe[5908] USER32.dll!WindowFromPoint 75CA6BE9 5 Bytes JMP 00B6000A
.text C:\Windows\System32\ping.exe[5908] ole32.dll!CoCreateInstance 75EE9D0B 5 Bytes JMP 0062000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2160] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7548FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileA] [613464F0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134644A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61346370] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [613461D4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346212] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346405] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [613462A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346C41] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134636A] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3380] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 90992000-909AC000 (106496 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Windows\System32\ping.exe (*** hidden *** ) 1276
Process PING.EXE (*** hidden *** ) 5308
Process C:\Windows\System32\ping.exe (*** hidden *** ) 5908

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB65170$\2225240624 0 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\@ 2048 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\cfg.ini 281 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\L 0 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\L\xadqgnnk 83456 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\oemid 15 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U 0 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000000.@ 66560 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\U\80000032.@ 115712 bytes
File C:\Windows\$NtUninstallKB65170$\2225240624\version 860 bytes
File C:\Windows\$NtUninstallKB65170$\4035003871 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8ZL91Q6V\info_48[1] 4113 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8ZL91Q6V\videoscriptCAL2MN2Q.js 4368 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8ZL91Q6V\style[6].css 13030 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\8ZL91Q6V\ErrorPageTemplate[1] 2168 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\defaultCAC4W62Z.jpg 3696 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\defaultCAFSIYWJ.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\defaultCAFY8YAJ.jpg 3622 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\bullet[1] 447 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\defaultCATQS4EO.jpg 3712 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\Q41Z36M2\btn_search[6].png 3218 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\spacer[4].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\errorPageStrings[1] 2013 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCANAFT4E.jpg 3377 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\moveisp_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCAEO438K.jpg 4583 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCA0KNORA.jpg 3573 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCA1EZO6Q.jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCAKLPGHI.jpg 3676 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\defaultCA85L1QU.jpg 4865 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\configCARKE133.js 327 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\banner_300_250[5].png 2641 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\R0IICM0J\banner_468_60[3].png 2057 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\yt-no-image[2].gif 739 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\jquery.min[1].js 91556 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\httpErrorPagesScripts[1] 5573 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\icon_serch[2].png 414 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\defaultCA53IDT1.jpg 3686 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\defaultCACF6FM3.jpg 2319 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\down[1] 748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\defaultCAMQOG3W.jpg 4764 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\defaultCAQ2VYGO.jpg 3662 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\defaultCASFR4M7.jpg 352 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\X94CK5YZ\header[1].jpg 26409 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\LNLKE7ML.txt 69 bytes

---- EOF - GMER 1.0.15 ----

cspgsl is offline  
Old 1st April 2012   #4
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 15:28:51
-----------------------------
15:28:51.717 OS Version: Windows 6.1.7601 Service Pack 1
15:28:51.717 Number of processors: 2 586 0x1706
15:28:51.719 ComputerName: MARGE-PERROTT UserName: Marge
15:28:52.940 Initialize success
15:29:10.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:29:10.531 Disk 0 Vendor: Maxtor_6Y080M0 YAR511W0 Size: 76324MB BusType: 3
15:29:10.714 Disk 0 MBR read successfully
15:29:10.722 Disk 0 MBR scan
15:29:10.728 Disk 0 Windows 7 default MBR code
15:29:10.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:29:10.835 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34900 MB offset 206848
15:29:10.889 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 41322 MB offset 71682048
15:29:11.022 Disk 0 scanning sectors +156309504
15:29:11.284 Disk 0 scanning C:\Windows\system32\drivers
15:29:36.563 Service scanning
15:29:41.498 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:29:48.300 Modules scanning
15:29:52.902 Module: C:\Windows\system32\DRIVERS\serial.sys **SUSPICIOUS**
15:29:56.315 Disk 0 trace - called modules:
15:29:56.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85fc8fd0]<<
15:29:56.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d57798]
15:29:56.376 3 CLASSPNP.SYS[8b1a859e] -> nt!IofCallDriver -> [0x8601cb88]
15:29:56.385 \Driver\00000490[0x860161c8] -> IRP_MJ_CREATE -> 0x85fc8fd0
15:29:56.396 Scan finished successfully
15:30:11.603 Disk 0 MBR has been saved successfully to "d:\Marge\Desktop\tom\MBR.dat"
15:30:11.614 The log file has been saved successfully to "d:\Marge\Desktop\tom\aswMBR.txt"

cspgsl is offline  
Old 1st April 2012   #5
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Marge at 15:31:13 on 2012-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1743 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\ico.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\FSRremoS.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
d:\Marge\Desktop\tom\drgu2r8w.exe
C:\Windows\system32\conhost.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin .dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E892C5BF-13A4-424F-A374-85E1248B569B} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
IFEO: ehshell.exe - "c:\program files\logmein\x86\LogMeInSystray.exe" -MceShellRedirect
Hosts: 94.63.147.23 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marge\appdata\roaming\mozilla\firefox\profiles\wn04tyb9.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchrom ebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5 videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-7-6 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-1-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-9-5 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-8 652360]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 20464]
S2 avgascln;Padfsvr;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LRMINIPORT;Xpagentserver;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 rt2870;Entertainment;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-9-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-9-5 1343400]
.
=============== Created Last 30 ================
.
2012-04-01 12:41:02 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6212bbe-8e25-4d22-b956-02be958cbfc0}\offreg.dll
2012-03-31 15:34:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-31 15:17:28 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c6212bbe-8e25-4d22-b956-02be958cbfc0}\mpengine.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-15 01:15:26 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 01:15:25 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 11:47:34 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 11:47:33 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 11:46:37 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 11:46:37 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 11:46:37 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 11:46:35 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 11:46:35 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 11:46:35 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-16 16:04:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-06 21:05:51 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-06 21:05:51 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-06 21:05:49 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-06 21:05:49 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
============= FINISH: 15:31:31.40 ===============

cspgsl is offline  
Old 1st April 2012   #6
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2011 12:04:42 PM
System Uptime: 4/1/2012 9:39:35 AM (6 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 12.789 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 32.421 GiB free.
E: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SD/MMC
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
Manufacturer: Generic-
Name: K:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20021111153705700&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: SM/xD-Picture
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
Manufacturer: Generic-
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20021111153705700&1#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Manufacturer: Generic-
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: MS/MS-Pro
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
Manufacturer: Generic-
Name: L:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO&REV_1.00#20021111153705700&3#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP104: 3/31/2012 2:26:31 PM - cleanup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Click to Call with Skype
Fences
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 27
LogMeIn
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mouse Suite
Mozilla Firefox 6.0.2 (x86 en-US)
PerfectDisk 11 Professional
Picasa 3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Revo Uninstaller 1.93
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Skype™ 5.3
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/1/2012 9:57:00 AM, Error: Service Control Manager [7023] - The Se59unic service terminated with the following error: Access is denied.
4/1/2012 9:41:52 AM, Error: Service Control Manager [7023] - The Hdthermal service terminated with the following error: Access is denied.
4/1/2012 9:40:54 AM, Error: Service Control Manager [7023] - The Arcltsrv service terminated with the following error: Access is denied.
4/1/2012 9:40:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
4/1/2012 9:40:19 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Wtwservice service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Lpx service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Btdriver service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:58 AM, Error: Service Control Manager [7023] - The Aeaudio service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Zebrsce service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Vclone service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The Pinnaclemarvinusb service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The NhcDriverDevice service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The F700iat service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:57 AM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The W810bus service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Pxfhbus service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The PGPsdkDriver service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Omci service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: The specified module could not be found.
4/1/2012 9:39:52 AM, Error: Service Control Manager [7023] - The Bt service terminated with the following error: The specified module could not be found.
4/1/2012 3:12:00 PM, Error: Service Control Manager [7023] - The XBCD service terminated with the following error: Access is denied.
4/1/2012 2:57:00 PM, Error: Service Control Manager [7023] - The Savrtpel service terminated with the following error: Access is denied.
4/1/2012 2:42:00 PM, Error: Service Control Manager [7023] - The W700bus service terminated with the following error: Access is denied.
4/1/2012 2:27:00 PM, Error: Service Control Manager [7023] - The W39n51 service terminated with the following error: Access is denied.
4/1/2012 2:12:00 PM, Error: Service Control Manager [7023] - The FTSER2K service terminated with the following error: Access is denied.
4/1/2012 12:57:00 PM, Error: Service Control Manager [7023] - The Wceusbsh service terminated with the following error: Access is denied.
4/1/2012 12:42:00 PM, Error: Service Control Manager [7023] - The Windowblinds service terminated with the following error: Access is denied.

cspgsl is offline  
Old 1st April 2012   #7
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
4/1/2012 12:27:00 PM, Error: Service Control Manager [7023] - The Omniusb service terminated with the following error: Access is denied.
4/1/2012 12:12:00 PM, Error: Service Control Manager [7023] - The Rpskt service terminated with the following error: Access is denied.
4/1/2012 11:57:00 AM, Error: Service Control Manager [7023] - The Emclisrv service terminated with the following error: Access is denied.
4/1/2012 11:42:00 AM, Error: Service Control Manager [7023] - The Raysatxsi5_0server service terminated with the following error: Access is denied.
4/1/2012 11:27:00 AM, Error: Service Control Manager [7023] - The Entertainment service terminated with the following error: Access is denied.
4/1/2012 11:12:00 AM, Error: Service Control Manager [7023] - The Ccs service terminated with the following error: Access is denied.
4/1/2012 10:57:00 AM, Error: Service Control Manager [7023] - The Fssfltr service terminated with the following error: Access is denied.
4/1/2012 10:42:00 AM, Error: Service Control Manager [7023] - The Hpgate service terminated with the following error: Access is denied.
4/1/2012 10:27:00 AM, Error: Service Control Manager [7023] - The ATMsg service terminated with the following error: Access is denied.
4/1/2012 10:12:02 AM, Error: Service Control Manager [7023] - The Carboncopyscheduler service terminated with the following error: Access is denied.
4/1/2012 1:57:00 PM, Error: Service Control Manager [7023] - The A8djavs service terminated with the following error: Access is denied.
4/1/2012 1:42:00 PM, Error: Service Control Manager [7023] - The Lxrjd31d service terminated with the following error: Access is denied.
4/1/2012 1:27:00 PM, Error: Service Control Manager [7023] - The WUSB54Gv4SVC service terminated with the following error: Access is denied.
4/1/2012 1:12:00 PM, Error: Service Control Manager [7023] - The Xpagentserver service terminated with the following error: Access is denied.
3/31/2012 9:49:14 PM, Error: Service Control Manager [7023] - The Acedrv05 service terminated with the following error: Access is denied.
3/31/2012 9:34:14 PM, Error: Service Control Manager [7023] - The NhcDriverDevice service terminated with the following error: Access is denied.
3/31/2012 9:19:14 PM, Error: Service Control Manager [7023] - The Camdrl service terminated with the following error: Access is denied.
3/31/2012 9:04:14 PM, Error: Service Control Manager [7023] - The Rdpnp service terminated with the following error: Access is denied.
3/31/2012 8:49:14 PM, Error: Service Control Manager [7023] - The Ibmpmdrv service terminated with the following error: Access is denied.
3/31/2012 8:34:14 PM, Error: Service Control Manager [7023] - The Bgsvcgen service terminated with the following error: Access is denied.
3/31/2012 8:19:14 PM, Error: Service Control Manager [7023] - The PCDCODEC service terminated with the following error: Access is denied.
3/31/2012 8:04:14 PM, Error: Service Control Manager [7023] - The Spcsutilityservice service terminated with the following error: Access is denied.
3/31/2012 7:49:14 PM, Error: Service Control Manager [7023] - The NetMsmqActivator service terminated with the following error: Access is denied.
3/31/2012 7:34:14 PM, Error: Service Control Manager [7023] - The Pinnaclemarvinusb service terminated with the following error: Access is denied.
3/31/2012 7:19:14 PM, Error: Service Control Manager [7023] - The Datunidr service terminated with the following error: Access is denied.
3/31/2012 7:04:14 PM, Error: Service Control Manager [7023] - The Padfsvr service terminated with the following error: Access is denied.
3/31/2012 6:49:14 PM, Error: Service Control Manager [7023] - The Nvstor32 service terminated with the following error: Access is denied.
3/31/2012 6:34:14 PM, Error: Service Control Manager [7023] - The Zebrsce service terminated with the following error: Access is denied.
3/31/2012 6:19:14 PM, Error: Service Control Manager [7023] - The Icm10blk service terminated with the following error: Access is denied.
3/31/2012 6:04:14 PM, Error: Service Control Manager [7023] - The Rpcnet service terminated with the following error: Access is denied.
3/31/2012 5:49:14 PM, Error: Service Control Manager [7023] - The TdmService service terminated with the following error: Access is denied.
3/31/2012 5:34:14 PM, Error: Service Control Manager [7023] - The Aeaudio service terminated with the following error: Access is denied.
3/31/2012 5:19:14 PM, Error: Service Control Manager [7023] - The Mcafeeframework service terminated with the following error: Access is denied.
3/31/2012 5:04:14 PM, Error: Service Control Manager [7023] - The Procexp100 service terminated with the following error: Access is denied.
3/31/2012 4:49:14 PM, Error: Service Control Manager [7023] - The F700iat service terminated with the following error: Access is denied.
3/31/2012 4:34:14 PM, Error: Service Control Manager [7023] - The Se2Dnd5 service terminated with the following error: Access is denied.
3/31/2012 4:19:14 PM, Error: Service Control Manager [7023] - The Lxdm_device service terminated with the following error: Access is denied.
3/31/2012 4:04:14 PM, Error: Service Control Manager [7023] - The ELacpi service terminated with the following error: Access is denied.
3/31/2012 3:49:14 PM, Error: Service Control Manager [7023] - The W810bus service terminated with the following error: Access is denied.
3/31/2012 3:34:15 PM, Error: Service Control Manager [7023] - The Servidor service terminated with the following error: Access is denied.
3/31/2012 3:19:14 PM, Error: Service Control Manager [7023] - The Wtwservice service terminated with the following error: Access is denied.
3/31/2012 3:04:14 PM, Error: Service Control Manager [7023] - The Pacsptisvr service terminated with the following error: Access is denied.
3/31/2012 2:49:14 PM, Error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: Access is denied.
3/31/2012 2:34:14 PM, Error: Service Control Manager [7023] - The Bt service terminated with the following error: Access is denied.
3/31/2012 2:33:14 PM, Error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: Access is denied.
3/31/2012 2:22:43 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/31/2012 2:19:45 PM, Error: Service Control Manager [7023] - The Ini910u service terminated with the following error: Access is denied.
3/31/2012 2:04:45 PM, Error: Service Control Manager [7023] - The PGPsdkDriver service terminated with the following error: Access is denied.
3/31/2012 12:50:14 PM, Error: Service Control Manager [7023] - The Wdmaud service terminated with the following error: Access is denied.
3/31/2012 12:35:15 PM, Error: Service Control Manager [7023] - The Btdriver service terminated with the following error: Access is denied.
3/31/2012 12:34:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/31/2012 12:17:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
3/31/2012 12:05:35 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/31/2012 10:49:14 PM, Error: Service Control Manager [7023] - The Pxfhbus service terminated with the following error: Access is denied.
3/31/2012 10:34:15 PM, Error: Service Control Manager [7023] - The Vclone service terminated with the following error: Access is denied.
3/31/2012 10:19:14 PM, Error: Service Control Manager [7023] - The Dpti2o service terminated with the following error: Access is denied.
3/31/2012 10:04:14 PM, Error: Service Control Manager [7023] - The Omci service terminated with the following error: Access is denied.
3/31/2012 1:49:45 PM, Error: Service Control Manager [7023] - The Anydlc service terminated with the following error: Access is denied.
3/31/2012 1:48:47 PM, Error: Service Control Manager [7023] - The Webrootspysweeperservice service terminated with the following error: Access is denied.
3/31/2012 1:48:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/31/2012 1:35:14 PM, Error: Service Control Manager [7023] - The EMATCORE service terminated with the following error: Access is denied.
3/31/2012 1:20:14 PM, Error: Service Control Manager [7023] - The Oracle_load_balancer_60_client-forms6ip9 service terminated with the following error: Access is denied.
3/31/2012 1:05:14 PM, Error: Service Control Manager [7023] - The Lpx service terminated with the following error: Access is denied.
3/30/2012 1:13:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/29/2012 2:52:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/29/2012 2:19:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/28/2012 9:38:07 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/27/2012 9:40:56 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/26/2012 3:31:19 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/25/2012 12:35:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

cspgsl is offline  
Old 1st April 2012   #8
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,792
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================

I'm little bit concern about your computing habits.
You visited malware removal forum 4 times in 2011 and your computer is infected again.
I strongly suggest you pay more attention to how you use the computer.


=========================================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

broni is offline  
Old 1st April 2012   #9
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
Originally Posted by broni View Post
I'm little bit concern about your computing habits.
You visited malware removal forum 4 times in 2011 and your computer is infected again.
I strongly suggest you pay more attention to how you use the computer.
=========================================================
As I indicated in our last encounter - [Resolved] Infected with ccProxy - I appreciate your concern and I strenuously thank you for your reply and assistance however once again, the computers that you refer to all belong to different friends. I am merely helping them through their problems (without regard to compensation I will add).

My business is web design, not repair. It is a commercial effort and the reason my URL is not listed in my profile. I do have compassion for those close to me who run a muck and am pleased to assist whenever possible.

This person is a retired school teacher whom I have known for many years. She is not wreckless in her computing practices, I can assure you.

I shall run TDSSKiller shortly and respond

cspgsl is offline  
Old 1st April 2012   #10
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,792
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
I see. My apology

broni is offline  
Old 1st April 2012   #11
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
Thanks Broni

18:07:22.0879 5540 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:07:23.0403 5540 ============================================================
18:07:23.0403 5540 Current date / time: 2012/04/01 18:07:23.0403
18:07:23.0403 5540 SystemInfo:
18:07:23.0403 5540
18:07:23.0403 5540 OS Version: 6.1.7601 ServicePack: 1.0
18:07:23.0403 5540 Product type: Workstation
18:07:23.0403 5540 ComputerName: MARGE-PERROTT
18:07:23.0403 5540 UserName: Marge
18:07:23.0403 5540 Windows directory: C:\Windows
18:07:23.0403 5540 System windows directory: C:\Windows
18:07:23.0403 5540 Processor architecture: Intel x86
18:07:23.0403 5540 Number of processors: 2
18:07:23.0403 5540 Page size: 0x1000
18:07:23.0403 5540 Boot type: Normal boot
18:07:23.0403 5540 ============================================================
18:07:24.0592 5540 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:07:24.0726 5540 \Device\Harddisk0\DR0:
18:07:24.0727 5540 MBR used
18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x442A000
18:07:24.0727 5540 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C800, BlocksNum 0x50B5000
18:07:24.0798 5540 Initialize success
18:07:24.0798 5540 ============================================================
18:07:46.0372 5640 ============================================================
18:07:46.0372 5640 Scan started
18:07:46.0372 5640 Mode: Manual;
18:07:46.0372 5640 ============================================================
18:07:48.0042 5640 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:07:48.0044 5640 1394ohci - ok
18:07:48.0084 5640 a8djavs - ok
18:07:48.0143 5640 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:07:48.0146 5640 ACPI - ok
18:07:48.0185 5640 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:07:48.0186 5640 AcpiPmi - ok
18:07:48.0209 5640 acs - ok
18:07:48.0297 5640 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:07:48.0298 5640 AdobeARMservice - ok
18:07:48.0372 5640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:07:48.0379 5640 adp94xx - ok
18:07:48.0425 5640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:07:48.0429 5640 adpahci - ok
18:07:48.0475 5640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:07:48.0478 5640 adpu320 - ok
18:07:48.0537 5640 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:07:48.0538 5640 AeLookupSvc - ok
18:07:48.0621 5640 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:07:48.0626 5640 AFD - ok
18:07:48.0678 5640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:07:48.0679 5640 agp440 - ok
18:07:48.0744 5640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:07:48.0745 5640 aic78xx - ok
18:07:48.0814 5640 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:07:48.0816 5640 ALG - ok
18:07:48.0862 5640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:07:48.0863 5640 aliide - ok
18:07:48.0898 5640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:07:48.0899 5640 amdagp - ok
18:07:48.0942 5640 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:07:48.0943 5640 amdide - ok
18:07:49.0007 5640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:07:49.0008 5640 AmdK8 - ok
18:07:49.0050 5640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:07:49.0051 5640 AmdPPM - ok
18:07:49.0135 5640 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:07:49.0136 5640 amdsata - ok
18:07:49.0193 5640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:07:49.0195 5640 amdsbs - ok
18:07:49.0237 5640 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:07:49.0238 5640 amdxata - ok
18:07:49.0311 5640 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:07:49.0312 5640 AppID - ok
18:07:49.0390 5640 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:07:49.0391 5640 AppIDSvc - ok
18:07:49.0447 5640 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:07:49.0448 5640 Appinfo - ok
18:07:49.0514 5640 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:49.0515 5640 Apple Mobile Device - ok
18:07:49.0578 5640 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:07:49.0580 5640 AppMgmt - ok
18:07:49.0661 5640 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:07:49.0662 5640 arc - ok
18:07:49.0709 5640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:07:49.0711 5640 arcsas - ok
18:07:49.0769 5640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:07:49.0769 5640 AsyncMac - ok
18:07:49.0803 5640 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:07:49.0803 5640 atapi - ok
18:07:49.0851 5640 atfsd - ok
18:07:49.0901 5640 ati - ok
18:07:49.0986 5640 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:07:50.0029 5640 AudioEndpointBuilder - ok
18:07:50.0053 5640 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:07:50.0056 5640 Audiosrv - ok
18:07:50.0101 5640 avgascln - ok
18:07:50.0182 5640 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:07:50.0184 5640 AxInstSV - ok
18:07:50.0282 5640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:07:50.0289 5640 b06bdrv - ok
18:07:50.0363 5640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:07:50.0366 5640 b57nd60x - ok
18:07:50.0434 5640 bc_ip_f - ok
18:07:50.0499 5640 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:07:50.0500 5640 BDESVC - ok
18:07:50.0541 5640 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:07:50.0541 5640 Beep - ok
18:07:50.0610 5640 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:07:50.0626 5640 BITS - ok
18:07:50.0661 5640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:50.0661 5640 blbdrive - ok
18:07:50.0734 5640 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
18:07:50.0740 5640 Bonjour Service - ok
18:07:50.0784 5640 BootScreen - ok
18:07:50.0846 5640 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:07:50.0848 5640 bowser - ok
18:07:50.0889 5640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:07:50.0889 5640 BrFiltLo - ok
18:07:50.0919 5640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:07:50.0919 5640 BrFiltUp - ok
18:07:50.0969 5640 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:07:50.0971 5640 Browser - ok
18:07:51.0011 5640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:07:51.0015 5640 Brserid - ok
18:07:51.0045 5640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:51.0046 5640 BrSerWdm - ok
18:07:51.0080 5640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:51.0081 5640 BrUsbMdm - ok
18:07:51.0120 5640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:51.0121 5640 BrUsbSer - ok
18:07:51.0161 5640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:07:51.0163 5640 BTHMODEM - ok
18:07:51.0229 5640 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:07:51.0230 5640 bthserv - ok
18:07:51.0262 5640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:07:51.0264 5640 cdfs - ok
18:07:51.0347 5640 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:07:51.0349 5640 cdrom - ok
18:07:51.0415 5640 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:07:51.0417 5640 CertPropSvc - ok
18:07:51.0455 5640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:07:51.0456 5640 circlass - ok
18:07:51.0513 5640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:07:51.0516 5640 CLFS - ok
18:07:51.0589 5640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:51.0590 5640 clr_optimization_v2.0.50727_32 - ok
18:07:51.0675 5640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:51.0677 5640 clr_optimization_v4.0.30319_32 - ok
18:07:51.0739 5640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:07:51.0740 5640 CmBatt - ok
18:07:51.0791 5640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:07:51.0792 5640 cmdide - ok
18:07:51.0857 5640 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:07:51.0863 5640 CNG - ok
18:07:51.0909 5640 commserver - ok
18:07:51.0957 5640 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:07:51.0957 5640 Compbatt - ok
18:07:52.0013 5640 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:07:52.0014 5640 CompositeBus - ok
18:07:52.0050 5640 COMSysApp - ok
18:07:52.0099 5640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:07:52.0100 5640 crcdisk - ok
18:07:52.0171 5640 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:07:52.0172 5640 CryptSvc - ok
18:07:52.0209 5640 CrystalSysInfo - ok
18:07:52.0290 5640 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:07:52.0295 5640 CSC - ok
18:07:52.0332 5640 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:07:52.0335 5640 CscService - ok
18:07:52.0384 5640 ctxcpuusync - ok
18:07:52.0434 5640 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:07:52.0440 5640 DcomLaunch - ok
18:07:52.0498 5640 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\Windows\system32\drivers\DefragFS.sys
18:07:52.0501 5640 DefragFS - ok
18:07:52.0559 5640 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:07:52.0562 5640 defragsvc - ok
18:07:52.0614 5640 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:07:52.0615 5640 DfsC - ok
18:07:52.0694 5640 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:07:52.0696 5640 Dhcp - ok
18:07:52.0767 5640 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:07:52.0768 5640 discache - ok
18:07:52.0834 5640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:07:52.0835 5640 Disk - ok
18:07:52.0881 5640 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:07:52.0886 5640 Dnscache - ok
18:07:52.0949 5640 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:07:52.0952 5640 dot3svc - ok
18:07:53.0022 5640 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:07:53.0025 5640 DPS - ok
18:07:53.0081 5640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:07:53.0082 5640 drmkaud - ok
18:07:53.0176 5640 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:07:53.0202 5640 DXGKrnl - ok
18:07:53.0251 5640 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
18:07:53.0254 5640 E100B - ok
18:07:53.0288 5640 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:07:53.0290 5640 EapHost - ok
18:07:53.0408 5640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:07:53.0490 5640 ebdrv - ok
18:07:53.0522 5640 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:07:53.0523 5640 EFS - ok
18:07:53.0591 5640 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:07:53.0615 5640 ehRecvr - ok
18:07:53.0646 5640 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:07:53.0647 5640 ehSched - ok
18:07:53.0676 5640 EhttpSrv - ok
18:07:53.0762 5640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:07:53.0768 5640 elxstor - ok
18:07:53.0801 5640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:07:53.0801 5640 ErrDev - ok
18:07:53.0858 5640 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:07:53.0860 5640 EventSystem - ok
18:07:53.0889 5640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:07:53.0892 5640 exfat - ok
18:07:53.0902 5640 F700ius - ok
18:07:53.0935 5640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:07:53.0938 5640 fastfat - ok
18:07:53.0998 5640 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:07:54.0002 5640 Fax - ok
18:07:54.0014 5640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:07:54.0015 5640 fdc - ok
18:07:54.0053 5640 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:07:54.0054 5640 fdPHost - ok
18:07:54.0091 5640 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:07:54.0092 5640 FDResPub - ok
18:07:54.0114 5640 fgdxbus - ok
18:07:54.0145 5640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:07:54.0147 5640 FileInfo - ok
18:07:54.0182 5640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:07:54.0183 5640 Filetrace - ok
18:07:54.0214 5640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:07:54.0215 5640 flpydisk - ok
18:07:54.0267 5640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:07:54.0271 5640 FltMgr - ok
18:07:54.0333 5640 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:07:54.0359 5640 FontCache - ok
18:07:54.0417 5640 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:07:54.0418 5640 FontCache3.0.0.0 - ok
18:07:54.0452 5640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:07:54.0453 5640 FsDepends - ok
18:07:54.0483 5640 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:07:54.0484 5640 Fs_Rec - ok
18:07:54.0547 5640 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:07:54.0549 5640 fvevol - ok
18:07:54.0608 5640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:07:54.0609 5640 gagp30kx - ok
18:07:54.0645 5640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:07:54.0645 5640 GEARAspiWDM - ok
18:07:54.0708 5640 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:07:54.0726 5640 gpsvc - ok
18:07:54.0778 5640 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:54.0780 5640 gusvc - ok
18:07:54.0792 5640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:07:54.0792 5640 hcw85cir - ok
18:07:54.0853 5640 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:07:54.0858 5640 HdAudAddService - ok
18:07:54.0884 5640 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:07:54.0886 5640 HDAudBus - ok
18:07:54.0913 5640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:07:54.0913 5640 HidBatt - ok
18:07:54.0925 5640 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:07:54.0927 5640 HidBth - ok
18:07:54.0942 5640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:07:54.0944 5640 HidIr - ok
18:07:54.0976 5640 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:07:54.0977 5640 hidserv - ok
18:07:55.0009 5640 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:07:55.0010 5640 HidUsb - ok
18:07:55.0042 5640 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:07:55.0044 5640 hkmsvc - ok
18:07:55.0085 5640 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:07:55.0087 5640 HomeGroupListener - ok
18:07:55.0144 5640 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:07:55.0146 5640 HomeGroupProvider - ok
18:07:55.0193 5640 HPFECP20 - ok
18:07:55.0274 5640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:07:55.0275 5640 HpSAMD - ok
18:07:55.0300 5640 hpzipr12 - ok
18:07:55.0363 5640 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:07:55.0370 5640 HTTP - ok
18:07:55.0401 5640 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:07:55.0402 5640 hwpolicy - ok
18:07:55.0444 5640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:07:55.0445 5640 i8042prt - ok
18:07:55.0464 5640 iaimtv1 - ok
18:07:55.0538 5640 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:07:55.0543 5640 iaStorV - ok
18:07:55.0653 5640 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:07:55.0679 5640 idsvc - ok
18:07:55.0875 5640 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:07:55.0915 5640 igfx - ok
18:07:55.0980 5640 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:07:55.0981 5640 iirsp - ok
18:07:56.0034 5640 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:07:56.0039 5640 IKEEXT - ok
18:07:56.0053 5640 IntelC51 - ok
18:07:56.0077 5640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:07:56.0077 5640 intelide - ok
18:07:56.0129 5640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:07:56.0130 5640 intelppm - ok
18:07:56.0170 5640 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:07:56.0172 5640 IPBusEnum - ok
18:07:56.0199 5640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:56.0201 5640 IpFilterDriver - ok
18:07:56.0253 5640 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:07:56.0254 5640 IPMIDRV - ok
18:07:56.0266 5640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:07:56.0271 5640 IPNAT - ok
18:07:56.0331 5640 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
18:07:56.0356 5640 iPod Service - ok
18:07:56.0407 5640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:07:56.0408 5640 IRENUM - ok
18:07:56.0454 5640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:07:56.0455 5640 isapnp - ok
18:07:56.0483 5640 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:07:56.0486 5640 iScsiPrt - ok
18:07:56.0521 5640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:07:56.0522 5640 kbdclass - ok
18:07:56.0556 5640 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:07:56.0556 5640 kbdhid - ok
18:07:56.0588 5640 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:07:56.0590 5640 KeyIso - ok
18:07:56.0617 5640 KR10N - ok
18:07:56.0641 5640 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:07:56.0642 5640 KSecDD - ok
18:07:56.0677 5640 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:07:56.0680 5640 KSecPkg - ok
18:07:56.0729 5640 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:07:56.0732 5640 KtmRm - ok
18:07:56.0780 5640 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:07:56.0783 5640 LanmanServer - ok
18:07:56.0825 5640 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:07:56.0828 5640 LanmanWorkstation - ok
18:07:56.0901 5640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:07:56.0901 5640 lltdio - ok
18:07:56.0933 5640 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:07:56.0937 5640 lltdsvc - ok
18:07:56.0956 5640 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:07:56.0958 5640 lmhosts - ok
18:07:57.0028 5640 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:07:57.0034 5640 LMIGuardianSvc - ok
18:07:57.0059 5640 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:07:57.0059 5640 LMIInfo - ok
18:07:57.0089 5640 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
18:07:57.0090 5640 lmimirr - ok
18:07:57.0123 5640 LMIRfsClientNP - ok
18:07:57.0183 5640 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
18:07:57.0184 5640 LMIRfsDriver - ok
18:07:57.0220 5640 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:07:57.0226 5640 LogMeIn - ok
18:07:57.0248 5640 LRMINIPORT - ok
18:07:57.0316 5640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:07:57.0318 5640 LSI_FC - ok
18:07:57.0352 5640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:07:57.0353 5640 LSI_SAS - ok
18:07:57.0398 5640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:07:57.0399 5640 LSI_SAS2 - ok
18:07:57.0413 5640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:07:57.0415 5640 LSI_SCSI - ok
18:07:57.0460 5640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:07:57.0461 5640 luafv - ok
18:07:57.0508 5640 lvckap - ok
18:07:57.0536 5640 MA8032U - ok
18:07:57.0570 5640 maya70docserver - ok
18:07:57.0632 5640 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:07:57.0632 5640 MBAMProtector - ok
18:07:57.0702 5640 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:07:57.0744 5640 MBAMService - ok
18:07:57.0776 5640 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:07:57.0777 5640 Mcx2Svc - ok
18:07:57.0820 5640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:07:57.0820 5640 megasas - ok
18:07:57.0877 5640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:07:57.0880 5640 MegaSR - ok
18:07:57.0920 5640 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:07:57.0922 5640 MMCSS - ok
18:07:57.0964 5640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:07:57.0965 5640 Modem - ok
18:07:58.0009 5640 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:07:58.0010 5640 monitor - ok
18:07:58.0064 5640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:07:58.0064 5640 mouclass - ok
18:07:58.0077 5640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:07:58.0078 5640 mouhid - ok
18:07:58.0117 5640 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:07:58.0118 5640 mountmgr - ok
18:07:58.0196 5640 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:07:58.0198 5640 MpFilter - ok
18:07:58.0237 5640 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:07:58.0239 5640 mpio - ok
18:07:58.0262 5640 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:07:58.0262 5640 MpNWMon - ok
18:07:58.0286 5640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:07:58.0287 5640 mpsdrv - ok
18:07:58.0311 5640 mqdmserd - ok
18:07:58.0350 5640 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:07:58.0352 5640 MRxDAV - ok
18:07:58.0406 5640 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:07:58.0407 5640 mrxsmb - ok
18:07:58.0427 5640 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:07:58.0430 5640 mrxsmb10 - ok
18:07:58.0452 5640 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

cspgsl is offline  
Old 1st April 2012   #12
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
18:07:58.0454 5640 mrxsmb20 - ok
18:07:58.0498 5640 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:07:58.0499 5640 msahci - ok
18:07:58.0535 5640 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:07:58.0536 5640 msdsm - ok
18:07:58.0572 5640 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:07:58.0574 5640 MSDTC - ok
18:07:58.0618 5640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:07:58.0619 5640 Msfs - ok
18:07:58.0646 5640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:07:58.0647 5640 mshidkmdf - ok
18:07:58.0658 5640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:07:58.0659 5640 msisadrv - ok
18:07:58.0711 5640 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:07:58.0713 5640 MSiSCSI - ok
18:07:58.0725 5640 msiserver - ok
18:07:58.0767 5640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:07:58.0768 5640 MSKSSRV - ok
18:07:58.0840 5640 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:07:58.0841 5640 MsMpSvc - ok
18:07:58.0855 5640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:07:58.0856 5640 MSPCLOCK - ok
18:07:58.0872 5640 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:07:58.0873 5640 MSPQM - ok
18:07:58.0904 5640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:07:58.0907 5640 MsRPC - ok
18:07:58.0943 5640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:07:58.0944 5640 mssmbios - ok
18:07:58.0971 5640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:07:58.0972 5640 MSTEE - ok
18:07:58.0983 5640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:07:58.0984 5640 MTConfig - ok
18:07:59.0010 5640 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:07:59.0011 5640 Mup - ok
18:07:59.0053 5640 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:07:59.0060 5640 napagent - ok
18:07:59.0097 5640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:07:59.0102 5640 NativeWifiP - ok
18:07:59.0161 5640 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:07:59.0165 5640 NDIS - ok
18:07:59.0193 5640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:07:59.0195 5640 NdisCap - ok
18:07:59.0223 5640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:07:59.0223 5640 NdisTapi - ok
18:07:59.0262 5640 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:07:59.0264 5640 Ndisuio - ok
18:07:59.0302 5640 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:07:59.0304 5640 NdisWan - ok
18:07:59.0334 5640 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:07:59.0335 5640 NDProxy - ok
18:07:59.0362 5640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:07:59.0363 5640 NetBIOS - ok
18:07:59.0403 5640 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:07:59.0406 5640 NetBT - ok
18:07:59.0438 5640 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:07:59.0439 5640 Netlogon - ok
18:07:59.0493 5640 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:07:59.0496 5640 Netman - ok
18:07:59.0530 5640 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:07:59.0534 5640 netprofm - ok
18:07:59.0594 5640 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:59.0598 5640 NetTcpPortSharing - ok
18:07:59.0662 5640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:07:59.0663 5640 nfrd960 - ok
18:07:59.0706 5640 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:07:59.0708 5640 NisDrv - ok
18:07:59.0775 5640 NisSrv (a5cb074f34bbd89948e34a630d459c0c) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:07:59.0778 5640 NisSrv - ok
18:07:59.0819 5640 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:07:59.0822 5640 NlaSvc - ok
18:07:59.0853 5640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:07:59.0853 5640 Npfs - ok
18:07:59.0892 5640 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:07:59.0894 5640 nsi - ok
18:07:59.0929 5640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:07:59.0929 5640 nsiproxy - ok
18:07:59.0958 5640 NSNDIS5 - ok
18:08:00.0029 5640 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:08:00.0063 5640 Ntfs - ok
18:08:00.0102 5640 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:08:00.0103 5640 Null - ok
18:08:00.0166 5640 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:08:00.0168 5640 nvraid - ok
18:08:00.0189 5640 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:08:00.0192 5640 nvstor - ok
18:08:00.0204 5640 nvstor32 - ok
18:08:00.0246 5640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:08:00.0247 5640 nv_agp - ok
18:08:00.0328 5640 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:08:00.0344 5640 odserv - ok
18:08:00.0377 5640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:08:00.0378 5640 ohci1394 - ok
18:08:00.0388 5640 oracle_load_balancer_60_client-forms6ip14 - ok
18:08:00.0419 5640 orbmediaservice - ok
18:08:00.0459 5640 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:08:00.0462 5640 ose - ok
18:08:00.0511 5640 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:08:00.0517 5640 p2pimsvc - ok
18:08:00.0542 5640 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:08:00.0548 5640 p2psvc - ok
18:08:00.0587 5640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:08:00.0589 5640 Parport - ok
18:08:00.0623 5640 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:08:00.0624 5640 partmgr - ok
18:08:00.0651 5640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:08:00.0651 5640 Parvdm - ok
18:08:00.0685 5640 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:08:00.0689 5640 PcaSvc - ok
18:08:00.0724 5640 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:08:00.0727 5640 pci - ok
18:08:00.0746 5640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:08:00.0747 5640 pciide - ok
18:08:00.0771 5640 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:08:00.0774 5640 pcmcia - ok
18:08:00.0800 5640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:08:00.0801 5640 pcw - ok
18:08:00.0899 5640 PDAgent (3ff5226c6dd90fe5f83d56c8a2c43e27) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
18:08:00.0941 5640 PDAgent - ok
18:08:00.0988 5640 PDEngine (f10b9417f2fb8fc9bad241ef390ca609) C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
18:08:01.0031 5640 PDEngine - ok
18:08:01.0091 5640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:08:01.0109 5640 PEAUTH - ok
18:08:01.0174 5640 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
18:08:01.0208 5640 PeerDistSvc - ok
18:08:01.0261 5640 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\Windows\system32\DRIVERS\pelmouse.sys
18:08:01.0262 5640 pelmouse - ok
18:08:01.0320 5640 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\Windows\system32\DRIVERS\pelusblf.sys
18:08:01.0321 5640 pelusblf - ok
18:08:01.0352 5640 pinger - ok
18:08:01.0434 5640 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:08:01.0467 5640 pla - ok
18:08:01.0573 5640 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:08:01.0576 5640 PlugPlay - ok
18:08:01.0621 5640 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:08:01.0622 5640 PNRPAutoReg - ok
18:08:01.0653 5640 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:08:01.0656 5640 PNRPsvc - ok
18:08:01.0698 5640 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:08:01.0703 5640 PolicyAgent - ok
18:08:01.0732 5640 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:08:01.0735 5640 Power - ok
18:08:01.0798 5640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:08:01.0800 5640 PptpMiniport - ok
18:08:01.0825 5640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:08:01.0826 5640 Processor - ok
18:08:01.0876 5640 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:08:01.0879 5640 ProfSvc - ok
18:08:01.0912 5640 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:08:01.0915 5640 ProtectedStorage - ok
18:08:01.0946 5640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:08:01.0947 5640 Psched - ok
18:08:02.0005 5640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:08:02.0017 5640 ql2300 - ok
18:08:02.0051 5640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:08:02.0053 5640 ql40xx - ok
18:08:02.0092 5640 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:08:02.0097 5640 QWAVE - ok
18:08:02.0124 5640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:08:02.0125 5640 QWAVEdrv - ok
18:08:02.0144 5640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:08:02.0145 5640 RasAcd - ok
18:08:02.0173 5640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:08:02.0174 5640 RasAgileVpn - ok
18:08:02.0200 5640 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:08:02.0203 5640 RasAuto - ok
18:08:02.0230 5640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:08:02.0232 5640 Rasl2tp - ok
18:08:02.0279 5640 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:08:02.0283 5640 RasMan - ok
18:08:02.0296 5640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:08:02.0298 5640 RasPppoe - ok
18:08:02.0337 5640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:08:02.0339 5640 RasSstp - ok
18:08:02.0370 5640 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:08:02.0374 5640 rdbss - ok
18:08:02.0386 5640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:08:02.0387 5640 rdpbus - ok
18:08:02.0430 5640 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:08:02.0431 5640 RDPCDD - ok
18:08:02.0470 5640 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
18:08:02.0472 5640 RDPDR - ok
18:08:02.0510 5640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:08:02.0510 5640 RDPENCDD - ok
18:08:02.0538 5640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:08:02.0538 5640 RDPREFMP - ok
18:08:02.0576 5640 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:08:02.0578 5640 RDPWD - ok
18:08:02.0628 5640 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:08:02.0631 5640 rdyboost - ok
18:08:02.0666 5640 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:08:02.0668 5640 RemoteAccess - ok
18:08:02.0706 5640 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:08:02.0710 5640 RemoteRegistry - ok
18:08:02.0755 5640 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:08:02.0758 5640 RpcEptMapper - ok
18:08:02.0780 5640 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:08:02.0782 5640 RpcLocator - ok
18:08:02.0824 5640 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:08:02.0828 5640 RpcSs - ok
18:08:02.0877 5640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:08:02.0879 5640 rspndr - ok
18:08:02.0901 5640 rt2870 - ok
18:08:02.0941 5640 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
18:08:02.0942 5640 s3cap - ok
18:08:02.0964 5640 SaiMini (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\framework.dll
18:08:02.0965 5640 SaiMini ( Backdoor.Multi.ZAccess.gen ) - infected
18:08:02.0965 5640 SaiMini - detected Backdoor.Multi.ZAccess.gen (0)
18:08:02.0996 5640 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:08:02.0997 5640 SamSs - ok
18:08:03.0037 5640 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:08:03.0039 5640 sbp2port - ok
18:08:03.0073 5640 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:08:03.0076 5640 SCardSvr - ok
18:08:03.0113 5640 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:08:03.0117 5640 scfilter - ok
18:08:03.0180 5640 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:08:03.0206 5640 Schedule - ok
18:08:03.0247 5640 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:08:03.0248 5640 SCPolicySvc - ok
18:08:03.0277 5640 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:08:03.0280 5640 SDRSVC - ok
18:08:03.0302 5640 se44nd5 - ok
18:08:03.0386 5640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:08:03.0387 5640 secdrv - ok
18:08:03.0419 5640 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:08:03.0422 5640 seclogon - ok
18:08:03.0466 5640 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:08:03.0469 5640 SENS - ok
18:08:03.0498 5640 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:08:03.0501 5640 SensrSvc - ok
18:08:03.0556 5640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:08:03.0557 5640 Serenum - ok
18:08:03.0588 5640 Serial (b88cc66e0c4dc9c82113e196623774da) C:\Windows\system32\DRIVERS\serial.sys
18:08:03.0589 5640 Serial - ok
18:08:03.0620 5640 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:08:03.0620 5640 sermouse - ok
18:08:03.0688 5640 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:08:03.0691 5640 SessionEnv - ok
18:08:03.0755 5640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:08:03.0755 5640 sffdisk - ok
18:08:03.0789 5640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:08:03.0790 5640 sffp_mmc - ok
18:08:03.0826 5640 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:08:03.0826 5640 sffp_sd - ok
18:08:03.0859 5640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:08:03.0860 5640 sfloppy - ok
18:08:03.0903 5640 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:08:03.0908 5640 SharedAccess - ok
18:08:03.0948 5640 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:08:03.0951 5640 ShellHWDetection - ok
18:08:03.0979 5640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:08:03.0981 5640 sisagp - ok
18:08:04.0020 5640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:08:04.0021 5640 SiSRaid2 - ok
18:08:04.0056 5640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:08:04.0057 5640 SiSRaid4 - ok
18:08:04.0070 5640 SlNtHal - ok
18:08:04.0116 5640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:08:04.0118 5640 Smb - ok
18:08:04.0184 5640 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:08:04.0187 5640 SNMPTRAP - ok
18:08:04.0210 5640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:08:04.0211 5640 spldr - ok
18:08:04.0270 5640 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:08:04.0277 5640 Spooler - ok
18:08:04.0375 5640 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:08:04.0426 5640 sppsvc - ok
18:08:04.0460 5640 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:08:04.0463 5640 sppuinotify - ok
18:08:04.0497 5640 sp_clamsrv - ok
18:08:04.0565 5640 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:08:04.0570 5640 srv - ok
18:08:04.0627 5640 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:08:04.0632 5640 srv2 - ok
18:08:04.0667 5640 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:08:04.0669 5640 srvnet - ok
18:08:04.0723 5640 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:08:04.0727 5640 SSDPSRV - ok
18:08:04.0756 5640 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:08:04.0759 5640 SstpSvc - ok
18:08:04.0791 5640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:08:04.0792 5640 stexstor - ok
18:08:04.0836 5640 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:08:04.0844 5640 StiSvc - ok
18:08:04.0879 5640 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
18:08:04.0881 5640 storflt - ok
18:08:04.0915 5640 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
18:08:04.0917 5640 StorSvc - ok
18:08:04.0956 5640 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
18:08:04.0958 5640 storvsc - ok
18:08:04.0990 5640 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:08:04.0991 5640 swenum - ok
18:08:05.0039 5640 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:08:05.0043 5640 swprv - ok
18:08:05.0108 5640 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:08:05.0117 5640 SysMain - ok
18:08:05.0156 5640 sysmonlog (11028c6a84a967070cb1286550f2058f) C:\Windows\system32\framework.dll
18:08:05.0157 5640 sysmonlog ( Backdoor.Multi.ZAccess.gen ) - infected
18:08:05.0157 5640 sysmonlog - detected Backdoor.Multi.ZAccess.gen (0)
18:08:05.0195 5640 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:08:05.0199 5640 TabletInputService - ok
18:08:05.0251 5640 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:08:05.0257 5640 TapiSrv - ok
18:08:05.0293 5640 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:08:05.0296 5640 TBS - ok
18:08:05.0391 5640 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:08:05.0425 5640 Tcpip - ok
18:08:05.0515 5640 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:08:05.0522 5640 TCPIP6 - ok
18:08:05.0557 5640 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:08:05.0558 5640 tcpipreg - ok
18:08:05.0607 5640 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:08:05.0608 5640 TDPIPE - ok
18:08:05.0648 5640 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:08:05.0649 5640 TDTCP - ok
18:08:05.0713 5640 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:08:05.0714 5640 tdx - ok
18:08:05.0742 5640 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:08:05.0743 5640 TermDD - ok
18:08:05.0794 5640 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:08:05.0799 5640 TermService - ok
18:08:05.0839 5640 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:08:05.0843 5640 Themes - ok
18:08:05.0878 5640 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:08:05.0880 5640 THREADORDER - ok
18:08:05.0905 5640 tifm - ok
18:08:05.0941 5640 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:08:05.0944 5640 TrkWks - ok
18:08:05.0984 5640 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:08:05.0986 5640 TrustedInstaller - ok
18:08:06.0052 5640 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:08:06.0053 5640 tssecsrv - ok
18:08:06.0104 5640 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:08:06.0106 5640 TsUsbFlt - ok
18:08:06.0146 5640 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:08:06.0147 5640 tunnel - ok
18:08:06.0181 5640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:08:06.0182 5640 uagp35 - ok
18:08:06.0226 5640 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:08:06.0229 5640 udfs - ok
18:08:06.0278 5640 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:08:06.0281 5640 UI0Detect - ok
18:08:06.0332 5640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:08:06.0333 5640 uliagpkx - ok
18:08:06.0351 5640 ultra - ok
18:08:06.0389 5640 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:08:06.0390 5640 umbus - ok
18:08:06.0425 5640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:08:06.0426 5640 UmPass - ok
18:08:06.0460 5640 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
18:08:06.0463 5640 UmRdpService - ok
18:08:06.0501 5640 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:08:06.0507 5640 upnphost - ok
18:08:06.0533 5640 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:08:06.0534 5640 usbccgp - ok
18:08:06.0558 5640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:08:06.0559 5640 usbcir - ok
18:08:06.0572 5640 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:08:06.0573 5640 usbehci - ok
18:08:06.0621 5640 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:08:06.0625 5640 usbhub - ok
18:08:06.0646 5640 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:08:06.0646 5640 usbohci - ok
18:08:06.0692 5640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:08:06.0694 5640 usbprint - ok
18:08:06.0721 5640 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:08:06.0722 5640 usbscan - ok
18:08:06.0738 5640 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:08:06.0740 5640 USBSTOR - ok
18:08:06.0768 5640 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:08:06.0769 5640 usbuhci - ok
18:08:06.0807 5640 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:08:06.0810 5640 UxSms - ok
18:08:06.0838 5640 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:08:06.0839 5640 VaultSvc - ok
18:08:06.0849 5640 VCIDRV - ok
18:08:06.0906 5640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:08:06.0907 5640 vdrvroot - ok
18:08:06.0951 5640 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:08:06.0968 5640 vds - ok
18:08:07.0015 5640 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:08:07.0016 5640 vga - ok
18:08:07.0044 5640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:08:07.0044 5640 VgaSave - ok
18:08:07.0076 5640 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:08:07.0079 5640 vhdmp - ok
18:08:07.0136 5640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:08:07.0137 5640 viaagp - ok
18:08:07.0151 5640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:08:07.0152 5640 ViaC7 - ok
18:08:07.0189 5640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:08:07.0189 5640 viaide - ok
18:08:07.0227 5640 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
18:08:07.0230 5640 vmbus - ok
18:08:07.0259 5640 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
18:08:07.0260 5640 VMBusHID - ok
18:08:07.0290 5640 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:08:07.0292 5640 volmgr - ok
18:08:07.0319 5640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:08:07.0322 5640 volmgrx - ok
18:08:07.0362 5640 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:08:07.0366 5640 volsnap - ok
18:08:07.0411 5640 vpcbus - ok
18:08:07.0436 5640 vsmon - ok
18:08:07.0504 5640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:08:07.0506 5640 vsmraid - ok
18:08:07.0561 5640 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:08:07.0569 5640 VSS - ok
18:08:07.0596 5640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:08:07.0597 5640 vwifibus - ok
18:08:07.0644 5640 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:08:07.0648 5640 W32Time - ok
18:08:07.0688 5640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:08:07.0689 5640 WacomPen - ok
18:08:07.0762 5640 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:07.0764 5640 WANARP - ok
18:08:07.0770 5640 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:08:07.0771 5640 Wanarpv6 - ok
18:08:07.0842 5640 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
18:08:07.0855 5640 WatAdminSvc - ok
18:08:07.0941 5640 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:08:07.0958 5640 wbengine - ok
18:08:07.0997 5640 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:08:08.0002 5640 WbioSrvc - ok
18:08:08.0040 5640 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:08:08.0045 5640 wcncsvc - ok
18:08:08.0088 5640 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:08:08.0091 5640 WcsPlugInService - ok
18:08:08.0159 5640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:08:08.0160 5640 Wd - ok
18:08:08.0202 5640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:08:08.0208 5640 Wdf01000 - ok
18:08:08.0234 5640 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:08:08.0237 5640 WdiServiceHost - ok
18:08:08.0244 5640 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:08:08.0247 5640 WdiSystemHost - ok
18:08:08.0288 5640 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:08:08.0293 5640 WebClient - ok
18:08:08.0327 5640 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:08:08.0331 5640 Wecsvc - ok
18:08:08.0359 5640 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:08:08.0362 5640 wercplsupport - ok
18:08:08.0405 5640 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:08:08.0408 5640 WerSvc - ok
18:08:08.0443 5640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:08:08.0443 5640 WfpLwf - ok
18:08:08.0474 5640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:08:08.0475 5640 WIMMount - ok
18:08:08.0485 5640 WinHttpAutoProxySvc - ok
18:08:08.0546 5640 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:08:08.0549 5640 Winmgmt - ok
18:08:08.0630 5640 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:08:08.0639 5640 WinRM - ok
18:08:08.0759 5640 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:08:08.0783 5640 Wlansvc - ok
18:08:08.0793 5640 wm - ok
18:08:08.0853 5640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:08:08.0853 5640 WmiAcpi - ok
18:08:08.0914 5640 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:08:08.0916 5640 wmiApSrv - ok
18:08:08.0998 5640 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:08:09.0033 5640 WMPNetworkSvc - ok
18:08:09.0071 5640 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:08:09.0074 5640 WPCSvc - ok
18:08:09.0107 5640 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:08:09.0112 5640 WPDBusEnum - ok
18:08:09.0159 5640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:08:09.0159 5640 ws2ifsl - ok
18:08:09.0170 5640 WSearch - ok
18:08:09.0249 5640 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:08:09.0262 5640 wuauserv - ok
18:08:09.0296 5640 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:08:09.0297 5640 WudfPf - ok
18:08:09.0333 5640 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:08:09.0335 5640 WUDFRd - ok
18:08:09.0382 5640 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:08:09.0385 5640 wudfsvc - ok
18:08:09.0424 5640 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:08:09.0430 5640 WwanSvc - ok
18:08:09.0515 5640 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
18:08:09.0549 5640 YahooAUService - ok
18:08:09.0576 5640 zebrceb - ok
18:08:09.0591 5640 zpmysql - ok
18:08:09.0631 5640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:08:09.0672 5640 \Device\Harddisk0\DR0 - ok
18:08:09.0677 5640 Boot (0x1200) (6227b4251492fabca4d9c19a940bfab6) \Device\Harddisk0\DR0\Partition0
18:08:09.0680 5640 \Device\Harddisk0\DR0\Partition0 - ok
18:08:09.0707 5640 Boot (0x1200) (619e6683ae71453345b8d00beeab4f8a) \Device\Harddisk0\DR0\Partition1
18:08:09.0709 5640 \Device\Harddisk0\DR0\Partition1 - ok
18:08:09.0732 5640 Boot (0x1200) (71ab87ef6aa3daebfe5991c889dcc4ee) \Device\Harddisk0\DR0\Partition2
18:08:09.0733 5640 \Device\Harddisk0\DR0\Partition2 - ok
18:08:09.0734 5640 ============================================================
18:08:09.0734 5640 Scan finished
18:08:09.0734 5640 ============================================================
18:08:09.0755 4424 Detected object count: 2
18:08:09.0755 4424 Actual detected object count: 2
18:08:32.0647 4424 C:\Windows\system32\framework.dll - copied to quarantine
18:08:32.0660 4424 HKLM\SYSTEM\ControlSet001\services\SaiMini - will be deleted on reboot
18:08:32.0681 4424 HKLM\SYSTEM\ControlSet002\services\SaiMini - will be deleted on reboot
18:08:32.0785 4424 C:\Windows\system32\framework.dll - will be deleted on reboot
18:08:32.0785 4424 SaiMini ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:08:32.0794 4424 C:\Windows\system32\framework.dll - copied to quarantine
18:08:32.0795 4424 HKLM\SYSTEM\ControlSet001\services\sysmonlog - will be deleted on reboot
18:08:32.0798 4424 C:\Windows\system32\framework.dll - will be deleted on reboot
18:08:32.0798 4424 sysmonlog ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:08:40.0313 4196 Deinitialize success

cspgsl is offline  
Old 1st April 2012   #13
Malware Analyst
 
broni's Avatar
 
Profile:
Join Date: Aug 2002
Location: Daly City, CA
Posts: 19,792
Computer Experience:
intermediate
broni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Levelbroni Reputation Level

My System
Re-run TDSSKiller one more time.

Then post new aswMBR log.

broni is offline  
Old 1st April 2012   #14
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-01 18:51:39
-----------------------------
18:51:39.138 OS Version: Windows 6.1.7601 Service Pack 1
18:51:39.139 Number of processors: 2 586 0x1706
18:51:39.141 ComputerName: MARGE-PERROTT UserName: Marge
18:51:52.546 Initialize success
18:56:45.837 AVAST engine defs: 12040101
18:57:03.637 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:57:03.642 Disk 0 Vendor: Maxtor_6Y080M0 YAR511W0 Size: 76324MB BusType: 3
18:57:03.654 Disk 0 MBR read successfully
18:57:03.659 Disk 0 MBR scan
18:57:03.666 Disk 0 Windows 7 default MBR code
18:57:03.686 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:57:03.705 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 34900 MB offset 206848
18:57:03.729 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 41322 MB offset 71682048
18:57:03.754 Disk 0 scanning sectors +156309504
18:57:03.814 Disk 0 scanning C:\Windows\system32\drivers
18:57:11.577 Service scanning
18:57:19.946 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
18:57:29.462 Modules scanning
18:57:32.846 Disk 0 trace - called modules:
18:57:32.876 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
18:57:32.885 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d54a78]
18:57:32.894 3 CLASSPNP.SYS[8afdd59e] -> nt!IofCallDriver -> [0x858968d8]
18:57:32.906 5 ACPI.sys[8ac8c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x858b8030]
18:57:33.236 AVAST engine scan C:\Windows
18:57:34.186 AVAST engine scan C:\Windows\system32
18:59:38.350 AVAST engine scan C:\Windows\system32\drivers
18:59:47.757 AVAST engine scan C:\Users\Marge
19:01:19.017 AVAST engine scan C:\ProgramData
19:01:51.950 Scan finished successfully
19:02:07.083 Disk 0 MBR has been saved successfully to "d:\Marge\Desktop\tom\MBR.dat"
19:02:07.095 The log file has been saved successfully to "d:\Marge\Desktop\tom\aswMBR2.txt"

cspgsl is offline  
Old 1st April 2012   #15
Geek Member
THREAD STARTER
Lifetime Subscription
 
Profile:
Join Date: Jul 2008
Location: Atlantic Canada
Posts: 730
Computer Experience:
enuf to create havoc
cspgsl Reputation Level

My System
18:46:33.0409 5336 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:46:33.0859 5336 ============================================================
18:46:33.0859 5336 Current date / time: 2012/04/01 18:46:33.0859
18:46:33.0859 5336 SystemInfo:
18:46:33.0859 5336
18:46:33.0859 5336 OS Version: 6.1.7601 ServicePack: 1.0
18:46:33.0859 5336 Product type: Workstation
18:46:33.0859 5336 ComputerName: MARGE-PERROTT
18:46:33.0859 5336 UserName: Marge
18:46:33.0859 5336 Windows directory: C:\Windows
18:46:33.0859 5336 System windows directory: C:\Windows
18:46:33.0859 5336 Processor architecture: Intel x86
18:46:33.0859 5336 Number of processors: 2
18:46:33.0859 5336 Page size: 0x1000
18:46:33.0860 5336 Boot type: Normal boot
18:46:33.0860 5336 ============================================================
18:46:34.0930 5336 Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:46:34.0946 5336 \Device\Harddisk0\DR0:
18:46:34.0946 5336 MBR used
18:46:34.0946 5336 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:34.0946 5336 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x442A000
18:46:34.0947 5336 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445C800, BlocksNum 0x50B5000
18:46:35.0020 5336 Initialize success
18:46:35.0020 5336 ============================================================
18:46:37.0830 5540 ============================================================
18:46:37.0830 5540 Scan started
18:46:37.0830 5540 Mode: Manual;
18:46:37.0830 5540 ============================================================
18:46:39.0657 5540 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:46:39.0660 5540 1394ohci - ok
18:46:39.0716 5540 a8djavs - ok
18:46:39.0927 5540 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:46:39.0929 5540 ACPI - ok
18:46:39.0975 5540 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:46:39.0976 5540 AcpiPmi - ok
18:46:39.0999 5540 acs - ok
18:46:40.0087 5540 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:46:40.0088 5540 AdobeARMservice - ok
18:46:40.0162 5540 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:46:40.0169 5540 adp94xx - ok
18:46:40.0215 5540 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:46:40.0220 5540 adpahci - ok
18:46:40.0257 5540 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:46:40.0260 5540 adpu320 - ok
18:46:40.0319 5540 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:46:40.0319 5540 AeLookupSvc - ok
18:46:40.0377 5540 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:46:40.0382 5540 AFD - ok
18:46:40.0426 5540 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:46:40.0427 5540 agp440 - ok
18:46:40.0483 5540 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:46:40.0485 5540 aic78xx - ok
18:46:40.0554 5540 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:46:40.0556 5540 ALG - ok
18:46:40.0602 5540 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:46:40.0603 5540 aliide - ok
18:46:40.0637 5540 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:46:40.0639 5540 amdagp - ok
18:46:40.0682 5540 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:46:40.0684 5540 amdide - ok
18:46:40.0755 5540 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:46:40.0757 5540 AmdK8 - ok
18:46:40.0798 5540 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:46:40.0800 5540 AmdPPM - ok
18:46:40.0858 5540 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:46:40.0860 5540 amdsata - ok
18:46:40.0908 5540 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:46:40.0911 5540 amdsbs - ok
18:46:40.0935 5540 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:46:40.0937 5540 amdxata - ok
18:46:40.0993 5540 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:46:40.0994 5540 AppID - ok
18:46:41.0088 5540 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:46:41.0089 5540 AppIDSvc - ok
18:46:41.0158 5540 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:46:41.0159 5540 Appinfo - ok
18:46:41.0212 5540 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:46:41.0213 5540 Apple Mobile Device - ok
18:46:41.0278 5540 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
18:46:41.0279 5540 AppMgmt - ok
18:46:41.0376 5540 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:46:41.0377 5540 arc - ok
18:46:41.0416 5540 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:46:41.0418 5540 arcsas - ok
18:46:41.0474 5540 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:46:41.0475 5540 AsyncMac - ok
18:46:41.0522 5540 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:46:41.0523 5540 atapi - ok
18:46:41.0557 5540 atfsd - ok
18:46:41.0607 5540 ati - ok
18:46:41.0693 5540 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:46:41.0696 5540 AudioEndpointBuilder - ok
18:46:41.0734 5540 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:46:41.0737 5540 Audiosrv - ok
18:46:41.0773 5540 avgascln - ok
18:46:41.0855 5540 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:46:41.0857 5540 AxInstSV - ok
18:46:41.0955 5540 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:46:41.0973 5540 b06bdrv - ok
18:46:42.0061 5540 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:46:42.0065 5540 b57nd60x - ok
18:46:42.0115 5540 bc_ip_f - ok
18:46:42.0180 5540 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:46:42.0182 5540 BDESVC - ok
18:46:42.0225 5540 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:46:42.0226 5540 Beep - ok
18:46:42.0291 5540 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:46:42.0296 5540 BITS - ok
18:46:42.0335 5540 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:46:42.0337 5540 blbdrive - ok
18:46:42.0433 5540 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
18:46:42.0438 5540 Bonjour Service - ok
18:46:42.0482 5540 BootScreen - ok
18:46:42.0553 5540 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:46:42.0554 5540 bowser - ok
18:46:42.0587 5540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:46:42.0589 5540 BrFiltLo - ok
18:46:42.0625 5540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:46:42.0626 5540 BrFiltUp - ok
18:46:42.0692 5540 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:46:42.0693 5540 Browser - ok
18:46:42.0734 5540 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:46:42.0738 5540 Brserid - ok
18:46:42.0776 5540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:46:42.0779 5540 BrSerWdm - ok
18:46:42.0828 5540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:46:42.0829 5540 BrUsbMdm - ok
18:46:42.0850 5540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:46:42.0851 5540 BrUsbSer - ok
18:46:42.0892 5540 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:46:42.0894 5540 BTHMODEM - ok
18:46:42.0994 5540 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:46:42.0995 5540 bthserv - ok
18:46:43.0034 5540 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:46:43.0037 5540 cdfs - ok
18:46:43.0120 5540 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:46:43.0123 5540 cdrom - ok
18:46:43.0180 5540 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:46:43.0181 5540 CertPropSvc - ok
18:46:43.0220 5540 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:46:43.0221 5540 circlass - ok
18:46:43.0275 5540 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:46:43.0277 5540 CLFS - ok
18:46:43.0354 5540 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:46:43.0356 5540 clr_optimization_v2.0.50727_32 - ok
18:46:43.0482 5540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:46:43.0484 5540 clr_optimization_v4.0.30319_32 - ok
18:46:43.0562 5540 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:46:43.0563 5540 CmBatt - ok
18:46:43.0614 5540 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:46:43.0615 5540 cmdide - ok
18:46:43.0705 5540 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:46:43.0711 5540 CNG - ok
18:46:43.0757 5540 commserver - ok
18:46:43.0813 5540 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:46:43.0814 5540 Compbatt - ok
18:46:43.0878 5540 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:46:43.0879 5540 CompositeBus - ok
18:46:43.0915 5540 COMSysApp - ok
18:46:43.0972 5540 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:46:43.0974 5540 crcdisk - ok
18:46:44.0027 5540 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:46:44.0029 5540 CryptSvc - ok
18:46:44.0065 5540 CrystalSysInfo - ok
18:46:44.0138 5540 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
18:46:44.0145 5540 CSC - ok
18:46:44.0188 5540 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
18:46:44.0192 5540 CscService - ok
18:46:44.0240 5540 ctxcpuusync - ok
18:46:44.0298 5540 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:46:44.0302 5540 DcomLaunch - ok
18:46:44.0411 5540 DefragFS (4bb22f61e7257ed353a39130b3ed2461) C:\Windows\system32\drivers\DefragFS.sys
18:46:44.0413 5540 DefragFS - ok
18:46:44.0491 5540 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:46:44.0495 5540 defragsvc - ok
18:46:44.0548 5540 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:46:44.0550 5540 DfsC - ok
18:46:44.0617 5540 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:46:44.0619 5540 Dhcp - ok
18:46:44.0684 5540 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:46:44.0684 5540 discache - ok
18:46:44.0723 5540 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:46:44.0724 5540 Disk - ok
18:46:44.0771 5540 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:46:44.0772 5540 Dnscache - ok
18:46:44.0831 5540 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:46:44.0835 5540 dot3svc - ok
18:46:44.0886 5540 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:46:44.0888 5540 DPS - ok
18:46:45.0163 5540 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:46:45.0163 5540 drmkaud - ok
18:46:45.0240 5540 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:46:45.0245 5540 DXGKrnl - ok
18:46:45.0282 5540 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys
18:46:45.0284 5540 E100B - ok
18:46:45.0368 5540 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:46:45.0370 5540 EapHost - ok
18:46:45.0496 5540 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:46:45.0591 5540 ebdrv - ok
18:46:45.0645 5540 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:46:45.0647 5540 EFS - ok
18:46:45.0692 5540 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
18:46:45.0734 5540 ehRecvr - ok
18:46:45.0777 5540 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:46:45.0779 5540 ehSched - ok
18:46:45.0840 5540 EhttpSrv - ok
18:46:45.0952 5540 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:46:45.0969 5540 elxstor - ok
18:46:46.0024 5540 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:46:46.0025 5540 ErrDev - ok
18:46:46.0106 5540 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:46:46.0108 5540 EventSystem - ok
18:46:46.0162 5540 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:46:46.0165 5540 exfat - ok
18:46:46.0206 5540 F700ius - ok
18:46:46.0252 5540 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:46:46.0255 5540 fastfat - ok
18:46:46.0379 5540 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:46:46.0383 5540 Fax - ok
18:46:46.0419 5540 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:46:46.0420 5540 fdc - ok
18:46:46.0461 5540 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:46:46.0462 5540 fdPHost - ok
18:46:46.0490 5540 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:46:46.0491 5540 FDResPub - ok
18:46:46.0531 5540 fgdxbus - ok
18:46:46.0571 5540 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:46:46.0572 5540 FileInfo - ok
18:46:46.0614 5540 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:46:46.0615 5540 Filetrace - ok
18:46:46.0654 5540 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:46:46.0655 5540 flpydisk - ok
18:46:46.0707 5540 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:46:46.0710 5540 FltMgr - ok
18:46:46.0773 5540 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:46:46.0778 5540 FontCache - ok
18:46:46.0833 5540 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:46:46.0834 5540 FontCache3.0.0.0 - ok
18:46:46.0867 5540 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:46:46.0868 5540 FsDepends - ok
18:46:46.0898 5540 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:46:46.0899 5540 Fs_Rec - ok
18:46:46.0953 5540 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:46:46.0954 5540 fvevol - ok
18:46:46.0998 5540 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:46:47.0000 5540 gagp30kx - ok
18:46:47.0056 5540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:46:47.0057 5540 GEARAspiWDM - ok
18:46:47.0131 5540 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:46:47.0149 5540 gpsvc - ok
18:46:47.0217 5540 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:46:47.0220 5540 gusvc - ok
18:46:47.0265 5540 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:46:47.0266 5540 hcw85cir - ok
18:46:47.0334 5540 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:46:47.0339 5540 HdAudAddService - ok
18:46:47.0382 5540 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:46:47.0383 5540 HDAudBus - ok
18:46:47.0408 5540 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:46:47.0409 5540 HidBatt - ok
18:46:47.0447 5540 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:46:47.0449 5540 HidBth - ok
18:46:47.0491 5540 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:46:47.0493 5540 HidIr - ok
18:46:47.0541 5540 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:46:47.0542 5540 hidserv - ok
18:46:47.0614 5540 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:46:47.0615 5540 HidUsb - ok
18:46:47.0665 5540 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:46:47.0666 5540 hkmsvc - ok
18:46:47.0716 5540 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:46:47.0720 5540 HomeGroupListener - ok
18:46:47.0750 5540 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:46:47.0753 5540 HomeGroupProvider - ok
18:46:47.0798 5540 HPFECP20 - ok
18:46:47.0888 5540 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:46:47.0890 5540 HpSAMD - ok
18:46:47.0948 5540 hpzipr12 - ok
18:46:48.0011 5540 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:46:48.0028 5540 HTTP - ok
18:46:48.0066 5540 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:46:48.0067 5540 hwpolicy - ok
18:46:48.0117 5540 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:46:48.0119 5540 i8042prt - ok
18:46:48.0156 5540 iaimtv1 - ok
18:46:48.0227 5540 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:46:48.0233 5540 iaStorV - ok
18:46:48.0310 5540 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:46:48.0316 5540 idsvc - ok
18:46:48.0471 5540 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:46:48.0582 5540 igfx - ok
18:46:48.0636 5540 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:46:48.0637 5540 iirsp - ok
18:46:48.0710 5540 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:46:48.0715 5540 IKEEXT - ok
18:46:48.0739 5540 IntelC51 - ok
18:46:48.0776 5540 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:46:48.0777 5540 intelide - ok
18:46:48.0808 5540 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:46:48.0809 5540 intelppm - ok
18:46:48.0851 5540 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:46:48.0853 5540 IPBusEnum - ok
18:46:48.0889 5540 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:46:48.0891 5540 IpFilterDriver - ok
18:46:48.0943 5540 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:46:48.0945 5540 IPMIDRV - ok
18:46:48.0975 5540 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:46:48.0978 5540 IPNAT - ok
18:46:49.0028 5540 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
18:46:49.0054 5540 iPod Service - ok
18:46:49.0105 5540 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:46:49.0106 5540 IRENUM - ok
18:46:49.0152 5540 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:46:49.0154 5540 isapnp - ok
18:46:49.0223 5540 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:46:49.0227 5540 iScsiPrt - ok
18:46:49.0278 5540 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:46:49.0279 5540 kbdclass - ok
18:46:49.0320 5540 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:46:49.0321 5540 kbdhid - ok
18:46:49.0361 5540 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:46:49.0363 5540 KeyIso - ok
18:46:49.0406 5540 KR10N - ok
18:46:49.0455 5540 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:46:49.0457 5540 KSecDD - ok
18:46:49.0509 5540 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:46:49.0511 5540 KSecPkg - ok
18:46:49.0577 5540 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:46:49.0583 5540 KtmRm - ok
18:46:49.0636 5540 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:46:49.0639 5540 LanmanServer - ok
18:46:49.0723 5540 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:46:49.0726 5540 LanmanWorkstation - ok
18:46:49.0845 5540 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:46:49.0847 5540 lltdio - ok
18:46:49.0889 5540 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:46:49.0893 5540 lltdsvc - ok
18:46:49.0937 5540 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:46:49.0939 5540 lmhosts - ok
18:46:50.0026 5540 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:46:50.0029 5540 LMIGuardianSvc - ok
18:46:50.0057 5540 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:46:50.0057 5540 LMIInfo - ok
18:46:50.0129 5540 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
18:46:50.0130 5540 lmimirr - ok
18:46:50.0169 5540 LMIRfsClientNP - ok
18:46:50.0232 5540 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
18:46:50.0232 5540 LMIRfsDriver - ok
18:46:50.0268 5540 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:46:50.0271 5540 LogMeIn - ok
18:46:50.0314 5540 LRMINIPORT - ok
18:46:50.0381 5540 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:46:50.0383 5540 LSI_FC - ok
18:46:50.0433 5540 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:46:50.0435 5540 LSI_SAS - ok
18:46:50.0471 5540 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:46:50.0473 5540 LSI_SAS2 - ok
18:46:50.0508 5540 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:46:50.0511 5540 LSI_SCSI - ok
18:46:50.0550 5540 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:46:50.0552 5540 luafv - ok
18:46:50.0589 5540 lvckap - ok
18:46:50.0639 5540 MA8032U - ok
18:46:50.0681 5540 maya70docserver - ok
18:46:50.0756 5540 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:46:50.0757 5540 MBAMProtector - ok
18:46:50.0842 5540 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:46:50.0845 5540 MBAMService - ok
18:46:50.0898 5540 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
18:46:50.0901 5540 Mcx2Svc - ok
18:46:50.0943 5540 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:46:50.0944 5540 megasas - ok
18:46:51.0000 5540 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:46:51.0004 5540 MegaSR - ok
18:46:51.0067 5540 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:46:51.0069 5540 MMCSS - ok
18:46:51.0104 5540 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:46:51.0105 5540 Modem - ok
18:46:51.0169 5540 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:46:51.0169 5540 monitor - ok
18:46:51.0212 5540 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:46:51.0212 5540 mouclass - ok
18:46:51.0233 5540 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:46:51.0234 5540 mouhid - ok
18:46:51.0274 5540 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:46:51.0275 5540 mountmgr - ok
18:46:51.0327 5540 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:46:51.0329 5540 MpFilter - ok
18:46:51.0385 5540 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:46:51.0387 5540 mpio - ok
18:46:51.0434 5540 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:46:51.0435 5540 MpNWMon - ok
18:46:51.0489 5540 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:46:51.0491 5540 mpsdrv - ok
18:46:51.0539 5540 mqdmserd - ok
18:46:51.0581 5540 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:46:51.0583 5540 MRxDAV - ok
18:46:51.0645 5540 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:46:51.0648 5540 mrxsmb - ok
18:46:51.0677 5540 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:46:51.0681 5540 mrxsmb10 - ok
18:46:51.0709 5540 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:46:51.0711 5540 mrxsmb20 - ok
18:46:51.0763 5540 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:46:51.0764 5540 msahci - ok
18:46:51.0816 5540 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:46:51.0818 5540 msdsm - ok
18:46:51.0869 5540 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:46:51.0873 5540 MSDTC - ok
18:46:51.0941 5540 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:46:51.0942 5540 Msfs - ok
18:46:51.0977 5540 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:46:51.0978 5540 mshidkmdf - ok
18:46:52.0025 5540 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:46:52.0026 5540 msisadrv - ok
18:46:52.0068 5540 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:46:52.0071 5540 MSiSCSI - ok
18:46:52.0097 5540 msiserver - ok
18:46:52.0140 5540 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:46:52.0141 5540 MSKSSRV - ok
18:46:52.0222 5540 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:46:52.0222 5540 MsMpSvc - ok
18:46:52.0248 5540 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:46:52.0249 5540 MSPCLOCK - ok
18:46:52.0273 5540 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:46:52.0274 5540 MSPQM - ok
18:46:52.0311 5540 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:46:52.0314 5540 MsRPC - ok
18:46:52.0349 5540 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:46:52.0349 5540 mssmbios - ok
18:46:52.0386 5540 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:46:52.0386 5540 MSTEE - ok
18:46:52.0415 5540 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:46:52.0416 5540 MTConfig - ok
18:46:52.0453 5540 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:46:52.0454 5540 Mup - ok
18:46:52.0509 5540 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

cspgsl is offline  


 

THIS THREAD HAS EXPIRED.

Are you having the same problem? Please post a new thread, but first you'll have to join us by Registering (FREE).



Discussion Forums
Operating Systems
Windows 8 Windows 8
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Legacy Windows OS Legacy Windows OS
Internet & Networking
Networking (Hardware & Software) Networking
Internet Explorer Internet Explorer
Microsoft Mail Microsoft Mail
Firefox, Thunderbird & SeaMonkey Firefox, Thunderbird
      & SeaMonkey

Web Applications & Cloud Web Applications & Cloud
General Internet
Security
Malware and Virus Removal Malware and Virus
     Removal

Security and Privacy Security and Privacy

Other
Other PC Software Other PC Software
Test Posts Test Posts
Hardware
PC Hardware PC Hardware
Mobile Devices Mobile Devices
Community
Introductions Introductions
General Discussions General Discussions
Site Comments & Suggestions Site Comments
      & Suggestions

News News @ WindowsBBS

Thread Tools


Find us on Facebook   Web Of Trust Rating

All times are GMT. The time now is 08:16.


Recent Discussions
Need Help adding a Win7 machine to .. (12)
How can I change Folder default to .. (7)
Zone alarm or comodo blocking inter.. (12)
The 'other' Windows blue screen (wi.. (0)
Delete INFCACHE failes to restart S.. (11)
How to make a clone primary partiti.. (7)
Insert Link Not Working in Thunderb.. (14)
altering the OS (3)
Start Up Slow? (2)
Sharing a printer using WiFi (4)
Hub Manager (9)
Outlook Express doesn't work with b.. (3)
SpywareBlaster updates available (0)
Blue Screen Of Death (17)
Need desktop icon save/restore sw f.. (3)
Spacebar won't work (16)
PC Will Not Boot After HDDs Re-Arra.. (32)
WD External Hard Drives not recogin.. (4)
BSoD (31)
Can't get Win7 shortcuts to open in.. (13)


Donate!
Support Windows BBS!



Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO
Copyright 2002 - 2013 WindowsBBS.com. All rights reserved.
FDMA Media LLC
Terms of Use, Legal Information & Privacy Policy
Page generated in 1.12651 seconds with 7 queries