Ukash virus simply won't go away - help pleeeaase

darrenj1471

New member
Member
Local time
6:04 AM
Messages
75
Location
London, England
Hello
Firstly , I am new here so if I'm in wrong area or miss some etiquette I whole heartedly apologise up front but I'm panicking and need help.

I have a windows 7 64 bit Samsung laptop which has contracted The ukash virus and I'm having to type this from my phone. I have watched many vids and seen forum posts and while I consider myself ok at following instruction I'm stuck. Fyi it's the metropolitan police version which cleverly also takes a pic of you which I have got. I will describe symptoms and what I've tried and REALLY hope you can help:

Normal mode goes direct to virus screen and gives me no time to do anything at all not even a few seconds. Safe mode and safe mode with networking go direct to a white screen and I can't do anything but safe mode with command prompt seems to be my only life line.

I used command explore to open win explorer and did a search on my computer for *.exe and found one with random numbers installed today (time of virus) I deleted this and emptied recycle bin but alas no change. I have tried following some YouTube videos to edit registry but all seem to show removal of run entries for current user under windows and nt but I can't find any strange entries???

Finally I have used command msconfig and on the startup tab disabled everything and chosen selective start up and restarted ....still no joy

Please please help me , thanks in advance
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Hi and welcome,

You will need to scan from outside the Windows environment to start tackling this. On a known clean computer, burn Windows Defender Offline to a DVD, and then boot your infected computer from this DVD to scan it. This tutorial will guide you through that process:

http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Post back if you need more help.

Regards,
Golden
 

My Computer My Computer

At a glance

Windows 10 Pro x64 ; Xubuntu x64Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz16GB Corsair Vengance DDR3 @ 661 MHz Dual Cha...EVGA NVidia GTX 560 1024MB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
If windows defender doesnt work

Download Farbar Recovery Scan Tool

Farbar Recovery Scan Tool Download

and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
    Select Command Prompt
    In the command window type in notepad and press Enter
    The notepad opens. Under File menu select Open
    Select "Computer" and find your flash drive letter and close the notepad
    In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive
    The tool will start to run
    When the tool opens click Yes to disclaimer
    Press Scan button
    It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Ok thanks thus far, however I don't currently have access to another computer :( will have to call some friends if these are my only avenues
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Stupid question , can I use an external hard drive instead of usb pen drive ? Ie I have a terabyte drive but no little flash drives
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Ignore my last message, I realised of course I can use harddrive. I used Farbar and have run the scan and result is below
Code:
Scan result of Farbar Recovery Scan Tool Version: 28-08-2012
Ran by SYSTEM at 28-08-2012 18:27:54
Running from H:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKU\darren\...\Winlogon: [Shell] explorer.exe,C:\Users\darren\AppData\Roaming\msconfig.dat [84480 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
AppInit_DLLs: C:\windows\system32\nvinitx.dll
Lsa: [Authentication Packages] msv1_0
relog_ap
==================== Services (Whitelisted) ======
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-29] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-07] ()
2 SgtSch2Svc; "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe" [606048 2009-10-16] (Seagate)
4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [427880 2009-03-29] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2010-02-03] (Intel Corporation)
==================== Drivers (Whitelisted) ===================
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-18] (AVG Technologies CZ, s.r.o.)
0 snapman; C:\Windows\System32\Drivers\snapman.sys [235040 2012-01-29] (Acronis)
0 tdrpman; C:\Windows\System32\Drivers\tdrpman.sys [593952 2012-01-29] (Acronis)
2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [81952 2012-01-29] (Acronis)
0 timounter; C:\Windows\System32\DRIVERS\timntr.sys [711712 2012-01-29] (Acronis)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()
==================== NetSvcs (Whitelisted) =================

==================== One Month Created Files and Folders ======================
2012-08-28 06:19 - 2012-08-28 06:20 - 00007799 ____A C:\Windows\WindowsUpdate.log
2012-08-28 05:20 - 2012-08-28 07:22 - 00000392 ____A C:\Windows\setupact.log
2012-08-28 05:20 - 2012-08-28 05:20 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 04:58 - 2012-08-28 05:18 - 00005136 ____A C:\Windows\System32\avgrep.txt
2012-08-28 03:57 - 2012-08-28 04:47 - 00000000 ____D C:\Windows\pss
2012-08-28 03:43 - 2012-08-28 07:32 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
2012-08-28 03:41 - 2012-08-28 03:41 - 00224557 ____A C:\Users\darren\Desktop\ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 03:41 - 2012-08-28 03:41 - 00000165 ___AH C:\Users\darren\Desktop\~$ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 00:24 - 2012-08-28 00:24 - 00000000 ____D C:\Users\darren\AppData\Local\{288F60F6-1181-456C-B2F5-05153BBCBB3C}
2012-08-27 18:08 - 2012-08-27 18:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-27 18:08 - 2012-08-27 18:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-27 18:08 - 2012-08-27 18:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-27 18:08 - 2012-08-27 18:08 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-27 18:08 - 2012-08-27 18:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-27 18:07 - 2012-08-27 18:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-27 18:07 - 2012-08-27 18:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-27 18:07 - 2012-08-27 18:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-27 12:17 - 2012-08-27 12:17 - 00000000 ____D C:\Users\darren\AppData\Local\{06909F12-84B6-4E03-8073-D99BA89729E0}
2012-08-26 14:50 - 2012-08-25 03:33 - 1653435119 ____A C:\Users\darren\Desktop\Game.of.Thrones.S02E10.720p.HDTV.x264-IMMERSE.mkv
2012-08-25 04:33 - 2012-08-25 04:33 - 00000000 ____D C:\Users\darren\AppData\Local\{EED81363-A654-4B2A-B312-85C95F190BE7}
2012-08-23 04:23 - 2012-08-23 04:23 - 00323657 ____A C:\Users\darren\Desktop\SMSVarMachinDetail.xlsx
2012-08-23 02:55 - 2012-08-23 02:55 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-23 02:54 - 2012-08-23 02:54 - 03907920 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup321.exe
2012-08-18 06:08 - 2012-07-06 12:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-08-16 14:29 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 14:29 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-16 14:29 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-16 14:29 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-16 14:29 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-16 14:29 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-16 14:29 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-16 14:28 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 14:28 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-16 14:28 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-16 14:28 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-16 14:28 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-16 14:28 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-14 08:55 - 2012-08-14 08:55 - 00001848 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-08-14 08:54 - 2012-08-14 08:54 - 00000009 ____A C:\END
2012-08-14 08:54 - 2012-08-14 08:54 - 00000000 ____D C:\Users\darren\AppData\Local\CRE
2012-08-14 05:01 - 2012-08-14 07:50 - 00000000 ____D C:\Users\darren\Desktop\Sziget2012
2012-08-13 14:47 - 2012-08-13 14:47 - 00000000 ____D C:\Users\darren\AppData\Local\{BBB11281-D78D-4FC8-9DBB-C6DA167661EB}
2012-08-13 14:47 - 2012-08-13 14:47 - 00000000 ____D C:\Users\darren\AppData\Local\{0A064342-A3F3-467D-B8DB-336A972592B8}
2012-08-04 07:59 - 2012-08-04 07:59 - 00000000 ____D C:\Users\darren\AppData\Local\{54DBF924-627B-40C8-AEF8-C959E65C0013}
2012-08-04 07:58 - 2012-08-04 07:59 - 00000000 ____D C:\Users\darren\AppData\Local\{E9481FDA-2661-4E37-BE43-7E7CF59DFBE7}
2012-08-02 12:32 - 2012-08-02 12:32 - 00000000 ____D C:\Users\darren\Documents\samsung
2012-08-02 12:32 - 2012-08-02 12:32 - 00000000 ____D C:\Users\darren\AppData\Local\Samsung
2012-08-02 12:31 - 2012-08-02 12:31 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-08-02 12:03 - 2012-06-03 23:59 - 00203320 ____A (DEVGURU Co., LTD.([URL="http://www.devguru.co.kr"]www.devguru.co.kr[/URL])) C:\Windows\System32\Drivers\ssudmdm.sys
2012-08-02 12:03 - 2012-06-03 23:59 - 00099384 ____A (DEVGURU Co., LTD.([URL="http://www.devguru.co.kr"]www.devguru.co.kr[/URL])) C:\Windows\System32\Drivers\ssudbus.sys
2012-08-02 12:01 - 2012-08-02 12:01 - 00000000 ____D C:\Program Files (x86)\MarkAny
2012-08-02 12:01 - 2012-06-26 07:03 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-08-02 12:01 - 2012-06-26 07:02 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-08-02 11:50 - 2012-08-02 11:50 - 00000000 ____D C:\Users\darren\AppData\Local\Downloaded Installations
2012-08-01 15:15 - 2012-08-01 15:15 - 00000000 ____D C:\Users\darren\AppData\Local\{7C0F2526-CFAB-4C98-93B2-343235893A8A}
2012-08-01 15:14 - 2012-08-01 15:15 - 00000000 ____D C:\Users\darren\AppData\Local\{3C3A368A-2A2B-4D50-A6CC-2F14E34C3EC9}

==================== 3 Months Modified Files ================================
2012-08-28 07:32 - 2012-08-28 03:43 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
2012-08-28 07:30 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:30 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-28 07:26 - 2012-08-28 06:19 - 00007799 ____A C:\Windows\WindowsUpdate.log
2012-08-28 07:22 - 2012-08-28 05:20 - 00000392 ____A C:\Windows\setupact.log
2012-08-28 07:22 - 2012-03-17 04:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471356370-426161678-982001811-1001UA.job
2012-08-28 07:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-28 05:20 - 2012-08-28 05:20 - 00000000 ____A C:\Windows\setuperr.log
2012-08-28 05:18 - 2012-08-28 04:58 - 00005136 ____A C:\Windows\System32\avgrep.txt
2012-08-28 03:41 - 2012-08-28 03:41 - 00224557 ____A C:\Users\darren\Desktop\ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 03:41 - 2012-08-28 03:41 - 00000165 ___AH C:\Users\darren\Desktop\~$ILP-FDE Weekly Reports we 24th Aug 12.pptx
2012-08-28 02:53 - 2012-04-11 12:39 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-27 20:36 - 2012-03-17 04:19 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3471356370-426161678-982001811-1001Core.job
2012-08-27 18:08 - 2012-08-27 18:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-27 18:08 - 2012-08-27 18:08 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-27 18:08 - 2012-08-27 18:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-27 18:08 - 2012-08-27 18:08 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-27 18:08 - 2012-08-27 18:08 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-27 18:08 - 2012-08-27 18:08 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-27 18:08 - 2012-08-27 18:08 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-27 18:07 - 2012-08-27 18:07 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-27 18:07 - 2012-08-27 18:07 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-27 18:07 - 2012-08-27 18:07 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-27 18:07 - 2012-08-27 18:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-27 18:07 - 2012-08-27 18:07 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-27 18:07 - 2012-08-27 18:07 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-25 03:33 - 2012-08-26 14:50 - 1653435119 ____A C:\Users\darren\Desktop\Game.of.Thrones.S02E10.720p.HDTV.x264-IMMERSE.mkv
2012-08-23 04:23 - 2012-08-23 04:23 - 00323657 ____A C:\Users\darren\Desktop\SMSVarMachinDetail.xlsx
2012-08-23 02:55 - 2012-08-23 02:55 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-23 02:54 - 2012-08-23 02:54 - 03907920 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup321.exe
2012-08-21 04:48 - 2012-04-11 12:39 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-21 04:48 - 2011-07-22 16:57 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-19 15:48 - 2009-07-13 20:45 - 00309424 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-18 06:06 - 2011-12-06 11:12 - 00000039 ____A C:\Windows\vbaddin.ini
2012-08-18 06:02 - 2011-07-17 12:26 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-14 08:55 - 2012-08-14 08:55 - 00001848 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-08-14 08:54 - 2012-08-14 08:54 - 00000009 ____A C:\END
2012-08-02 12:31 - 2012-08-02 12:31 - 00001953 ____A C:\Users\Public\Desktop\Samsung Kies.lnk
2012-08-02 11:58 - 2011-08-18 00:26 - 00858750 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-02 11:58 - 2009-07-13 21:13 - 00858750 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-18 10:15 - 2012-08-16 14:28 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-16 10:30 - 2012-07-16 10:30 - 00001862 ____A C:\Users\darren\Desktop\mkvmerge GUI.lnk
2012-07-06 12:07 - 2012-08-18 06:08 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-07-04 14:16 - 2012-08-16 14:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:13 - 2012-08-16 14:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:13 - 2012-08-16 14:29 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:16 - 2012-08-16 14:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:14 - 2012-08-16 14:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-06-26 07:03 - 2012-08-02 12:01 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2012-06-26 07:02 - 2012-08-02 12:01 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00974848 ____A C:\Windows\SysWOW64\cis-2.4.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00569344 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzdecode.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00491520 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00352256 ____A (Sample Corporation) C:\Windows\SysWOW64\MSLUR71.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00330240 ____A ((?)????) C:\Windows\MASetupCaller.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00258048 ____A ((c) PeeringPortal) C:\Windows\SysWOW64\muzoggsp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00245760 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSCLib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00200704 ____A ( (c) MusicCity) C:\Windows\SysWOW64\muzwmts.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00172032 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzapp.exe
2012-06-26 07:02 - 2012-06-26 07:02 - 00155648 ____A (Teruten Inc.) C:\Windows\SysWOW64\MSFLib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00143360 ____A C:\Windows\SysWOW64\3DAudio.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00135168 ____A (Musiccity Co.Ltd.) C:\Windows\SysWOW64\muzaf1.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00131072 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmpgsp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00122880 ____A ((c) MUSICCITY) C:\Windows\SysWOW64\muzeffect.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00118784 ____A ((?)????) C:\Windows\SysWOW64\MaDRM.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00110592 ____A ((c) MusicCity) C:\Windows\SysWOW64\muzmp4sp.ax
2012-06-26 07:02 - 2012-06-26 07:02 - 00090112 ____A ((?)????) C:\Windows\MAMCityDownload.ocx
2012-06-26 07:02 - 2012-06-26 07:02 - 00081920 ____A C:\Windows\SysWOW64\issacapi_bs-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00065536 ____A C:\Windows\SysWOW64\issacapi_pe-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A C:\Windows\SysWOW64\issacapi_se-2.3.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A (Marktek) C:\Windows\SysWOW64\MK_Lyric.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00057344 ____A (Marktek Inc.) C:\Windows\SysWOW64\MTXSYNCICON.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00049152 ____A ((?) ????) C:\Windows\SysWOW64\MaJGUILib.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045320 ____A (MARKANY) C:\Windows\SysWOW64\MAMACExtract.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MaXMLProto.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00045056 ____A ((?) ????) C:\Windows\SysWOW64\MACXMLProto.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00040960 ____A (Telechips Inc.,) C:\Windows\SysWOW64\MTTELECHIP.dll
2012-06-26 07:02 - 2012-06-26 07:02 - 00024576 ____A ((?)????) C:\Windows\SysWOW64\MASetupCleaner.exe
2012-06-23 01:45 - 2012-06-23 01:44 - 03862112 ____A (Piriform Ltd) C:\Users\darren\Downloads\ccsetup319.exe
2012-06-08 21:43 - 2012-07-10 15:56 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 15:56 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 15:56 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 15:56 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 15:56 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 15:56 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:56 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:56 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-03 23:59 - 2012-08-02 12:03 - 00203320 ____A (DEVGURU Co., LTD.([URL="http://www.devguru.co.kr"]www.devguru.co.kr[/URL])) C:\Windows\System32\Drivers\ssudmdm.sys
2012-06-03 23:59 - 2012-08-02 12:03 - 00099384 ____A (DEVGURU Co., LTD.([URL="http://www.devguru.co.kr"]www.devguru.co.kr[/URL])) C:\Windows\System32\Drivers\ssudbus.sys
2012-06-02 14:19 - 2012-06-21 15:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 15:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 15:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 15:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 15:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 15:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 15:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 15:56 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 15:56 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 15:56 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 15:56 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 15:56 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 15:56 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 15:56 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 15:56 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 15:56 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points  =========================
Restore point made on: 2012-08-18 06:02:19
Restore point made on: 2012-08-23 03:02:30
Restore point made on: 2012-08-27 18:00:44
==================== Memory info =========================== 
Percentage of memory in use: 16%
Total physical RAM: 3882.09 MB
Available physical RAM: 3247.74 MB
Total Pagefile: 3880.23 MB
Available Pagefile: 3242.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
==================== Partitions ============================
1 Drive c: () (Fixed) (Total:111 GB) (Free:31.6 GB) NTFS
2 Drive d: () (Fixed) (Total:165.82 GB) (Free:30.15 GB) NTFS
3 Drive f: (SAMSUNG_REC) (Fixed) (Total:21.17 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (FAT32 HDD) (Fixed) (Total:931.28 GB) (Free:723.96 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          298 GB  1024 KB         
  Disk 1    Online          931 GB      0 B         
Partitions of Disk 0:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            111 GB   101 MB
  Partition 0    Extended           165 GB   111 GB
  Partition 4    Logical            165 GB   111 GB
  Partition 3    Recovery            21 GB   276 GB
==================================================================================
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy            
==================================================================================
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    111 GB  Healthy            
==================================================================================
Disk: 0
Partition 4
Type  : 07
Hidden: No
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D                NTFS   Partition    165 GB  Healthy            
==================================================================================
Disk: 0
Partition 3
Type  : 27
Hidden: Yes
Active: No
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     F   SAMSUNG_REC  NTFS   Partition     21 GB  Healthy    Hidden  
==================================================================================
Partitions of Disk 1:
===============
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            931 GB    31 KB
==================================================================================
Disk: 1
Partition 1
Type  : 0C
Hidden: No
Active: Yes
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H   FAT32 HDD    FAT32  Partition    931 GB  Healthy            
==================================================================================
Last Boot: 2012-08-27 04:54
==================== End Of Log =============================
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

Code:
start
HKU\darren\...\Winlogon: [Shell] explorer.exe,C:\Users\darren\AppData\Roaming\msconfig.dat 
2012-08-28 03:43 - 2012-08-28 07:32 - 00000045 ____A C:\Users\darren\AppData\Roaming\msconfig.ini
end
Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Last edited:

My Computer My Computer

At a glance

32 bit
OS
32 bit
Ok created fixlist file and saved it to flash drive , opened frst64 and clicked fix , a log has been created and is on flash drive....but I can't paste it here because after restarting I get the same police warning screen :(
I'm posting this from my phone as housemate has taken his laptop to bed so I can't post to internet from external harddrive
Guess the log may help you (I hope) and no joy so far , thanks though thus far :)
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
I'm able to obviously view the fixlog in safe mode though and I can type what it says as very brief.it says :

2011-11-16]() not found.

====End of Fixlog====

Hmm perhaps pasting the text contained an additional carriage return ? Safe to try again if I remove any carriage returns from your code ? Ie I guess 2011 just follows straight on from the other number ?
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
:( :( tried again ensuring no unrequired carriage returns and booted ....to the white screen of death

Re entering safe mode and accessing fixlog shows even less. Just says:

Run2
Running from h:\
=======================
====End of Fixlog====
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Sorry ,edited the FIX,please run it again
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
Hi
Created new fixlist.txt file with the revised code, run frst64 again and run fix, output of log below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 28-08-2012
Ran by SYSTEM at 2012-08-29 19:50:39 Run:3
Running from H:\
==============================================
HKEY_USERS\darren\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\darren\AppData\Roaming\msconfig.ini moved successfully.
==== End of Fixlog ====


I HAVE MY PC BACK !!! IT SEEMS FIXED , you are an absolute legend !! Do I need to do anything more ? :party:
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Please download aswMBR ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
[*]Click the Scan button to start the scan On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


Please download TDSSKiller.zip and and extract it.

  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

Please go here to run the scan. Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.Select the option YES, I accept the Terms of Use then click on:
EOLS2.gif
When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following:


  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Now click on:
EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. When completed the Online Scan will begin automatically.
[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
[*]Now click on:
EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Copy and paste that log as a reply to this topic.
 

My Computer My Computer

At a glance

32 bit
OS
32 bit
First log from Avast scan:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-30 19:09:03
-----------------------------
19:09:03.627 OS Version: Windows x64 6.1.7601 Service Pack 1
19:09:03.627 Number of processors: 4 586 0x2505
19:09:03.628 ComputerName: DARREN-PC UserName: darren
19:09:05.376 Initialize success
19:09:49.847 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:09:49.851 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
19:09:49.865 Disk 0 MBR read successfully
19:09:49.869 Disk 0 MBR scan
19:09:49.872 Disk 0 unknown MBR code
19:09:49.878 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:09:49.889 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 113664 MB offset 206848
19:09:49.893 Disk 0 Partition - 00 0F Extended LBA 169800 MB offset 232990720
19:09:49.928 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 21678 MB offset 580741120
19:09:49.962 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 169799 MB offset 232992768
19:09:49.988 Disk 0 scanning C:\windows\system32\drivers
19:09:58.754 Service scanning
19:10:29.391 Modules scanning
19:10:29.404 Disk 0 trace - called modules:
19:10:29.755 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:10:29.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800486c060]
19:10:29.771 3 CLASSPNP.SYS[fffff88001c3943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004665050]
19:10:29.779 Scan finished successfully
19:10:50.635 Disk 0 MBR has been saved successfully to "C:\Users\darren\Desktop\MBR.dat"
19:10:50.643 The log file has been saved successfully to "C:\Users\darren\Desktop\aswMBR.txt"
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
19:12:21.0913 1460 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:12:22.0137 1460 ============================================================
19:12:22.0137 1460 Current date / time: 2012/08/30 19:12:22.0137
19:12:22.0137 1460 SystemInfo:
19:12:22.0137 1460
19:12:22.0137 1460 OS Version: 6.1.7601 ServicePack: 1.0
19:12:22.0137 1460 Product type: Workstation
19:12:22.0137 1460 ComputerName: DARREN-PC
19:12:22.0137 1460 UserName: darren
19:12:22.0137 1460 Windows directory: C:\windows
19:12:22.0137 1460 System windows directory: C:\windows
19:12:22.0137 1460 Running under WOW64
19:12:22.0137 1460 Processor architecture: Intel x64
19:12:22.0137 1460 Number of processors: 4
19:12:22.0137 1460 Page size: 0x1000
19:12:22.0137 1460 Boot type: Normal boot
19:12:22.0137 1460 ============================================================
19:12:22.0672 1460 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:22.0678 1460 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:12:27.0510 1460 ============================================================
19:12:27.0510 1460 \Device\Harddisk0\DR0:
19:12:27.0549 1460 MBR partitions:
19:12:27.0550 1460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:12:27.0550 1460 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDE00000
19:12:27.0587 1460 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDE33000, BlocksNum 0x14BA3800
19:12:27.0587 1460 \Device\Harddisk1\DR3:
19:12:27.0588 1460 MBR partitions:
19:12:27.0588 1460 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
19:12:27.0588 1460 ============================================================
19:12:27.0628 1460 C: <-> \Device\Harddisk0\DR0\Partition2
19:12:27.0686 1460 D: <-> \Device\Harddisk0\DR0\Partition3
19:12:27.0687 1460 F: <-> \Device\Harddisk1\DR3\Partition1
19:12:27.0687 1460 ============================================================
19:12:27.0687 1460 Initialize success
19:12:27.0687 1460 ============================================================
19:12:43.0989 5496 ============================================================
19:12:43.0989 5496 Scan started
19:12:43.0989 5496 Mode: Manual; TDLFS;
19:12:43.0989 5496 ============================================================
19:12:44.0436 5496 ================ Scan system memory ========================
19:12:44.0436 5496 System memory - ok
19:12:44.0437 5496 ================ Scan services =============================
19:12:44.0791 5496 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:12:44.0794 5496 1394ohci - ok
19:12:44.0831 5496 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:12:44.0836 5496 ACPI - ok
19:12:44.0877 5496 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:12:44.0880 5496 AcpiPmi - ok
19:12:45.0148 5496 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:12:45.0156 5496 AdobeFlashPlayerUpdateSvc - ok
19:12:45.0215 5496 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:12:45.0222 5496 adp94xx - ok
19:12:45.0260 5496 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:12:45.0264 5496 adpahci - ok
19:12:45.0278 5496 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:12:45.0280 5496 adpu320 - ok
19:12:45.0308 5496 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:12:45.0309 5496 AeLookupSvc - ok
19:12:45.0356 5496 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:12:45.0362 5496 AFD - ok
19:12:45.0412 5496 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:12:45.0413 5496 agp440 - ok
19:12:45.0452 5496 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:12:45.0455 5496 ALG - ok
19:12:45.0483 5496 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:12:45.0484 5496 aliide - ok
19:12:45.0520 5496 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:12:45.0521 5496 amdide - ok
19:12:45.0556 5496 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:12:45.0558 5496 AmdK8 - ok
19:12:45.0578 5496 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:12:45.0579 5496 AmdPPM - ok
19:12:45.0626 5496 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:12:45.0627 5496 amdsata - ok
19:12:45.0650 5496 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:12:45.0652 5496 amdsbs - ok
19:12:45.0670 5496 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:12:45.0671 5496 amdxata - ok
19:12:45.0722 5496 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:12:45.0724 5496 AppID - ok
19:12:45.0749 5496 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:12:45.0752 5496 AppIDSvc - ok
19:12:45.0795 5496 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:12:45.0797 5496 Appinfo - ok
19:12:45.0937 5496 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:12:45.0940 5496 Apple Mobile Device - ok
19:12:45.0974 5496 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
19:12:45.0976 5496 arc - ok
19:12:45.0983 5496 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:12:45.0985 5496 arcsas - ok
19:12:46.0083 5496 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:12:46.0101 5496 aspnet_state - ok
19:12:46.0146 5496 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:12:46.0147 5496 AsyncMac - ok
19:12:46.0190 5496 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:12:46.0191 5496 atapi - ok
19:12:46.0239 5496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:12:46.0250 5496 AudioEndpointBuilder - ok
19:12:46.0263 5496 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:12:46.0268 5496 AudioSrv - ok
19:12:46.0446 5496 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:12:46.0563 5496 AVGIDSAgent - ok
19:12:46.0592 5496 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
19:12:46.0593 5496 AVGIDSDriver - ok
19:12:46.0607 5496 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
19:12:46.0608 5496 AVGIDSFilter - ok
19:12:46.0659 5496 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
19:12:46.0660 5496 AVGIDSHA - ok
19:12:46.0696 5496 [ 59955B4C288DD2A8B9FD2CD5158355C5 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
19:12:46.0699 5496 Avgldx64 - ok
19:12:46.0717 5496 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
19:12:46.0718 5496 Avgmfx64 - ok
19:12:46.0760 5496 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
19:12:46.0761 5496 Avgrkx64 - ok
19:12:46.0799 5496 [ 1BEE674AD792B1C63BB0DAC5FA724B23 ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
19:12:46.0803 5496 Avgtdia - ok
19:12:46.0841 5496 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:12:46.0844 5496 avgwd - ok
19:12:46.0902 5496 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:12:46.0905 5496 AxInstSV - ok
19:12:46.0958 5496 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:12:46.0964 5496 b06bdrv - ok
19:12:46.0998 5496 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:12:47.0002 5496 b57nd60a - ok
19:12:47.0115 5496 [ 63DD9C990883709053DD2C427DF0DB6F ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
19:12:47.0157 5496 BCM43XX - ok
19:12:47.0190 5496 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:12:47.0192 5496 BDESVC - ok
19:12:47.0224 5496 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:12:47.0225 5496 Beep - ok
19:12:47.0303 5496 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:12:47.0315 5496 BFE - ok
19:12:47.0347 5496 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:12:47.0410 5496 BITS - ok
19:12:47.0454 5496 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:12:47.0455 5496 blbdrive - ok
19:12:47.0550 5496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:12:47.0556 5496 Bonjour Service - ok
19:12:47.0616 5496 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:12:47.0617 5496 bowser - ok
19:12:47.0646 5496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:12:47.0648 5496 BrFiltLo - ok
19:12:47.0672 5496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:12:47.0672 5496 BrFiltUp - ok
19:12:47.0717 5496 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:12:47.0721 5496 Browser - ok
19:12:47.0741 5496 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:12:47.0745 5496 Brserid - ok
19:12:47.0765 5496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:12:47.0766 5496 BrSerWdm - ok
19:12:47.0800 5496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:12:47.0801 5496 BrUsbMdm - ok
19:12:47.0811 5496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:12:47.0812 5496 BrUsbSer - ok
19:12:47.0871 5496 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:12:47.0872 5496 BthEnum - ok
19:12:47.0898 5496 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:12:47.0900 5496 BTHMODEM - ok
19:12:47.0935 5496 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:12:47.0938 5496 BthPan - ok
19:12:48.0011 5496 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:12:48.0019 5496 BTHPORT - ok
19:12:48.0059 5496 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:12:48.0062 5496 bthserv - ok
19:12:48.0103 5496 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:12:48.0105 5496 BTHUSB - ok
19:12:48.0156 5496 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
19:12:48.0161 5496 btwampfl - ok
19:12:48.0173 5496 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:12:48.0175 5496 btwaudio - ok
19:12:48.0215 5496 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
19:12:48.0217 5496 btwavdt - ok
19:12:48.0276 5496 [ 6A667ADAD3C2151131E6A478850762BE ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
19:12:48.0290 5496 btwdins - ok
19:12:48.0319 5496 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:12:48.0320 5496 btwl2cap - ok
19:12:48.0330 5496 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:12:48.0331 5496 btwrchid - ok
19:12:48.0353 5496 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:12:48.0355 5496 cdfs - ok
19:12:48.0414 5496 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
19:12:48.0417 5496 cdrom - ok
19:12:48.0469 5496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:12:48.0471 5496 CertPropSvc - ok
19:12:48.0512 5496 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:12:48.0514 5496 circlass - ok
19:12:48.0544 5496 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:12:48.0550 5496 CLFS - ok
19:12:48.0606 5496 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:48.0620 5496 clr_optimization_v2.0.50727_32 - ok
19:12:48.0644 5496 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:12:48.0647 5496 clr_optimization_v2.0.50727_64 - ok
19:12:48.0743 5496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:12:48.0783 5496 clr_optimization_v4.0.30319_32 - ok
19:12:48.0805 5496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:12:48.0821 5496 clr_optimization_v4.0.30319_64 - ok
19:12:48.0853 5496 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:12:48.0854 5496 CmBatt - ok
19:12:48.0870 5496 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:12:48.0871 5496 cmdide - ok
19:12:48.0918 5496 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:12:48.0925 5496 CNG - ok
19:12:48.0953 5496 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:12:48.0954 5496 Compbatt - ok
19:12:48.0996 5496 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:12:48.0997 5496 CompositeBus - ok
19:12:49.0008 5496 COMSysApp - ok
19:12:49.0029 5496 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:12:49.0030 5496 crcdisk - ok
19:12:49.0089 5496 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
19:12:49.0094 5496 CryptSvc - ok
19:12:49.0153 5496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:12:49.0163 5496 DcomLaunch - ok
19:12:49.0189 5496 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:12:49.0194 5496 defragsvc - ok
19:12:49.0247 5496 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:12:49.0249 5496 DfsC - ok
19:12:49.0297 5496 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
19:12:49.0299 5496 dg_ssudbus - ok
19:12:49.0370 5496 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:12:49.0376 5496 Dhcp - ok
19:12:49.0409 5496 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:12:49.0410 5496 discache - ok
19:12:49.0427 5496 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
19:12:49.0429 5496 Disk - ok
19:12:49.0465 5496 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:12:49.0470 5496 Dnscache - ok
19:12:49.0508 5496 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:12:49.0513 5496 dot3svc - ok
19:12:49.0562 5496 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:12:49.0566 5496 DPS - ok
19:12:49.0603 5496 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:12:49.0604 5496 drmkaud - ok
19:12:49.0669 5496 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:12:49.0685 5496 DXGKrnl - ok
19:12:49.0706 5496 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:12:49.0710 5496 EapHost - ok
19:12:49.0820 5496 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:12:49.0854 5496 ebdrv - ok
19:12:49.0893 5496 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:12:49.0896 5496 EFS - ok
19:12:49.0974 5496 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:12:49.0985 5496 ehRecvr - ok
19:12:50.0016 5496 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:12:50.0020 5496 ehSched - ok
19:12:50.0090 5496 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:12:50.0097 5496 elxstor - ok
19:12:50.0111 5496 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:12:50.0112 5496 ErrDev - ok
19:12:50.0184 5496 [ ACE57D5012B00971CCE04C61CFEEFAE6 ] ETD C:\windows\system32\DRIVERS\ETD.sys
19:12:50.0186 5496 ETD - ok
19:12:50.0234 5496 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:12:50.0241 5496 EventSystem - ok
19:12:50.0263 5496 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:12:50.0265 5496 exfat - ok
19:12:50.0303 5496 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:12:50.0306 5496 fastfat - ok
19:12:50.0365 5496 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:12:50.0377 5496 Fax - ok
19:12:50.0392 5496 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:12:50.0393 5496 fdc - ok
19:12:50.0437 5496 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:12:50.0439 5496 fdPHost - ok
19:12:50.0454 5496 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:12:50.0456 5496 FDResPub - ok
19:12:50.0485 5496 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:12:50.0486 5496 FileInfo - ok
19:12:50.0505 5496 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:12:50.0506 5496 Filetrace - ok
19:12:50.0523 5496 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:12:50.0524 5496 flpydisk - ok
19:12:50.0575 5496 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:12:50.0579 5496 FltMgr - ok
19:12:50.0646 5496 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
19:12:50.0664 5496 FontCache - ok
19:12:50.0730 5496 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:12:50.0733 5496 FontCache3.0.0.0 - ok
19:12:50.0750 5496 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:12:50.0751 5496 FsDepends - ok
19:12:50.0778 5496 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:12:50.0779 5496 Fs_Rec - ok
19:12:50.0830 5496 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:12:50.0833 5496 fvevol - ok
19:12:50.0865 5496 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:12:50.0866 5496 gagp30kx - ok
19:12:50.0929 5496 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
19:12:50.0933 5496 GameConsoleService - ok
19:12:50.0985 5496 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:12:50.0986 5496 GEARAspiWDM - ok
19:12:51.0047 5496 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:12:51.0060 5496 gpsvc - ok
19:12:51.0089 5496 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:12:51.0090 5496 hcw85cir - ok
19:12:51.0145 5496 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:12:51.0150 5496 HdAudAddService - ok
19:12:51.0207 5496 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:12:51.0210 5496 HDAudBus - ok
19:12:51.0243 5496 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:12:51.0244 5496 HECIx64 - ok
19:12:51.0279 5496 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:12:51.0280 5496 HidBatt - ok
19:12:51.0298 5496 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:12:51.0299 5496 HidBth - ok
19:12:51.0321 5496 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:12:51.0323 5496 HidIr - ok
19:12:51.0340 5496 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:12:51.0343 5496 hidserv - ok
19:12:51.0389 5496 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
19:12:51.0390 5496 HidUsb - ok
19:12:51.0432 5496 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:12:51.0436 5496 hkmsvc - ok
19:12:51.0497 5496 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:12:51.0503 5496 HomeGroupListener - ok
19:12:51.0540 5496 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:12:51.0546 5496 HomeGroupProvider - ok
19:12:51.0591 5496 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:12:51.0592 5496 HpSAMD - ok
19:12:51.0657 5496 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:12:51.0668 5496 HTTP - ok
19:12:51.0710 5496 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:12:51.0711 5496 hwpolicy - ok
19:12:51.0753 5496 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:12:51.0755 5496 i8042prt - ok
19:12:51.0806 5496 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:12:51.0812 5496 iaStor - ok
19:12:51.0862 5496 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:12:51.0868 5496 iaStorV - ok
19:12:51.0930 5496 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:12:51.0943 5496 idsvc - ok
19:12:52.0173 5496 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:12:52.0377 5496 igfx - ok
19:12:52.0400 5496 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:12:52.0400 5496 iirsp - ok
19:12:52.0457 5496 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:12:52.0471 5496 IKEEXT - ok
19:12:52.0515 5496 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
19:12:52.0517 5496 Impcd - ok
19:12:52.0611 5496 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:12:52.0636 5496 IntcAzAudAddService - ok
19:12:52.0694 5496 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:12:52.0698 5496 IntcDAud - ok
19:12:52.0739 5496 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:12:52.0740 5496 intelide - ok
19:12:52.0775 5496 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:12:52.0777 5496 intelppm - ok
19:12:52.0809 5496 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:12:52.0812 5496 IPBusEnum - ok
19:12:52.0855 5496 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:12:52.0856 5496 IpFilterDriver - ok
19:12:52.0914 5496 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:12:52.0923 5496 iphlpsvc - ok
19:12:52.0973 5496 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:12:52.0974 5496 IPMIDRV - ok
19:12:53.0008 5496 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:12:53.0009 5496 IPNAT - ok
19:12:53.0072 5496 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:12:53.0085 5496 iPod Service - ok
19:12:53.0128 5496 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:12:53.0128 5496 IRENUM - ok
19:12:53.0162 5496 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:12:53.0163 5496 isapnp - ok
19:12:53.0206 5496 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:12:53.0210 5496 iScsiPrt - ok
19:12:53.0236 5496 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
19:12:53.0237 5496 kbdclass - ok
19:12:53.0290 5496 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:12:53.0291 5496 kbdhid - ok
19:12:53.0305 5496 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:12:53.0307 5496 KeyIso - ok
19:12:53.0349 5496 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:12:53.0351 5496 KSecDD - ok
19:12:53.0373 5496 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:12:53.0375 5496 KSecPkg - ok
19:12:53.0411 5496 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:12:53.0412 5496 ksthunk - ok
19:12:53.0444 5496 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:12:53.0451 5496 KtmRm - ok
19:12:53.0506 5496 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:12:53.0513 5496 LanmanServer - ok
19:12:53.0567 5496 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:12:53.0571 5496 LanmanWorkstation - ok
19:12:53.0608 5496 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:12:53.0608 5496 lltdio - ok
19:12:53.0635 5496 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:12:53.0640 5496 lltdsvc - ok
19:12:53.0670 5496 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:12:53.0672 5496 lmhosts - ok
19:12:53.0792 5496 [ 85C7497997BA8B7C1728B12199616747 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:12:53.0797 5496 LMS - ok
19:12:53.0828 5496 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:12:53.0831 5496 LSI_FC - ok
19:12:53.0845 5496 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:12:53.0847 5496 LSI_SAS - ok
19:12:53.0866 5496 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:12:53.0867 5496 LSI_SAS2 - ok
19:12:53.0888 5496 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:12:53.0889 5496 LSI_SCSI - ok
19:12:53.0914 5496 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:12:53.0916 5496 luafv - ok
19:12:53.0965 5496 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:12:53.0969 5496 Mcx2Svc - ok
19:12:53.0982 5496 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:12:53.0983 5496 megasas - ok
19:12:54.0023 5496 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:12:54.0027 5496 MegaSR - ok
19:12:54.0060 5496 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:12:54.0064 5496 MMCSS - ok
19:12:54.0077 5496 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:12:54.0078 5496 Modem - ok
19:12:54.0111 5496 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:12:54.0112 5496 monitor - ok
19:12:54.0156 5496 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
19:12:54.0158 5496 mouclass - ok
19:12:54.0188 5496 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:12:54.0189 5496 mouhid - ok
19:12:54.0229 5496 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:12:54.0231 5496 mountmgr - ok
19:12:54.0255 5496 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:12:54.0257 5496 mpio - ok
19:12:54.0264 5496 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:12:54.0266 5496 mpsdrv - ok
19:12:54.0312 5496 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:12:54.0326 5496 MpsSvc - ok
19:12:54.0374 5496 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:12:54.0376 5496 MRxDAV - ok
19:12:54.0413 5496 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:12:54.0416 5496 mrxsmb - ok
19:12:54.0443 5496 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:12:54.0447 5496 mrxsmb10 - ok
19:12:54.0482 5496 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:12:54.0484 5496 mrxsmb20 - ok
19:12:54.0528 5496 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:12:54.0529 5496 msahci - ok
19:12:54.0553 5496 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:12:54.0555 5496 msdsm - ok
19:12:54.0569 5496 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:12:54.0573 5496 MSDTC - ok
19:12:54.0603 5496 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:12:54.0604 5496 Msfs - ok
19:12:54.0625 5496 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:12:54.0626 5496 mshidkmdf - ok
19:12:54.0668 5496 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:12:54.0669 5496 msisadrv - ok
19:12:54.0697 5496 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:12:54.0702 5496 MSiSCSI - ok
19:12:54.0707 5496 msiserver - ok
19:12:54.0744 5496 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:12:54.0745 5496 MSKSSRV - ok
19:12:54.0761 5496 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:12:54.0762 5496 MSPCLOCK - ok
19:12:54.0766 5496 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:12:54.0767 5496 MSPQM - ok
19:12:54.0809 5496 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:12:54.0814 5496 MsRPC - ok
19:12:54.0861 5496 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:12:54.0862 5496 mssmbios - ok
19:12:54.0943 5496 MSSQL$SQLEXPRESS - ok
19:12:55.0024 5496 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
19:12:55.0027 5496 MSSQLServerADHelper100 - ok
19:12:55.0071 5496 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:12:55.0072 5496 MSTEE - ok
19:12:55.0088 5496 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:12:55.0089 5496 MTConfig - ok
19:12:55.0114 5496 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:12:55.0115 5496 Mup - ok
19:12:55.0159 5496 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:12:55.0169 5496 napagent - ok
19:12:55.0235 5496 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:12:55.0240 5496 NativeWifiP - ok
19:12:55.0311 5496 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
19:12:55.0325 5496 NDIS - ok
19:12:55.0354 5496 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:12:55.0355 5496 NdisCap - ok
19:12:55.0388 5496 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:12:55.0389 5496 NdisTapi - ok
19:12:55.0426 5496 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:12:55.0427 5496 Ndisuio - ok
19:12:55.0475 5496 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:12:55.0478 5496 NdisWan - ok
19:12:55.0509 5496 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:12:55.0510 5496 NDProxy - ok
19:12:55.0544 5496 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:12:55.0545 5496 NetBIOS - ok
19:12:55.0611 5496 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:12:55.0615 5496 NetBT - ok
19:12:55.0627 5496 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:12:55.0629 5496 Netlogon - ok
19:12:55.0684 5496 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:12:55.0692 5496 Netman - ok
19:12:55.0753 5496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:55.0757 5496 NetMsmqActivator - ok
19:12:55.0763 5496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:55.0765 5496 NetPipeActivator - ok
19:12:55.0803 5496 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:12:55.0812 5496 netprofm - ok
19:12:55.0842 5496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:55.0844 5496 NetTcpActivator - ok
19:12:55.0851 5496 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:12:55.0854 5496 NetTcpPortSharing - ok
19:12:55.0883 5496 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:12:55.0884 5496 nfrd960 - ok
19:12:55.0947 5496 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
19:12:55.0954 5496 NlaSvc - ok
19:12:55.0966 5496 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:12:55.0967 5496 Npfs - ok
19:12:55.0986 5496 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:12:55.0989 5496 nsi - ok
19:12:55.0997 5496 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:12:55.0998 5496 nsiproxy - ok
19:12:56.0071 5496 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:12:56.0093 5496 Ntfs - ok
19:12:56.0126 5496 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:12:56.0126 5496 Null - ok
19:12:56.0405 5496 [ FBE6AC1C3591CB67543FAD15ABD26BCB ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
19:12:56.0678 5496 nvlddmkm - ok
19:12:56.0712 5496 [ 680C5BAF7D0190B1485068FC4BA75F1C ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
19:12:56.0713 5496 nvpciflt - ok
19:12:56.0740 5496 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:12:56.0743 5496 nvraid - ok
19:12:56.0765 5496 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:12:56.0768 5496 nvstor - ok
19:12:56.0821 5496 [ 147B0D17255FD796F990CC6F745605C5 ] nvsvc C:\windows\system32\nvvsvc.exe
19:12:56.0837 5496 nvsvc - ok
19:12:56.0928 5496 [ 812BF9531C827E1D8029843CDDB2B5D6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:12:56.0951 5496 nvUpdatusService - ok
19:12:57.0004 5496 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:12:57.0006 5496 nv_agp - ok
19:12:57.0025 5496 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:12:57.0027 5496 ohci1394 - ok
19:12:57.0148 5496 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:12:57.0169 5496 ose64 - ok
19:12:57.0315 5496 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:12:57.0425 5496 osppsvc - ok
19:12:57.0457 5496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:12:57.0462 5496 p2pimsvc - ok
19:12:57.0480 5496 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:12:57.0485 5496 p2psvc - ok
19:12:57.0525 5496 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:12:57.0525 5496 Parport - ok
19:12:57.0549 5496 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:12:57.0549 5496 partmgr - ok
19:12:57.0594 5496 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:12:57.0600 5496 PcaSvc - ok
19:12:57.0635 5496 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:12:57.0638 5496 pci - ok
19:12:57.0656 5496 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:12:57.0657 5496 pciide - ok
19:12:57.0681 5496 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:12:57.0684 5496 pcmcia - ok
19:12:57.0708 5496 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:12:57.0710 5496 pcw - ok
19:12:57.0738 5496 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:12:57.0747 5496 PEAUTH - ok
19:12:57.0826 5496 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:12:57.0830 5496 PerfHost - ok
19:12:57.0906 5496 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:12:57.0927 5496 pla - ok
19:12:57.0975 5496 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:12:57.0984 5496 PlugPlay - ok
19:12:58.0018 5496 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:12:58.0021 5496 PNRPAutoReg - ok
19:12:58.0058 5496 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:12:58.0062 5496 PNRPsvc - ok
19:12:58.0106 5496 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:12:58.0113 5496 PolicyAgent - ok
19:12:58.0142 5496 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:12:58.0147 5496 Power - ok
19:12:58.0208 5496 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:12:58.0210 5496 PptpMiniport - ok
19:12:58.0235 5496 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
19:12:58.0237 5496 Processor - ok
19:12:58.0288 5496 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:12:58.0294 5496 ProfSvc - ok
19:12:58.0305 5496 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:12:58.0307 5496 ProtectedStorage - ok
19:12:58.0361 5496 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:12:58.0364 5496 Psched - ok
19:12:58.0415 5496 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:12:58.0436 5496 ql2300 - ok
19:12:58.0476 5496 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:12:58.0479 5496 ql40xx - ok
19:12:58.0510 5496 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:12:58.0517 5496 QWAVE - ok
19:12:58.0532 5496 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:12:58.0534 5496 QWAVEdrv - ok
19:12:58.0550 5496 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:12:58.0551 5496 RasAcd - ok
19:12:58.0589 5496 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:12:58.0590 5496 RasAgileVpn - ok
19:12:58.0618 5496 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:12:58.0623 5496 RasAuto - ok
19:12:58.0666 5496 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:12:58.0668 5496 Rasl2tp - ok
19:12:58.0687 5496 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:12:58.0695 5496 RasMan - ok
19:12:58.0721 5496 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:12:58.0723 5496 RasPppoe - ok
19:12:58.0735 5496 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:12:58.0737 5496 RasSstp - ok
19:12:58.0782 5496 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:12:58.0786 5496 rdbss - ok
19:12:58.0797 5496 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:12:58.0798 5496 rdpbus - ok
19:12:58.0828 5496 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:12:58.0829 5496 RDPCDD - ok
19:12:58.0847 5496 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:12:58.0848 5496 RDPENCDD - ok
19:12:58.0871 5496 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:12:58.0872 5496 RDPREFMP - ok
19:12:58.0919 5496 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:12:58.0922 5496 RDPWD - ok
19:12:58.0983 5496 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:12:58.0986 5496 rdyboost - ok
19:12:59.0018 5496 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:12:59.0022 5496 RemoteAccess - ok
19:12:59.0049 5496 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:12:59.0055 5496 RemoteRegistry - ok
19:12:59.0100 5496 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:12:59.0102 5496 RFCOMM - ok
19:12:59.0175 5496 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:12:59.0181 5496 RichVideo - ok
19:12:59.0219 5496 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:12:59.0223 5496 RpcEptMapper - ok
19:12:59.0247 5496 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:12:59.0250 5496 RpcLocator - ok
19:12:59.0298 5496 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:12:59.0306 5496 RpcSs - ok
19:12:59.0356 5496 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\windows\system32\DRIVERS\RsFx0103.sys
19:12:59.0361 5496 RsFx0103 - ok
19:12:59.0407 5496 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:12:59.0409 5496 rspndr - ok
19:12:59.0436 5496 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:12:59.0439 5496 RTL8167 - ok
19:12:59.0473 5496 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
19:12:59.0474 5496 SABI - ok
19:12:59.0483 5496 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:12:59.0485 5496 SamSs - ok
19:12:59.0538 5496 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
19:12:59.0544 5496 Samsung UPD Service - ok
19:12:59.0600 5496 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:12:59.0601 5496 sbp2port - ok
19:12:59.0645 5496 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:12:59.0651 5496 SCardSvr - ok
19:12:59.0684 5496 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:12:59.0686 5496 scfilter - ok
19:12:59.0738 5496 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:12:59.0757 5496 Schedule - ok
19:12:59.0803 5496 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:12:59.0804 5496 SCPolicySvc - ok
19:12:59.0846 5496 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:12:59.0852 5496 SDRSVC - ok
19:12:59.0896 5496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:12:59.0898 5496 secdrv - ok
19:12:59.0940 5496 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:12:59.0944 5496 seclogon - ok
19:12:59.0976 5496 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:12:59.0980 5496 SENS - ok
19:13:00.0013 5496 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:13:00.0017 5496 SensrSvc - ok
19:13:00.0064 5496 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:13:00.0065 5496 Serenum - ok
19:13:00.0087 5496 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:13:00.0089 5496 Serial - ok
19:13:00.0102 5496 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:13:00.0103 5496 sermouse - ok
19:13:00.0146 5496 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:13:00.0149 5496 SessionEnv - ok
19:13:00.0187 5496 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:13:00.0188 5496 sffdisk - ok
19:13:00.0206 5496 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:13:00.0207 5496 sffp_mmc - ok
19:13:00.0217 5496 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:13:00.0218 5496 sffp_sd - ok
19:13:00.0249 5496 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:13:00.0250 5496 sfloppy - ok
19:13:00.0338 5496 [ 43ADBE70270DFD40EBDA4DD0E492B5FB ] SgtSch2Svc C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
19:13:00.0348 5496 SgtSch2Svc - ok
19:13:00.0375 5496 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:13:00.0380 5496 SharedAccess - ok
19:13:00.0432 5496 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:13:00.0441 5496 ShellHWDetection - ok
19:13:00.0461 5496 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:13:00.0462 5496 SiSRaid2 - ok
19:13:00.0495 5496 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:13:00.0497 5496 SiSRaid4 - ok
19:13:00.0554 5496 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:13:00.0558 5496 SkypeUpdate - ok
19:13:00.0592 5496 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:13:00.0594 5496 Smb - ok
19:13:00.0653 5496 [ 8AC15211EB4BF019AAB0022781CC8AD0 ] snapman C:\windows\system32\DRIVERS\snapman.sys
19:13:00.0656 5496 snapman - ok
19:13:00.0689 5496 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:13:00.0692 5496 SNMPTRAP - ok
19:13:00.0722 5496 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:13:00.0724 5496 spldr - ok
19:13:00.0780 5496 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:13:00.0791 5496 Spooler - ok
19:13:00.0902 5496 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:13:00.0994 5496 sppsvc - ok
19:13:01.0019 5496 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:13:01.0021 5496 sppuinotify - ok
19:13:01.0063 5496 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
19:13:01.0076 5496 SQLAgent$SQLEXPRESS - ok
19:13:01.0187 5496 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:13:01.0192 5496 SQLBrowser - ok
19:13:01.0278 5496 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:13:01.0282 5496 SQLWriter - ok
19:13:01.0318 5496 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:13:01.0325 5496 srv - ok
19:13:01.0344 5496 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:13:01.0350 5496 srv2 - ok
19:13:01.0363 5496 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:13:01.0366 5496 srvnet - ok
19:13:01.0417 5496 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:13:01.0423 5496 SSDPSRV - ok
19:13:01.0434 5496 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:13:01.0439 5496 SstpSvc - ok
19:13:01.0486 5496 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
19:13:01.0489 5496 ssudmdm - ok
19:13:01.0513 5496 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:13:01.0514 5496 stexstor - ok
19:13:01.0541 5496 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
19:13:01.0542 5496 StillCam - ok
19:13:01.0622 5496 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:13:01.0634 5496 stisvc - ok
19:13:01.0672 5496 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
19:13:01.0673 5496 swenum - ok
19:13:01.0706 5496 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:13:01.0717 5496 swprv - ok
19:13:01.0794 5496 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:13:01.0822 5496 SysMain - ok
19:13:01.0858 5496 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:13:01.0861 5496 TabletInputService - ok
19:13:01.0884 5496 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:13:01.0892 5496 TapiSrv - ok
19:13:01.0924 5496 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:13:01.0929 5496 TBS - ok
19:13:02.0039 5496 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:13:02.0061 5496 Tcpip - ok
19:13:02.0127 5496 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:13:02.0141 5496 TCPIP6 - ok
19:13:02.0179 5496 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:13:02.0180 5496 tcpipreg - ok
19:13:02.0220 5496 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:13:02.0221 5496 TDPIPE - ok
19:13:02.0263 5496 [ AC1FC18D04B92BAC16CBD85DE2A08A0B ] tdrpman C:\windows\system32\DRIVERS\tdrpman.sys
19:13:02.0270 5496 tdrpman - ok
19:13:02.0306 5496 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:13:02.0307 5496 TDTCP - ok
19:13:02.0350 5496 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:13:02.0352 5496 tdx - ok
19:13:02.0391 5496 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
19:13:02.0392 5496 TermDD - ok
19:13:02.0444 5496 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:13:02.0456 5496 TermService - ok
19:13:02.0490 5496 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:13:02.0493 5496 Themes - ok
19:13:02.0516 5496 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:13:02.0518 5496 THREADORDER - ok
19:13:02.0559 5496 [ 3E24B7FE52BC455DA8D6E2CC2B4CA23F ] tifsfilter C:\windows\system32\DRIVERS\tifsfilt.sys
19:13:02.0560 5496 tifsfilter - ok
19:13:02.0590 5496 [ EC4FD4D147985A97E881729E808E6F34 ] timounter C:\windows\system32\DRIVERS\timntr.sys
19:13:02.0600 5496 timounter - ok
19:13:02.0630 5496 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:13:02.0633 5496 TrkWks - ok
19:13:02.0714 5496 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:13:02.0718 5496 TrustedInstaller - ok
19:13:02.0759 5496 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:13:02.0760 5496 tssecsrv - ok
19:13:02.0811 5496 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:13:02.0812 5496 TsUsbFlt - ok
19:13:02.0865 5496 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:13:02.0867 5496 tunnel - ok
19:13:02.0929 5496 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys
19:13:02.0930 5496 TurboB - ok
19:13:03.0016 5496 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:13:03.0019 5496 TurboBoost - ok
19:13:03.0045 5496 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:13:03.0047 5496 uagp35 - ok
19:13:03.0095 5496 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:13:03.0100 5496 udfs - ok
19:13:03.0133 5496 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:13:03.0137 5496 UI0Detect - ok
19:13:03.0160 5496 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:13:03.0161 5496 uliagpkx - ok
19:13:03.0212 5496 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:13:03.0213 5496 umbus - ok
19:13:03.0239 5496 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:13:03.0240 5496 UmPass - ok
19:13:03.0367 5496 [ 4735B3050C0D6F9DC571451298C54FA0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:13:03.0398 5496 UNS - ok
19:13:03.0431 5496 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:13:03.0437 5496 upnphost - ok
19:13:03.0481 5496 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
19:13:03.0482 5496 USBAAPL64 - ok
19:13:03.0511 5496 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:13:03.0513 5496 usbccgp - ok
19:13:03.0567 5496 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:13:03.0568 5496 usbcir - ok
19:13:03.0586 5496 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
19:13:03.0588 5496 usbehci - ok
19:13:03.0632 5496 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:13:03.0636 5496 usbhub - ok
19:13:03.0666 5496 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:13:03.0667 5496 usbohci - ok
19:13:03.0693 5496 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:13:03.0694 5496 usbprint - ok
19:13:03.0714 5496 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:13:03.0716 5496 USBSTOR - ok
19:13:03.0734 5496 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:13:03.0735 5496 usbuhci - ok
19:13:03.0793 5496 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:13:03.0795 5496 usbvideo - ok
19:13:03.0818 5496 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:13:03.0821 5496 UxSms - ok
19:13:03.0849 5496 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:13:03.0851 5496 VaultSvc - ok
19:13:03.0878 5496 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:13:03.0879 5496 vdrvroot - ok
19:13:03.0924 5496 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:13:03.0934 5496 vds - ok
19:13:03.0962 5496 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:13:03.0963 5496 vga - ok
19:13:03.0979 5496 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:13:03.0980 5496 VgaSave - ok
19:13:04.0031 5496 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:13:04.0034 5496 vhdmp - ok
19:13:04.0066 5496 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:13:04.0067 5496 viaide - ok
19:13:04.0087 5496 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:13:04.0089 5496 volmgr - ok
19:13:04.0143 5496 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:13:04.0149 5496 volmgrx - ok
19:13:04.0194 5496 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:13:04.0199 5496 volsnap - ok
19:13:04.0229 5496 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:13:04.0232 5496 vsmraid - ok
19:13:04.0305 5496 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:13:04.0331 5496 VSS - ok
19:13:04.0345 5496 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:13:04.0346 5496 vwifibus - ok
19:13:04.0373 5496 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:13:04.0374 5496 vwififlt - ok
19:13:04.0408 5496 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:13:04.0414 5496 W32Time - ok
19:13:04.0433 5496 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:13:04.0434 5496 WacomPen - ok
19:13:04.0491 5496 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:13:04.0492 5496 WANARP - ok
19:13:04.0497 5496 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:13:04.0498 5496 Wanarpv6 - ok
19:13:04.0554 5496 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:13:04.0573 5496 WatAdminSvc - ok
19:13:04.0650 5496 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:13:04.0674 5496 wbengine - ok
19:13:04.0701 5496 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:13:04.0706 5496 WbioSrvc - ok
19:13:04.0746 5496 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:13:04.0755 5496 wcncsvc - ok
19:13:04.0769 5496 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:13:04.0773 5496 WcsPlugInService - ok
19:13:04.0809 5496 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
19:13:04.0810 5496 Wd - ok
19:13:04.0846 5496 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:13:04.0855 5496 Wdf01000 - ok
19:13:04.0868 5496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:13:04.0872 5496 WdiServiceHost - ok
19:13:04.0878 5496 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:13:04.0883 5496 WdiSystemHost - ok
19:13:04.0933 5496 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:13:04.0940 5496 WebClient - ok
19:13:04.0977 5496 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:13:04.0984 5496 Wecsvc - ok
19:13:05.0005 5496 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:13:05.0010 5496 wercplsupport - ok
19:13:05.0047 5496 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:13:05.0051 5496 WerSvc - ok
19:13:05.0096 5496 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:13:05.0097 5496 WfpLwf - ok
19:13:05.0115 5496 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:13:05.0116 5496 WIMMount - ok
19:13:05.0143 5496 WinDefend - ok
19:13:05.0154 5496 WinHttpAutoProxySvc - ok
19:13:05.0220 5496 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:13:05.0224 5496 Winmgmt - ok
19:13:05.0311 5496 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:13:05.0342 5496 WinRM - ok
19:13:05.0385 5496 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:13:05.0386 5496 WinUsb - ok
19:13:05.0437 5496 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:13:05.0453 5496 Wlansvc - ok
19:13:05.0506 5496 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:13:05.0508 5496 wlcrasvc - ok
19:13:05.0646 5496 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:13:05.0677 5496 wlidsvc - ok
19:13:05.0727 5496 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:13:05.0728 5496 WmiAcpi - ok
19:13:05.0764 5496 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:13:05.0768 5496 wmiApSrv - ok
19:13:05.0799 5496 WMPNetworkSvc - ok
19:13:05.0838 5496 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:13:05.0843 5496 WPCSvc - ok
19:13:05.0882 5496 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:13:05.0887 5496 WPDBusEnum - ok
19:13:05.0909 5496 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:13:05.0910 5496 ws2ifsl - ok
19:13:05.0937 5496 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:13:05.0942 5496 wscsvc - ok
19:13:05.0947 5496 WSearch - ok
19:13:06.0043 5496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:13:06.0077 5496 wuauserv - ok
19:13:06.0091 5496 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:13:06.0093 5496 WudfPf - ok
19:13:06.0149 5496 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:13:06.0152 5496 WUDFRd - ok
19:13:06.0190 5496 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:13:06.0194 5496 wudfsvc - ok
19:13:06.0234 5496 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:13:06.0240 5496 WwanSvc - ok
19:13:06.0286 5496 [ 918CFCDBB6C297C53788B926954DA907 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
19:13:06.0292 5496 yukonw7 - ok
19:13:06.0335 5496 ================ Scan global ===============================
19:13:06.0353 5496 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:13:06.0383 5496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:13:06.0395 5496 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
19:13:06.0416 5496 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:13:06.0445 5496 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:13:06.0452 5496 [Global] - ok
19:13:06.0453 5496 ================ Scan MBR ==================================
19:13:06.0473 5496 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
19:13:06.0961 5496 \Device\Harddisk0\DR0 - ok
19:13:06.0966 5496 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR3
19:13:07.0170 5496 \Device\Harddisk1\DR3 - ok
19:13:07.0171 5496 ================ Scan VBR ==================================
19:13:07.0197 5496 [ FE4B52C0C4A335F8C4E8BDE08F92ED7A ] \Device\Harddisk0\DR0\Partition1
19:13:07.0199 5496 \Device\Harddisk0\DR0\Partition1 - ok
19:13:07.0242 5496 [ CC97CF250262CCD8836B22A8EAD4DABB ] \Device\Harddisk0\DR0\Partition2
19:13:07.0244 5496 \Device\Harddisk0\DR0\Partition2 - ok
19:13:07.0271 5496 [ 2A50D13E156B5C6AA2447238AAEE6E1C ] \Device\Harddisk0\DR0\Partition3
19:13:07.0273 5496 \Device\Harddisk0\DR0\Partition3 - ok
19:13:07.0278 5496 [ 61FB8E2C3681A840BA9D46617D6E8FC4 ] \Device\Harddisk1\DR3\Partition1
19:13:07.0280 5496 \Device\Harddisk1\DR3\Partition1 - ok
19:13:07.0280 5496 ============================================================
19:13:07.0280 5496 Scan finished
19:13:07.0281 5496 ============================================================
19:13:07.0294 4584 Detected object count: 0
19:13:07.0294 4584 Actual detected object count: 0
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
I ran the online eset scan (took about 3 hours) and ensured remove threats wasnt checked and also didnt check uninstall program (eset).
I saw on screen that infected files had been found and Ive navigated to log.txt file in C Program files (86) as above and all it says is:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Guessing this hasnt written correctly ?
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Do this:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
    esetListThreats.png
  11. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the
    esetBack.png
    button.
  13. Push
    esetFinish.png
 

My Computer My Computer

At a glance

Windows 7 Ultimate 32bit SP1Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz4 GBATI Radeon HD 2600 Pro
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Bruce ... somewhere in his 40's
OS
Windows 7 Ultimate 32bit SP1
CPU
Intel(R) Core(TM)2 Quad CPU @ 2.40GHz, 2400 MHz
Motherboard
INTEL/D975XBX2
Memory
4 GB
Graphics Card(s)
ATI Radeon HD 2600 Pro
Monitor(s) Displays
Samsung SyncMaster 914v
Screen Resolution
1280 x 1024
Hard Drives
2/500GB each ... ST3500630AS ATA Device.
One is not connected
PSU
Rocketfish 700 W
Case
G.Skill Gigabyte Chassis
Keyboard
Standard PS/2 Keyboard
Mouse
Microsoft PS/2 Mouse
Internet Speed
DSL
Antivirus
Avira Internet Security
Browser
IE 11
Other Info
ATI HDMI Audio
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_32_5p83tu.dll a variant of Win32/Bunndle application
C:\Users\darren\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\3cf74096-6967d5e6 Java/Exploit.Agent.AH trojan
C:\Users\darren\AppData\Roaming\msconfig.dat Win32/LockScreen.ALY trojan
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Note: I run it with Remove Threats UNCHECKED as per first set of instructions....

Please advise if I should run again to remove?
 

My Computer My Computer

At a glance

windows 7 64 bit
OS
windows 7 64 bit
Back
Top