I'm in big trouble, please help!

koala2013 · March 10, 2013

Hello Malwarebytes experts,

As I wrote in the title, I'm desperately looking for help in order to fix my laptop OS, and I'm so glad I've found this forum!

Few days ago I've downloaded an "exe" file, I've scanned it with my McAfee Antivirus which found it "clean", so I've executed it... The exe file disappeared just after my firewall blocked it's attempt to connect to internet.

That was suspicious so I've full-scanned my HD with no result of infection... Anyway I had already son little memory dump issue using skype webcam, so I've decided to run some anti-rootkit tool (I've run McAfee, it has found something I don't remember anymore, and it has cleaned it) and then to factory-restore my laptop (I've saved all my documents in an external HD).

My laptop is a Dell XPS dated 2007 and it runs Windows Vista (no Service Pack after factory restore).

After that I've noticed I cannot update anything any more! Windows Update doesnt' work (error 80072EE7), same for Windows Defender, Microsoft Fixit!, and also McAfee, Microsoft Security Essential... and the browser gets some connection error when trying to connect to downoad.microsoft websites.

Than I've found a manual update for Microsoft Security Essential, so I've run it after downloading the "bad file" againg to test it.

The resut is that that file was infected with "TrojanDropper Win32/Sirefef.gen!B".

Than I've tried many other tools and the result is always "no infections found", but the update issue is still there!

I've even reinstalled windows for it's CD instead of using the factory restore, but nothing changed.

I've full scanned with Malwarebytes (which is the only one that successfully updated itself) and the result is that everything is clear.

I'm not using my personal accounts anymore because I'm afraid my passwords will be taken away... Please help me!

I've read the topic "I'm infected - What do I do now?" and I've downloaded both "dds.csr" and "dds.com", they are on my desktop and I've run them but I've got no logs back.... sorry.

"Koala2013"

Maurice Naggar · March 11, 2013

Hello Koala and welcome to MalwareBytes forum.

Given your notation on Serifef....

Backdoor trojan warning:ZeroAccess / Sirefef
This system has some serious backdoor trojans. ZeroAccess / Sirefef
This is a point where you need to decide about whether to make a clean start.
According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx
* Take any other steps you think appropriate for an attempted identity theft.
You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.
Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

If you decide to go ahead and attempt to squash the onboard malware, let's have you start with this:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

koala2013 · March 11, 2013

Hello Maurice, thank you for your help!

I would like to get everything clean and safe in my laptop by formatting everything.

Before finding this forum I've run factory restore already three times and I've also tried to install Vista after formatting the OS partition but I'm still infected (but with no evidence from malware tools!)

I don't have any personal or important documents in the HD, so I'm ok with the 1st choice (complete format).

May I ask your advice for this? Specially to make share that there's no residual infection.

I'll wait for your reply before attempting anything.

Thank you!

Ps: I'm changing all my passwords, thanks for the detailed "quote".

You guys are doing a great job here!

Maurice Naggar · March 12, 2013

One big issue to keep in mind and to do -before- starting the clean Windows install is to disconnect your system from the internet completely during the process. And keep it so -until after- Windows is fully back in place and you also install your Antivirus program.

Be sure to have the current antivirus-setup program saved to offline media beforehand.

IF your Windows came with a pre-packaged antivirus from the factory, you want to uninstall that.

For now, can you do this:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

koala2013 · March 12, 2013

Here the report from TDSS, it went by clean:

20:09:28.0911 2244 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:09:28.0957 2244 ============================================================
20:09:28.0957 2244 Current date / time: 2013/03/12 20:09:28.0957
20:09:28.0957 2244 SystemInfo:
20:09:28.0957 2244
20:09:28.0957 2244 OS Version: 6.0.6000 ServicePack: 0.0
20:09:28.0957 2244 Product type: Workstation
20:09:28.0957 2244 ComputerName: XPS
20:09:28.0957 2244 UserName: Anne & Yasoki
20:09:28.0957 2244 Windows directory: C:\Windows
20:09:28.0957 2244 System windows directory: C:\Windows
20:09:28.0957 2244 Processor architecture: Intel x86
20:09:28.0957 2244 Number of processors: 2
20:09:28.0957 2244 Page size: 0x1000
20:09:28.0957 2244 Boot type: Normal boot
20:09:28.0957 2244 ============================================================
20:09:29.0925 2244 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:09:29.0925 2244 ============================================================
20:09:29.0925 2244 \Device\Harddisk0\DR0:
20:09:29.0925 2244 MBR partitions:
20:09:29.0925 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37000, BlocksNum 0x1400000
20:09:29.0925 2244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1437000, BlocksNum 0xC65D000
20:09:29.0956 2244 ============================================================
20:09:30.0003 2244 C: <-> \Device\Harddisk0\DR0\Partition2
20:09:30.0034 2244 D: <-> \Device\Harddisk0\DR0\Partition1
20:09:30.0034 2244 ============================================================
20:09:30.0034 2244 Initialize success
20:09:30.0034 2244 ============================================================
20:09:42.0951 2256 ============================================================
20:09:42.0951 2256 Scan started
20:09:42.0951 2256 Mode: Manual;
20:09:42.0951 2256 ============================================================
20:09:43.0606 2256 ================ Scan system memory ========================
20:09:43.0606 2256 System memory - ok
20:09:43.0606 2256 ================ Scan services =============================
20:09:43.0699 2256 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:09:43.0965 2256 !SASCORE - ok
20:09:44.0121 2256 [ 192BDBD1540645C4A2AA69F24CCE197F ] ACPI C:\Windows\system32\drivers\acpi.sys
20:09:44.0136 2256 ACPI - ok
20:09:44.0183 2256 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:09:44.0183 2256 adp94xx - ok
20:09:44.0214 2256 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:09:44.0214 2256 adpahci - ok
20:09:44.0230 2256 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:09:44.0230 2256 adpu160m - ok
20:09:44.0245 2256 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:09:44.0245 2256 adpu320 - ok
20:09:44.0292 2256 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:09:44.0292 2256 AeLookupSvc - ok
20:09:44.0339 2256 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
20:09:44.0339 2256 AFD - ok
20:09:44.0401 2256 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:09:44.0401 2256 agp440 - ok
20:09:44.0433 2256 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:09:44.0433 2256 aic78xx - ok
20:09:44.0448 2256 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
20:09:44.0448 2256 ALG - ok
20:09:44.0479 2256 [ 5C42A992E68724D2CD3DDB4FC3B0409F ] aliide C:\Windows\system32\drivers\aliide.sys
20:09:44.0479 2256 aliide - ok
20:09:44.0511 2256 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:09:44.0511 2256 amdagp - ok
20:09:44.0526 2256 [ 849DFACDDE533DA5D1810F0CAF84EB19 ] amdide C:\Windows\system32\drivers\amdide.sys
20:09:44.0526 2256 amdide - ok
20:09:44.0526 2256 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:09:44.0526 2256 AmdK7 - ok
20:09:44.0542 2256 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:09:44.0557 2256 AmdK8 - ok
20:09:44.0651 2256 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
20:09:44.0651 2256 Appinfo - ok
20:09:44.0651 2256 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:09:44.0651 2256 arc - ok
20:09:44.0682 2256 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:09:44.0698 2256 arcsas - ok
20:09:44.0713 2256 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:44.0713 2256 AsyncMac - ok
20:09:44.0745 2256 [ 9E7E85EC61D1C9C3171CC08427108863 ] atapi C:\Windows\system32\drivers\atapi.sys
20:09:44.0745 2256 atapi - ok
20:09:44.0776 2256 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:09:44.0776 2256 AudioEndpointBuilder - ok
20:09:44.0791 2256 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:09:44.0791 2256 Audiosrv - ok
20:09:44.0823 2256 [ 32795E299C3ABA589A5E04C83D531CDF ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:09:44.0838 2256 b57nd60x - ok
20:09:44.0885 2256 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
20:09:44.0885 2256 Beep - ok
20:09:44.0932 2256 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
20:09:44.0932 2256 BFE - ok
20:09:44.0994 2256 [ 733FB484A06B9D6A44DD9CA1D3BE937B ] BITS C:\Windows\System32\qmgr.dll
20:09:44.0994 2256 BITS - ok
20:09:44.0994 2256 blbdrive - ok
20:09:45.0025 2256 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:09:45.0025 2256 bowser - ok
20:09:45.0041 2256 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:09:45.0041 2256 BrFiltLo - ok
20:09:45.0057 2256 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:09:45.0057 2256 BrFiltUp - ok
20:09:45.0072 2256 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
20:09:45.0072 2256 Browser - ok
20:09:45.0103 2256 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:09:45.0119 2256 Brserid - ok
20:09:45.0119 2256 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:09:45.0119 2256 BrSerWdm - ok
20:09:45.0135 2256 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:09:45.0135 2256 BrUsbMdm - ok
20:09:45.0150 2256 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:09:45.0150 2256 BrUsbSer - ok
20:09:45.0166 2256 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:09:45.0166 2256 BTHMODEM - ok
20:09:45.0197 2256 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:09:45.0197 2256 cdfs - ok
20:09:45.0228 2256 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:09:45.0228 2256 cdrom - ok
20:09:45.0275 2256 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
20:09:45.0275 2256 CertPropSvc - ok
20:09:45.0291 2256 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:09:45.0291 2256 circlass - ok
20:09:45.0306 2256 [ 51B4B82560E49C415AE5B1337D635C3F ] CLFS C:\Windows\system32\CLFS.sys
20:09:45.0306 2256 CLFS - ok
20:09:45.0369 2256 [ D3BF342F47996E18490970FCFB8126A8 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:45.0384 2256 clr_optimization_v2.0.50727_32 - ok
20:09:45.0415 2256 [ 0FED59EDB4A83FF17F1778827B88AB1A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:45.0415 2256 CmBatt - ok
20:09:45.0447 2256 [ DE11A06E187756ECB86CFA82DAC40FF7 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:09:45.0447 2256 cmdide - ok
20:09:45.0447 2256 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:09:45.0462 2256 Compbatt - ok
20:09:45.0462 2256 COMSysApp - ok
20:09:45.0462 2256 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:09:45.0462 2256 crcdisk - ok
20:09:45.0478 2256 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:09:45.0478 2256 Crusoe - ok
20:09:45.0509 2256 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:09:45.0509 2256 CryptSvc - ok
20:09:45.0556 2256 [ B46D8EA6DD30BAA49F674DACDC4C491F ] DcomLaunch C:\Windows\system32\rpcss.dll
20:09:45.0571 2256 DcomLaunch - ok
20:09:45.0571 2256 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:09:45.0571 2256 DfsC - ok
20:09:45.0696 2256 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
20:09:45.0743 2256 DFSR - ok
20:09:45.0805 2256 [ 17210D8064EC116A3FC6B5E45E577D43 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:09:45.0821 2256 Dhcp - ok
20:09:45.0868 2256 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
20:09:45.0868 2256 disk - ok
20:09:45.0883 2256 [ 7EF78529439683570884F9308A02EC11 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:09:45.0883 2256 Dnscache - ok
20:09:45.0915 2256 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
20:09:45.0915 2256 dot3svc - ok
20:09:45.0930 2256 [ 8EF243E3BAF1AB4F6202EDEB8890319B ] DPS C:\Windows\system32\dps.dll
20:09:45.0930 2256 DPS - ok
20:09:45.0961 2256 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:09:45.0961 2256 drmkaud - ok
20:09:46.0039 2256 [ 245F62A2AA67F4A61F10174BF1017327 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
20:09:46.0039 2256 DSBrokerService - ok
20:09:46.0086 2256 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:09:46.0086 2256 DSproct - ok
20:09:46.0102 2256 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\Windows\system32\DRIVERS\dsunidrv.sys
20:09:46.0102 2256 dsunidrv - ok
20:09:46.0164 2256 [ F032A2F91287A0B800891C7BEF9CA7A8 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:09:46.0180 2256 DXGKrnl - ok
20:09:46.0211 2256 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
20:09:46.0211 2256 e1express - ok
20:09:46.0242 2256 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:09:46.0242 2256 E1G60 - ok
20:09:46.0273 2256 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
20:09:46.0273 2256 EapHost - ok
20:09:46.0320 2256 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
20:09:46.0320 2256 Ecache - ok
20:09:46.0383 2256 [ 792F72E8B63DF55CE98445D464874986 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:09:46.0383 2256 ehRecvr - ok
20:09:46.0414 2256 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:09:46.0414 2256 ehSched - ok
20:09:46.0445 2256 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:09:46.0445 2256 ehstart - ok
20:09:46.0492 2256 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:09:46.0507 2256 elxstor - ok
20:09:46.0554 2256 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:09:46.0554 2256 EMDMgmt - ok
20:09:46.0585 2256 [ DFB250BAC1A9108ABD777EA181E32015 ] EventSystem C:\Windows\system32\es.dll
20:09:46.0585 2256 EventSystem - ok
20:09:46.0601 2256 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:09:46.0617 2256 fastfat - ok
20:09:46.0632 2256 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:09:46.0632 2256 fdc - ok
20:09:46.0648 2256 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
20:09:46.0648 2256 fdPHost - ok
20:09:46.0648 2256 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:09:46.0648 2256 FDResPub - ok
20:09:46.0663 2256 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:09:46.0663 2256 FileInfo - ok
20:09:46.0695 2256 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:09:46.0695 2256 Filetrace - ok
20:09:46.0710 2256 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:46.0710 2256 flpydisk - ok
20:09:46.0710 2256 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:09:46.0726 2256 FltMgr - ok
20:09:46.0773 2256 [ 7EF57375636991F794BF40B522A8E7EF ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:09:46.0773 2256 FontCache3.0.0.0 - ok
20:09:46.0788 2256 [ 1ED8599E1E08BA40F2B7301F0B83583A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:09:46.0804 2256 Fs_Rec - ok
20:09:46.0819 2256 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:09:46.0819 2256 gagp30kx - ok
20:09:46.0929 2256 [ F752F40FDC48292473F672E6D8DC09AA ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:09:46.0975 2256 GoogleDesktopManager - ok
20:09:47.0038 2256 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
20:09:47.0038 2256 gpsvc - ok
20:09:47.0116 2256 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:09:47.0116 2256 gupdate - ok
20:09:47.0116 2256 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:09:47.0116 2256 gupdatem - ok
20:09:47.0178 2256 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:09:47.0178 2256 HdAudAddService - ok
20:09:47.0194 2256 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:09:47.0194 2256 HDAudBus - ok
20:09:47.0225 2256 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:09:47.0225 2256 HidBth - ok
20:09:47.0241 2256 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:09:47.0241 2256 HidIr - ok
20:09:47.0256 2256 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
20:09:47.0256 2256 hidserv - ok
20:09:47.0287 2256 [ 01E7971E9F4BD6AC6A08DB52D0EA0418 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:09:47.0287 2256 HidUsb - ok
20:09:47.0334 2256 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
20:09:47.0334 2256 hkmsvc - ok
20:09:47.0350 2256 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:09:47.0350 2256 HpCISSs - ok
20:09:47.0381 2256 [ F31D27CCF514549A17E79BEBE01B40B6 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:09:47.0397 2256 HTTP - ok
20:09:47.0412 2256 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:09:47.0412 2256 i2omp - ok
20:09:47.0428 2256 [ 1060F1377F395A242E27719440ECE602 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:09:47.0443 2256 i8042prt - ok
20:09:47.0475 2256 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\drivers\iastor.sys
20:09:47.0475 2256 iaStor - ok
20:09:47.0490 2256 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:09:47.0490 2256 iaStorV - ok
20:09:47.0553 2256 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:09:47.0553 2256 IDriverT - ok
20:09:47.0599 2256 [ 6D1D3CAB85BA0C63CB83296A8A1825F9 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:09:47.0631 2256 idsvc - ok
20:09:47.0724 2256 [ F7ECD4B9E7FAD4A01A0ED889D40E2494 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:09:47.0771 2256 igfx - ok
20:09:47.0787 2256 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:09:47.0787 2256 iirsp - ok
20:09:47.0833 2256 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
20:09:47.0849 2256 IKEEXT - ok
20:09:47.0880 2256 [ 1B16626BEAE3A52E611FC681CD796F86 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
20:09:47.0880 2256 intelide - ok
20:09:47.0911 2256 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:09:47.0911 2256 intelppm - ok
20:09:47.0927 2256 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:09:47.0927 2256 IPBusEnum - ok
20:09:47.0943 2256 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:47.0943 2256 IpFilterDriver - ok
20:09:47.0974 2256 [ 86AE847BF582472E29885122FB839458 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:09:47.0974 2256 iphlpsvc - ok
20:09:47.0974 2256 IpInIp - ok
20:09:47.0989 2256 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:09:47.0989 2256 IPMIDRV - ok
20:09:48.0005 2256 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:09:48.0005 2256 IPNAT - ok
20:09:48.0021 2256 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:09:48.0021 2256 IRENUM - ok
20:09:48.0052 2256 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:09:48.0052 2256 isapnp - ok
20:09:48.0067 2256 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:09:48.0083 2256 iScsiPrt - ok
20:09:48.0099 2256 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:09:48.0099 2256 iteatapi - ok
20:09:48.0099 2256 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:09:48.0099 2256 iteraid - ok
20:09:48.0114 2256 [ 1A48765F92BA1A88445FC25C9C9D94FC ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:48.0114 2256 kbdclass - ok
20:09:48.0130 2256 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:48.0130 2256 kbdhid - ok
20:09:48.0161 2256 [ 6A0E382E74280E4CC0DF17FE2661D003 ] KeyIso C:\Windows\system32\lsass.exe
20:09:48.0161 2256 KeyIso - ok
20:09:48.0192 2256 [ 11D0BC1F2AFD8ABBB5A3DC47A042DE54 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:09:48.0192 2256 KSecDD - ok
20:09:48.0223 2256 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
20:09:48.0223 2256 KtmRm - ok
20:09:48.0270 2256 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
20:09:48.0270 2256 LanmanServer - ok
20:09:48.0317 2256 [ A6A0DFF37BC17ECD6705FBDB90EECD92 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:09:48.0333 2256 LanmanWorkstation - ok
20:09:48.0348 2256 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:09:48.0348 2256 lltdio - ok
20:09:48.0379 2256 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:09:48.0379 2256 lltdsvc - ok
20:09:48.0395 2256 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:09:48.0395 2256 lmhosts - ok
20:09:48.0426 2256 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:09:48.0426 2256 LSI_FC - ok
20:09:48.0442 2256 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:09:48.0442 2256 LSI_SAS - ok
20:09:48.0473 2256 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:09:48.0473 2256 LSI_SCSI - ok
20:09:48.0489 2256 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
20:09:48.0489 2256 luafv - ok
20:09:48.0535 2256 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:09:48.0535 2256 MBAMProtector - ok
20:09:48.0582 2256 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:09:48.0598 2256 MBAMScheduler - ok
20:09:48.0629 2256 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:09:48.0645 2256 MBAMService - ok
20:09:48.0676 2256 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:09:48.0676 2256 Mcx2Svc - ok
20:09:48.0707 2256 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:09:48.0707 2256 megasas - ok
20:09:48.0723 2256 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
20:09:48.0723 2256 MMCSS - ok
20:09:48.0738 2256 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
20:09:48.0738 2256 Modem - ok
20:09:48.0769 2256 [ EC839BA91E45CCE6EADAFC418FFF8206 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:09:48.0769 2256 monitor - ok
20:09:48.0785 2256 [ 3C9469DFB3440555DAB070716D768B1E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:09:48.0785 2256 mouclass - ok
20:09:48.0801 2256 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:09:48.0801 2256 mouhid - ok
20:09:48.0816 2256 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:09:48.0816 2256 MountMgr - ok
20:09:48.0832 2256 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:09:48.0832 2256 MpFilter - ok
20:09:48.0863 2256 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:09:48.0863 2256 mpio - ok
20:09:48.0879 2256 [ 8D326E8B321685D4784AFA1C55169D73 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:09:48.0879 2256 mpsdrv - ok
20:09:48.0925 2256 [ 370248683BDF5FE36BD06C6416E6CE83 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:09:48.0941 2256 MpsSvc - ok
20:09:48.0957 2256 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:09:48.0957 2256 Mraid35x - ok
20:09:48.0988 2256 [ 93224014A418B72356462B8F7DE6E8C9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:09:48.0988 2256 MRxDAV - ok
20:09:48.0988 2256 [ FCA7563D87F71C6DB0182CA67CC19AA7 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:48.0988 2256 mrxsmb - ok
20:09:49.0019 2256 [ 58A9AB5754FA4CABEDE7401283B5A771 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:49.0019 2256 mrxsmb10 - ok
20:09:49.0035 2256 [ 79B09504E4A790104683722CD04F76B4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:49.0035 2256 mrxsmb20 - ok
20:09:49.0066 2256 [ 0D1C042188FFE61A702A9DF5944DE5BA ] msahci C:\Windows\system32\drivers\msahci.sys
20:09:49.0066 2256 msahci - ok
20:09:49.0097 2256 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:09:49.0097 2256 msdsm - ok
20:09:49.0113 2256 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
20:09:49.0113 2256 MSDTC - ok
20:09:49.0128 2256 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:09:49.0128 2256 Msfs - ok
20:09:49.0144 2256 [ 207DF26DBB2537C20276DA0E15892274 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:09:49.0144 2256 msisadrv - ok
20:09:49.0159 2256 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:09:49.0159 2256 MSiSCSI - ok
20:09:49.0175 2256 msiserver - ok
20:09:49.0191 2256 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:09:49.0191 2256 MSKSSRV - ok
20:09:49.0222 2256 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:09:49.0222 2256 MsMpSvc - ok
20:09:49.0222 2256 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:09:49.0222 2256 MSPCLOCK - ok
20:09:49.0237 2256 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:09:49.0237 2256 MSPQM - ok
20:09:49.0269 2256 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:09:49.0269 2256 MsRPC - ok
20:09:49.0284 2256 [ 7DBAA028F625AA46B95DDA4FBE4B602B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:09:49.0284 2256 mssmbios - ok
20:09:49.0300 2256 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:09:49.0300 2256 MSTEE - ok
20:09:49.0331 2256 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
20:09:49.0331 2256 Mup - ok
20:09:49.0362 2256 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
20:09:49.0362 2256 napagent - ok
20:09:49.0393 2256 [ 497DE786240303EE67AB01F5690C24C2 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:09:49.0393 2256 NativeWifiP - ok
20:09:49.0440 2256 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:09:49.0440 2256 NDIS - ok
20:09:49.0456 2256 [ 7584F1794B23B83D63CC124A8C56D103 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:09:49.0456 2256 NdisTapi - ok
20:09:49.0471 2256 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:09:49.0471 2256 Ndisuio - ok
20:09:49.0503 2256 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:09:49.0503 2256 NdisWan - ok
20:09:49.0503 2256 [ 874C12E3AD1431CABC854697D302C563 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:09:49.0518 2256 NDProxy - ok
20:09:49.0549 2256 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:09:49.0549 2256 NetBIOS - ok
20:09:49.0581 2256 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:09:49.0581 2256 netbt - ok
20:09:49.0596 2256 [ 6A0E382E74280E4CC0DF17FE2661D003 ] Netlogon C:\Windows\system32\lsass.exe
20:09:49.0596 2256 Netlogon - ok
20:09:49.0627 2256 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
20:09:49.0627 2256 Netman - ok
20:09:49.0674 2256 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
20:09:49.0674 2256 netprofm - ok
20:09:49.0705 2256 [ B418382DE04FF58567AA07A2B66B2332 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:09:49.0721 2256 NetTcpPortSharing - ok
20:09:49.0830 2256 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
20:09:49.0877 2256 NETw4v32 - ok
20:09:49.0908 2256 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:09:49.0908 2256 nfrd960 - ok
20:09:49.0939 2256 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
20:09:49.0939 2256 NlaSvc - ok
20:09:49.0971 2256 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:09:49.0971 2256 Npfs - ok
20:09:49.0986 2256 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
20:09:49.0986 2256 nsi - ok
20:09:50.0002 2256 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:09:50.0002 2256 nsiproxy - ok
20:09:50.0049 2256 [ 3F379380A4A2637F559444E338CF1B51 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:09:50.0064 2256 Ntfs - ok
20:09:50.0080 2256 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:09:50.0080 2256 ntrigdigi - ok
20:09:50.0111 2256 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
20:09:50.0111 2256 Null - ok
20:09:50.0127 2256 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:09:50.0127 2256 nvraid - ok
20:09:50.0142 2256 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:09:50.0142 2256 nvstor - ok
20:09:50.0173 2256 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:09:50.0173 2256 nv_agp - ok
20:09:50.0189 2256 NwlnkFlt - ok
20:09:50.0189 2256 NwlnkFwd - ok
20:09:50.0205 2256 [ 86326062A90494BDD79CE383511D7D69 ] OEM04Vfx C:\Windows\system32\DRIVERS\OEM04Vfx.sys
20:09:50.0205 2256 OEM04Vfx - ok
20:09:50.0236 2256 [ CC4F08D6B64A1A27D6272D2CAF8384B2 ] OEM04Vid C:\Windows\system32\DRIVERS\OEM04Vid.sys
20:09:50.0236 2256 OEM04Vid - ok
20:09:50.0267 2256 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:09:50.0267 2256 ohci1394 - ok
20:09:50.0329 2256 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:09:50.0345 2256 p2pimsvc - ok
20:09:50.0361 2256 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
20:09:50.0361 2256 p2psvc - ok
20:09:50.0376 2256 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:09:50.0376 2256 Parport - ok
20:09:50.0407 2256 [ 84BE786F33FDBD8765E05DF3B7F5B9E6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:09:50.0407 2256 partmgr - ok
20:09:50.0423 2256 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:09:50.0423 2256 Parvdm - ok
20:09:50.0439 2256 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:09:50.0439 2256 PcaSvc - ok
20:09:50.0470 2256 [ BDD96F9CF34D58958AFF1BE6EF4C8020 ] pci C:\Windows\system32\drivers\pci.sys
20:09:50.0470 2256 pci - ok
20:09:50.0470 2256 [ 54D23DC5B5072311116826FDB7F6E83E ] pciide C:\Windows\system32\drivers\pciide.sys
20:09:50.0470 2256 pciide - ok
20:09:50.0501 2256 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:09:50.0501 2256 pcmcia - ok
20:09:50.0563 2256 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:09:50.0579 2256 PEAUTH - ok
20:09:50.0673 2256 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
20:09:50.0704 2256 pla - ok
20:09:50.0735 2256 [ 99F45FF202A0C8F2C948557FA404AF4C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:09:50.0735 2256 PlugPlay - ok
20:09:50.0782 2256 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:09:50.0782 2256 PNRPAutoReg - ok
20:09:50.0797 2256 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:09:50.0813 2256 PNRPsvc - ok
20:09:50.0829 2256 [ 05AB8CBD7056B6EA16E5FAB14326AAEE ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:09:50.0844 2256 PolicyAgent - ok
20:09:50.0860 2256 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:09:50.0860 2256 PptpMiniport - ok
20:09:50.0891 2256 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:09:50.0891 2256 Processor - ok
20:09:50.0922 2256 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
20:09:50.0938 2256 ProfSvc - ok
20:09:50.0953 2256 [ 6A0E382E74280E4CC0DF17FE2661D003 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:09:50.0953 2256 ProtectedStorage - ok
20:09:50.0969 2256 [ B74EDF14453C9987E99E66535047EBEE ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:09:50.0969 2256 PSched - ok
20:09:50.0985 2256 [ FEFFCFDC528764A04C8ED63D5FA6E711 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:09:50.0985 2256 PxHelp20 - ok
20:09:51.0031 2256 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:09:51.0047 2256 ql2300 - ok
20:09:51.0063 2256 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:09:51.0063 2256 ql40xx - ok
20:09:51.0094 2256 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
20:09:51.0109 2256 QWAVE - ok
20:09:51.0125 2256 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:09:51.0125 2256 QWAVEdrv - ok
20:09:51.0219 2256 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:51.0234 2256 R300 - ok
20:09:51.0265 2256 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:09:51.0265 2256 RasAcd - ok
20:09:51.0297 2256 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
20:09:51.0312 2256 RasAuto - ok
20:09:51.0343 2256 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:09:51.0343 2256 Rasl2tp - ok
20:09:51.0375 2256 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
20:09:51.0375 2256 RasMan - ok
20:09:51.0390 2256 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:09:51.0390 2256 RasPppoe - ok
20:09:51.0406 2256 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:09:51.0421 2256 rdbss - ok
20:09:51.0421 2256 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:09:51.0421 2256 RDPCDD - ok
20:09:51.0453 2256 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:09:51.0453 2256 rdpdr - ok
20:09:51.0468 2256 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:09:51.0468 2256 RDPENCDD - ok
20:09:51.0499 2256 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:09:51.0515 2256 RDPWD - ok
20:09:51.0546 2256 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
20:09:51.0546 2256 RemoteAccess - ok
20:09:51.0577 2256 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:09:51.0593 2256 RemoteRegistry - ok
20:09:51.0609 2256 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:09:51.0609 2256 rimmptsk - ok
20:09:51.0624 2256 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:09:51.0624 2256 rimsptsk - ok
20:09:51.0640 2256 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:09:51.0640 2256 rismxdp - ok
20:09:51.0780 2256 [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:09:51.0780 2256 RoxMediaDB9 - ok
20:09:51.0811 2256 [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
20:09:51.0811 2256 RoxWatch9 - ok
20:09:51.0827 2256 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:09:51.0843 2256 RpcLocator - ok
20:09:51.0874 2256 [ B46D8EA6DD30BAA49F674DACDC4C491F ] RpcSs C:\Windows\system32\rpcss.dll
20:09:51.0874 2256 RpcSs - ok
20:09:51.0905 2256 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:09:51.0921 2256 rspndr - ok
20:09:51.0936 2256 [ 6A0E382E74280E4CC0DF17FE2661D003 ] SamSs C:\Windows\system32\lsass.exe
20:09:51.0936 2256 SamSs - ok
20:09:51.0952 2256 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:09:51.0952 2256 SASDIFSV - ok
20:09:51.0999 2256 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:09:51.0999 2256 SASKUTIL - ok
20:09:52.0014 2256 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:09:52.0014 2256 sbp2port - ok
20:09:52.0045 2256 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:09:52.0061 2256 SCardSvr - ok
20:09:52.0077 2256 [ 5C72614E6625D39CC1504BF078FDC4CA ] Schedule C:\Windows\system32\schedsvc.dll
20:09:52.0108 2256 Schedule - ok
20:09:52.0123 2256 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:09:52.0123 2256 SCPolicySvc - ok
20:09:52.0170 2256 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:09:52.0170 2256 sdbus - ok
20:09:52.0186 2256 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:09:52.0186 2256 SDRSVC - ok
20:09:52.0201 2256 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:09:52.0201 2256 secdrv - ok
20:09:52.0217 2256 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
20:09:52.0217 2256 seclogon - ok
20:09:52.0248 2256 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
20:09:52.0248 2256 SENS - ok
20:09:52.0279 2256 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:09:52.0279 2256 Serenum - ok
20:09:52.0295 2256 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:09:52.0295 2256 Serial - ok
20:09:52.0311 2256 [ FD06895F55C0BEC3CBD84BDA14E1C6B7 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:09:52.0311 2256 sermouse - ok
20:09:52.0326 2256 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
20:09:52.0326 2256 SessionEnv - ok
20:09:52.0342 2256 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:09:52.0342 2256 sffdisk - ok
20:09:52.0373 2256 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:09:52.0373 2256 sffp_mmc - ok
20:09:52.0373 2256 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:09:52.0373 2256 sffp_sd - ok
20:09:52.0404 2256 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:09:52.0404 2256 sfloppy - ok
20:09:52.0435 2256 [ 11AAC56C04D26195D21C4F5229DB4726 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:09:52.0435 2256 SharedAccess - ok
20:09:52.0467 2256 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:09:52.0467 2256 ShellHWDetection - ok
20:09:52.0482 2256 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:09:52.0482 2256 sisagp - ok
20:09:52.0498 2256 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:09:52.0498 2256 SiSRaid2 - ok
20:09:52.0513 2256 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:09:52.0513 2256 SiSRaid4 - ok
20:09:52.0623 2256 [ 7610645679BB5994210D21A347E0C479 ] slsvc C:\Windows\system32\SLsvc.exe
20:09:52.0638 2256 slsvc - ok
20:09:52.0669 2256 [ 49670F3E42A0178A0AB425AE15D88E7C ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:09:52.0685 2256 SLUINotify - ok
20:09:52.0701 2256 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:09:52.0701 2256 Smb - ok
20:09:52.0732 2256 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:09:52.0732 2256 SNMPTRAP - ok
20:09:52.0763 2256 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
20:09:52.0763 2256 spldr - ok
20:09:52.0794 2256 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
20:09:52.0794 2256 Spooler - ok
20:09:52.0810 2256 [ 2C677528B24D64D22886ECBE5CD97F20 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:09:52.0810 2256 srv - ok
20:09:52.0825 2256 [ 382BAF4DCBD7648CED6C64A8A1E335B2 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:09:52.0825 2256 srv2 - ok
20:09:52.0841 2256 [ F8E47A77E1690D8574962B69CB22BEB3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:09:52.0841 2256 srvnet - ok
20:09:52.0872 2256 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:09:52.0888 2256 SSDPSRV - ok
20:09:52.0919 2256 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\Windows\system32\STacSV.exe
20:09:52.0919 2256 STacSV - ok
20:09:52.0950 2256 [ 8EE25FAD17C309687EAB8B963C05478A ] STHDA C:\Windows\system32\drivers\stwrt.sys
20:09:52.0966 2256 STHDA - ok
20:09:53.0013 2256 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
20:09:53.0028 2256 stisvc - ok
20:09:53.0059 2256 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:09:53.0106 2256 stllssvr - ok
20:09:53.0137 2256 [ 3B80B4383C9BCE13279C8482734B32B2 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:09:53.0137 2256 swenum - ok
20:09:53.0169 2256 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
20:09:53.0169 2256 swprv - ok
20:09:53.0200 2256 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:09:53.0200 2256 Symc8xx - ok
20:09:53.0215 2256 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:09:53.0215 2256 Sym_hi - ok
20:09:53.0231 2256 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:09:53.0231 2256 Sym_u3 - ok
20:09:53.0262 2256 [ DD17B63F26430E179EF6BDEF5AC735BD ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:09:53.0262 2256 SynTP - ok
20:09:53.0309 2256 [ C1FDFF9AFD8C6C905485981B41DCFB40 ] SysMain C:\Windows\system32\sysmain.dll
20:09:53.0309 2256 SysMain - ok
20:09:53.0340 2256 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:09:53.0340 2256 TabletInputService - ok
20:09:53.0371 2256 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:09:53.0371 2256 TapiSrv - ok
20:09:53.0387 2256 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
20:09:53.0387 2256 TBS - ok
20:09:53.0449 2256 [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:09:53.0465 2256 Tcpip - ok
20:09:53.0481 2256 [ D944522B048A5FEB7700B5170D3D9423 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:09:53.0481 2256 Tcpip6 - ok
20:09:53.0512 2256 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:09:53.0512 2256 tcpipreg - ok
20:09:53.0543 2256 [ 5CA437A08509FB7ECF843480FC1232E2 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
20:09:53.0543 2256 TcUsb - ok
20:09:53.0559 2256 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:09:53.0559 2256 TDPIPE - ok
20:09:53.0574 2256 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:09:53.0574 2256 TDTCP - ok
20:09:53.0590 2256 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:09:53.0590 2256 tdx - ok
20:09:53.0621 2256 [ 849ED71967D45F15C3E0ABFC633FDF2A ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:09:53.0621 2256 TermDD - ok
20:09:53.0668 2256 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
20:09:53.0668 2256 TermService - ok
20:09:53.0699 2256 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
20:09:53.0699 2256 Themes - ok
20:09:53.0715 2256 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
20:09:53.0715 2256 THREADORDER - ok
20:09:53.0730 2256 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
20:09:53.0730 2256 TrkWks - ok
20:09:53.0793 2256 [ CD987375605E6F9C3230E99EDA9D9C6D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:09:53.0793 2256 TrustedInstaller - ok
20:09:53.0808 2256 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:09:53.0808 2256 tssecsrv - ok
20:09:53.0824 2256 [ 80FC4AC81602C88E7D23618E6EFBA2C6 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:09:53.0824 2256 tunmp - ok
20:09:53.0824 2256 [ 52DAA1FA3B5A40D6A6627B44C60A9B78 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:09:53.0824 2256 tunnel - ok
20:09:53.0855 2256 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:09:53.0855 2256 uagp35 - ok
20:09:53.0871 2256 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:09:53.0871 2256 udfs - ok
20:09:53.0902 2256 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:09:53.0917 2256 UI0Detect - ok
20:09:53.0949 2256 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:09:53.0949 2256 uliagpkx - ok
20:09:53.0964 2256 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:09:53.0964 2256 uliahci - ok
20:09:53.0995 2256 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:09:53.0995 2256 UlSata - ok
20:09:54.0027 2256 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:09:54.0027 2256 ulsata2 - ok
20:09:54.0042 2256 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:09:54.0042 2256 umbus - ok
20:09:54.0073 2256 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
20:09:54.0073 2256 upnphost - ok
20:09:54.0105 2256 [ 51480458E6E9863F856EBF35AAE801B4 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:09:54.0120 2256 usbccgp - ok
20:09:54.0136 2256 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:09:54.0136 2256 usbcir - ok
20:09:54.0151 2256 [ 11FA3ACBF0DE0286829C69E01FE705E4 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:09:54.0151 2256 usbehci - ok
20:09:54.0183 2256 [ 6A7858A38B5105731E219E7C6A238730 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:09:54.0183 2256 usbhub - ok
20:09:54.0198 2256 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:09:54.0198 2256 usbohci - ok
20:09:54.0229 2256 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:09:54.0229 2256 usbprint - ok
20:09:54.0245 2256 [ FDBAABF07244C60B0F4E0A6E71A107C6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:09:54.0245 2256 USBSTOR - ok
20:09:54.0261 2256 [ 4013315FED70A2D293B998CBBA4022EE ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:09:54.0261 2256 usbuhci - ok
20:09:54.0292 2256 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
20:09:54.0292 2256 UxSms - ok
20:09:54.0307 2256 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
20:09:54.0307 2256 vds - ok
20:09:54.0339 2256 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:09:54.0339 2256 vga - ok
20:09:54.0354 2256 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:09:54.0354 2256 VgaSave - ok
20:09:54.0385 2256 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:09:54.0385 2256 viaagp - ok
20:09:54.0401 2256 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:09:54.0417 2256 ViaC7 - ok
20:09:54.0432 2256 [ C0ACE9D0F5A5EE0B00F58345947A57FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:09:54.0432 2256 viaide - ok
20:09:54.0463 2256 [ FD16FAC15F9F165AC19A618E7B391F5C ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:09:54.0463 2256 volmgr - ok
20:09:54.0479 2256 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:09:54.0495 2256 volmgrx - ok
20:09:54.0510 2256 [ 11EF6C1CAEF76B685233450A126125D6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:09:54.0510 2256 volsnap - ok
20:09:54.0573 2256 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:09:54.0573 2256 vsmraid - ok
20:09:54.0619 2256 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
20:09:54.0635 2256 VSS - ok
20:09:54.0651 2256 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
20:09:54.0651 2256 W32Time - ok
20:09:54.0666 2256 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:09:54.0666 2256 WacomPen - ok
20:09:54.0697 2256 [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:09:54.0697 2256 Wanarp - ok
20:09:54.0697 2256 [ 6E1A5BE9A0605F3D932FF35FBA2B22B3 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:09:54.0697 2256 Wanarpv6 - ok
20:09:54.0713 2256 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:09:54.0713 2256 wcncsvc - ok
20:09:54.0729 2256 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:09:54.0744 2256 WcsPlugInService - ok
20:09:54.0760 2256 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
20:09:54.0760 2256 Wd - ok
20:09:54.0791 2256 [ 5DFDBD5EF13E4D95BE6FC108E2ED4A67 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:09:54.0807 2256 Wdf01000 - ok
20:09:54.0838 2256 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:09:54.0838 2256 WdiServiceHost - ok
20:09:54.0838 2256 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:09:54.0853 2256 WdiSystemHost - ok
20:09:54.0869 2256 [ 5BB7DCE05889A1FE2E0DB1CDF451412B ] WebClient C:\Windows\System32\webclnt.dll
20:09:54.0869 2256 WebClient - ok
20:09:54.0885 2256 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
20:09:54.0900 2256 Wecsvc - ok
20:09:54.0916 2256 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:09:54.0916 2256 wercplsupport - ok
20:09:54.0916 2256 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
20:09:54.0931 2256 WerSvc - ok
20:09:54.0978 2256 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:09:54.0978 2256 WinDefend - ok
20:09:54.0978 2256 WinHttpAutoProxySvc - ok
20:09:55.0041 2256 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:09:55.0056 2256 Winmgmt - ok
20:09:55.0103 2256 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
20:09:55.0119 2256 WinRM - ok
20:09:55.0150 2256 [ 424782AC6393CAFD0EE6FA887105BBAE ] Wlansvc C:\Windows\System32\wlansvc.dll
20:09:55.0165 2256 Wlansvc - ok
20:09:55.0181 2256 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:09:55.0181 2256 WmiAcpi - ok
20:09:55.0212 2256 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:09:55.0212 2256 wmiApSrv - ok
20:09:55.0290 2256 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:09:55.0321 2256 WMPNetworkSvc - ok
20:09:55.0321 2256 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:09:55.0337 2256 WPCSvc - ok
20:09:55.0353 2256 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:09:55.0353 2256 WPDBusEnum - ok
20:09:55.0368 2256 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:09:55.0368 2256 ws2ifsl - ok
20:09:55.0384 2256 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\System32\wscsvc.dll
20:09:55.0399 2256 wscsvc - ok
20:09:55.0399 2256 WSearch - ok
20:09:55.0477 2256 [ 9397D21939A25DA1BD0ED8DB5BB3C853 ] wuauserv C:\Windows\system32\wuaueng.dll
20:09:55.0524 2256 wuauserv - ok
20:09:55.0555 2256 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:55.0555 2256 WUDFRd - ok
20:09:55.0571 2256 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:09:55.0571 2256 wudfsvc - ok
20:09:55.0571 2256 ================ Scan global ===============================
20:09:55.0602 2256 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
20:09:55.0633 2256 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
20:09:55.0649 2256 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
20:09:55.0680 2256 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
20:09:55.0696 2256 [Global] - ok
20:09:55.0696 2256 ================ Scan MBR ==================================
20:09:55.0696 2256 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:09:56.0195 2256 \Device\Harddisk0\DR0 - ok
20:09:56.0195 2256 ================ Scan VBR ==================================
20:09:56.0211 2256 [ 561C2BD674A770437D6D2EF921D1E2B2 ] \Device\Harddisk0\DR0\Partition1
20:09:56.0211 2256 \Device\Harddisk0\DR0\Partition1 - ok
20:09:56.0211 2256 [ B22CB5FEA313155B6D63BD4B8BFD7158 ] \Device\Harddisk0\DR0\Partition2
20:09:56.0226 2256 \Device\Harddisk0\DR0\Partition2 - ok
20:09:56.0226 2256 ============================================================
20:09:56.0226 2256 Scan finished
20:09:56.0226 2256 ============================================================
20:09:56.0242 1252 Detected object count: 0
20:09:56.0242 1252 Actual detected object count: 0

here the log from Listparts (I've omitted my account name for privacy reasons), it has some words in italian (my system language is in italian):

ListParts by Farbar Version: 10-03-2013
Ran by ***************** (administrator) on 12-03-2013 at 20:22:51
Windows Vista (X86)
Running From: C:\Users\*****************\Desktop
Language: 0410
************************************************************
========================= Memory info ======================
Percentage of memory in use: 40%
Total physical RAM: 2037.57 MB
Available physical RAM: 1221.04 MB
Total Pagefile: 4295.67 MB
Available Pagefile: 3289.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.29 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:99.18 GB) (Free:86.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.38 GB) NTFS
Disk ### Stato Dim. Libera Din Gpt
-------- ---------- ------- ------- --- ---
Disco 0 Pronto 112 Gbytes 1024 Kbytes
Partitions of Disk 0:
===============
Partition ### Tipo Dim. Offset
------------- ---------------- ------- -------
Partizione 1 OEM 110 Mb 32 Kb
Partizione 2 Primario 10 Gb 110 Mb
Partizione 3 Primario 99 Gb 10 Gb
Partizione 0 Esteso 2560 Mb 109 Gb
Partizione 4 Logico 2559 Mb 109 Gb
======================================================================================================
Disk: 0
Partizione 1
Tipo : DE
Nascosta: S・
Attiva : No
Nessun volume associato alla partizione.
======================================================================================================
Disk: 0
Partizione 2
Tipo : 07
Nascosta: No
Attiva : No
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partizione 10 Gb Integro
======================================================================================================
Disk: 0
Partizione 3
Tipo : 07
Nascosta: No
Attiva : S・
Volume ### Let. Etichetta Fs Tipo Dim. Stato Info
--------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partizione 99 Gb Integro Sistema (partition with boot components)
======================================================================================================
Disk: 0
Partizione 4
Tipo : DD
Nascosta: S・
Attiva : No
Nessun volume associato alla partizione.
======================================================================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: F8000000
Partition 1:
===========
Hex: 00010100DEFE3F0D3F0000004F6E0300
Active: NO
Type: DE
Size: 110 MB
Partition 2:
===========
Hex: 0005380E07FEFFFF0070030000004001
Active: NO
Type: 07 (NTFS)
Size: 10 GB
Partition 3:
===========
Hex: 80FEFFFF07FEFFFF0070430100D0650C
Active: YES
Type: 07 (NTFS)
Size: 99 GB
Partition 4:
===========
Hex: 00FEFFFF0FFEFFFF0040A90D00005000
Active: NO
Type: OF (Extended)
Size: 3 GB
****** End Of Log ******
20:09:56.0242 1252 Actual detected object count: 0

I'm using an usb key to transfer the logs, is it safe for the clean computer?

Maurice Naggar · March 13, 2013

I much prefer that you actually NOT use Quotes to wrap your logs when you reply. Can you agree to that?

In future logs, I will need the complete output without your editing, as it is critical that I have full-path name to any infected file.

Can you agree and observe that?

If not, then you have these choices,

Let me suggest, if you're an MBAM PRO customer, you contact the Consumer Help desk direct here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

As to using USB-key drive ....IF you must do so, hold down the SHIFT-key before & while you insert the USB-drive.

koala2013 · March 13, 2013

I agree, no quotes for logs and only full report.

Sorry I was just a little obsessed with privacy.

Thank you for your help, I really appreciate it.

Maurice Naggar · March 13, 2013

The Tdsskiller report is good. Thus if we may assume that there's no infection, you may try tweaking some Vista settings for Windows Update.

My guess is that because you did a Windows install, that the windows update controls from that are very much out of date from the real current set.

First, see this Microsoft document and give it a careful check:

http://windows.microsoft.com/en-US/windows-vista/Windows-Update-error-80072ee7

If no success, do these next:

Close and exit any open work documents or program windows you opened.

Then do a Logoff and Restart for a new fresh start.

[ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.

Note=> For optimal results, check the Delete personal settings option.

Now, Open Internet Explorer (only!) & go to http://support.microsoft.com/kb/910336

[ignore the title & Symptoms].

Dismiss/close the "automated troubleshooter" pop-up! - then...

Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT and then again a 2nd time in AGGRESSIVE modes. [1]

2. Reboot & then run a manual check for updates at Windows Update, etc., etc...

When you reach Windows Update, do a Custom scan for updates. Take (accept) only items marked Important or Critical.

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that. Allow it to restart.

IF and only if you get an "error" or "exception/failure" message, I will need the complete so called "failure code" and description (if you see it).

[1]Agressive mode will result in your not being able to see prior updates when doing View Update history. However, it does not affect already installed updates on your system.

The latter are still viewable in Control Panel (Programs and Features or Add-or-Remove Programs).

credit Robear Dyer for the 'secret sauce'.

koala2013 · March 13, 2013

the error messages are translated from Italian, so they might be not exactly the English error messages.

microsoft document checked, doesn't work. Microsoft Update error:

Impossible to check for new updates

Error

Code 8024402F

went to http://support.microsoft.com/kb/923737 left clicked on "Fix It", internet explorer error:

impossible to visualize the web page

possible causes:

- no internet connection.

- web page errors.

- it's possible that there are some mispelling in the link.

Tryied to get "Fix It" by right click and "save as", error:

Internet Explorer: impossoble to download / from go.microsoft.com

Impossible to find the website. Please check if the link is correct and try again.

Maurice Naggar · March 14, 2013

Do you have the Vista operating system DVD ?

Do you have a system-image-backup from before this problem?

What backup do you have ?

To get any further, I will have to have a FRST log from you.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
- System Restore
- Windows Complete PC Restore
- Windows Memory Diagnostic Tool
- Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

koala2013 · March 14, 2013

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013

Ran by SYSTEM at 14-03-2013 17:57:11

Running from F:\

Windows Vista Home Premium (X86) OS Language: Italian Standard

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1006264 2007-08-22] (Microsoft Corporation)

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [857648 2007-05-10] (Synaptics, Inc.)

HKLM\...\Run: [OEM04Mon.exe] C:\Windows\OEM04Mon.exe [32768 2007-06-07] (Creative Technology Ltd.)

HKLM\...\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-06-29] (SigmaTel, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" [77824 2007-08-21] (Sun Microsystems, Inc.)

HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup [49168 2007-03-28] (UPEK Inc.)

HKLM\...\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2006-10-03] (Macrovision Corporation)

HKLM\...\Run: [] [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)

HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [184320 2007-04-16] (CyberLink Corp.)

HKLM\...\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe [152144 2007-01-17] (McAfee Inc.)

HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)

HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)

HKU\test\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)

Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Lsa: [Notification Packages] scecli psqlpwd

==================== Services (Whitelisted) ===================

3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2007-03-19] ()

3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [341584 2007-01-12] (McAfee, Inc.)

2 McAfee HackerWatch Service; "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" [540776 2007-01-09] (McAfee, Inc.)

3 mcmispupdmgr; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [689752 2007-01-05] (McAfee, Inc.)

2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [361560 2007-01-05] (McAfee, Inc.)

2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2007-01-16] (McAfee, Inc.)

2 mcpromgr; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [493144 2007-01-05] (McAfee, Inc.)

2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144960 2006-12-22] (McAfee, Inc.)

2 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [643664 2007-01-25] (McAfee, Inc.)

2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [839720 2007-01-15] (McAfee, Inc.)

2 MPS9; C:\PROGRA~1\McAfee\MPS\mps.exe [906792 2007-01-23] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\McAfee\MSK\MskSrver.exe" [29264 2007-01-17] (McAfee Inc.)

2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-06-29] (SigmaTel, Inc.)

2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [x]

2 McProxy; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [x]

2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [x]

==================== Drivers (Whitelisted) ====================

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-12-22] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34184 2006-12-22] (McAfee, Inc.)

3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2006-12-22] (McAfee, Inc.)

3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [32008 2006-12-22] (McAfee, Inc.)

3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [37480 2006-12-22] (McAfee, Inc.)

1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [117848 2007-01-09] (McAfee, Inc.)

3 OEM04Vfx; C:\Windows\System32\DRIVERS\OEM04Vfx.sys [7424 2007-06-07] (EyePower Games Pte. Ltd.)

3 OEM04Vid; C:\Windows\System32\DRIVERS\OEM04Vid.sys [234560 2007-06-07] (Creative Technology Ltd.)

3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-06-29] (SigmaTel, Inc.)

4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-03-14 00:51 - 2013-03-14 00:51 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-03-14 00:50 - 2013-03-14 17:37 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-14 00:50 - 2013-03-14 00:55 - 00001134 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-14 00:49 - 2013-03-14 00:49 - 00000000 ____D C:\Users\test\AppData\Local\Deployment

2013-03-14 00:49 - 2013-03-14 00:49 - 00000000 ____D C:\Users\test\AppData\Local\Apps\2.0

2013-03-14 00:42 - 2013-03-13 02:59 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\test\Desktop\Karsperky TDSSkiller.exe

2013-03-14 00:27 - 2013-03-14 00:27 - 00000908 ____A C:\Users\Public\Desktop\MBAM.lnk

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-03-14 00:27 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-03-14 00:26 - 2013-03-14 00:26 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\test\Downloads\mbam-setup-1.70.0.1100.exe

2013-03-13 22:31 - 2013-03-14 17:20 - 00008892 ____A C:\Windows\PFRO.log

2013-03-13 22:04 - 2013-03-13 22:04 - 00347424 ____A (Microsoft Corporation) C:\Users\test\Downloads\MicrosoftFixit.wu.LB.25286643026484104.1.1.Run.exe

2013-03-13 21:57 - 2013-03-13 21:57 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia

2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Users\test\AppData\Roaming\Google

2013-03-13 21:36 - 2013-03-13 21:36 - 00000000 ____D C:\Users\test\Documents\Gadget Google personali

2013-03-13 21:36 - 2013-03-13 21:36 - 00000000 ____D C:\Users\test\AppData\Local\MediaDirect

2013-03-13 21:35 - 2013-03-14 00:51 - 00000000 ____D C:\Users\test\AppData\Local\Google

2013-03-13 21:35 - 2013-03-14 00:49 - 00080784 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT

2013-03-13 21:35 - 2013-03-13 21:36 - 00000000 ___HD C:\Users\test\AppData\Roaming\GTek

2013-03-13 21:35 - 2013-03-13 21:35 - 00000000 ____D C:\Intel

2013-03-13 21:34 - 2013-03-13 21:35 - 00000000 ____D C:\users\test

2013-03-13 21:34 - 2013-03-13 21:34 - 00000020 ___SH C:\Users\test\ntuser.ini

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Risorse di stampa

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Risorse di rete

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Modelli

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Menu Avvio

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Impostazioni locali

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Documents\Video

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Documents\Musica

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Documents\Immagini

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Documenti

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\Dati applicazioni

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\AppData\Local\Dati applicazioni

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 __SHD C:\Users\test\AppData\Local\Cronologia

2013-03-13 21:34 - 2013-03-13 21:34 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Public\Documents\Video

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Public\Documents\Musica

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Public\Documents\Immagini

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Risorse di stampa

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Risorse di rete

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Modelli

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Menu Avvio

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Impostazioni locali

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Documents\Video

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Documents\Musica

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Documents\Immagini

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Documenti

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\Dati applicazioni

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\AppData\Local\Dati applicazioni

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default\AppData\Local\Cronologia

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default User\Documents\Video

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default User\Documents\Musica

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default User\Documents\Immagini

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default User\AppData\Local\Dati applicazioni

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Users\Default User\AppData\Local\Cronologia

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Programmi

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\ProgramData\Preferiti

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\ProgramData\Modelli

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\ProgramData\Menu Avvio

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\ProgramData\Documenti

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\ProgramData\Dati applicazioni

2013-03-13 21:33 - 2013-03-13 21:33 - 00000000 __SHD C:\Program Files\File comuni

==================== One Month Modified Files and Folders ========

2013-03-14 17:48 - 2007-08-21 22:34 - 00004564 ____A C:\Windows\System32\Config.MPF

2013-03-14 17:48 - 2007-08-21 22:02 - 00239271 ____A C:\Windows\WindowsUpdate.log

2013-03-14 17:48 - 2006-11-02 14:01 - 00005018 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2013-03-14 17:48 - 2006-11-02 14:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-03-14 17:42 - 2006-11-06 02:52 - 00682422 ____A C:\Windows\System32\perfh010.dat

2013-03-14 17:42 - 2006-11-06 02:52 - 00114828 ____A C:\Windows\System32\perfc010.dat

2013-03-14 17:42 - 2006-11-02 11:33 - 01501680 ____A C:\Windows\System32\PerfStringBackup.INI

2013-03-14 17:37 - 2013-03-14 00:50 - 00001130 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-03-14 17:37 - 2006-11-02 13:47 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-03-14 17:37 - 2006-11-02 13:47 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-03-14 17:25 - 2006-11-02 13:52 - 00029286 ____A C:\Windows\setupact.log

2013-03-14 17:20 - 2013-03-13 22:31 - 00008892 ____A C:\Windows\PFRO.log

2013-03-14 17:20 - 2007-08-22 05:47 - 00000000 ____D C:\DELL

2013-03-14 17:20 - 2007-08-21 22:28 - 00000000 ____D C:\Program Files\Google

2013-03-14 17:20 - 2007-08-21 22:24 - 00000000 ____D C:\Program Files\McAfee

2013-03-14 17:20 - 2006-11-02 13:47 - 00319512 ____A C:\Windows\System32\FNTCACHE.DAT

2013-03-14 00:55 - 2013-03-14 00:50 - 00001134 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-03-14 00:51 - 2013-03-14 00:51 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk

2013-03-14 00:51 - 2013-03-13 21:35 - 00000000 ____D C:\Users\test\AppData\Local\Google

2013-03-14 00:49 - 2013-03-14 00:49 - 00000000 ____D C:\Users\test\AppData\Local\Deployment

2013-03-14 00:49 - 2013-03-14 00:49 - 00000000 ____D C:\Users\test\AppData\Local\Apps\2.0

2013-03-14 00:49 - 2013-03-13 21:35 - 00080784 ____A C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT

2013-03-14 00:27 - 2013-03-14 00:27 - 00000908 ____A C:\Users\Public\Desktop\MBAM.lnk

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\Users\test\AppData\Roaming\Malwarebytes

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-03-14 00:27 - 2013-03-14 00:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-03-14 00:26 - 2013-03-14 00:26 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\test\Downloads\mbam-setup-1.70.0.1100.exe

2013-03-13 23:39 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2013-03-13 22:04 - 2013-03-13 22:04 - 00347424 ____A (Microsoft Corporation) C:\Users\test\Downloads\MicrosoftFixit.wu.LB.25286643026484104.1.1.Run.exe

2013-03-13 21:57 - 2013-03-13 21:57 - 00000000 ____D C:\Users\test\AppData\Roaming\Macromedia

2013-03-13 21:52 - 2007-08-21 22:29 - 00000000 ____D C:\ProgramData\Google

2013-03-13 21:47 - 2013-03-13 21:47 - 00000000 ____D C:\Users\test\AppData\Roaming\Google

2013-03-13 21:46 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\System32\NDF

2013-03-13 21:36 - 2013-03-13 21:36 - 00000000 ____D C:\Users\test\Documents\Gadget Google personali

2013-03-13 21:36 - 2013-03-13 21:36 - 00000000 ____D C:\Users\test\AppData\Local\MediaDirect

2013-03-13 21:36 - 2013-03-13 21:35 - 00000000 ___HD C:\Users\test\AppData\Roaming\GTek

2013-03-13 21:35 - 2013-03-13 21:35 - 00000000 ____D C:\Intel

2013-03-13 21:35 - 2013-03-13 21:34 - 00000000 ____D C:\users\test