Jump to content

Need help with Moneypak FBI Ransom Virus


Recommended Posts

My grandpa's computer got infected with the Moneypak FBI ransom virus and I'm attempting to fix it. It won't let me boot into safe mode, so I had to follow the method of running the scan with the FRST tool. Any help would be greatly appreciated!

Here's the results:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2013

Ran by SYSTEM on 14-06-2013 00:10:40

Running from F:\

Windows 7 Ultimate (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13605408 2009-03-06] (NVIDIA Corporation)

HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-03-06] (NVIDIA Corporation)

HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [96800 2009-03-06] (NVIDIA Corporation)

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761947 2006-03-08] (Synaptics, Inc.)

HKLM\...\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [69632 2004-04-13] (InstallShield Software Corporation)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [DisplaySwitch] "C:\ProgramData\DisplaySwitch.exe" [44032 2013-05-22] ()

HKLM\...\Winlogon: [shell] C:\ProgramData\DisplaySwitch.exe [x ] () <=== ATTENTION

HKU\Art & Lee\...\Run: [Google Update] "C:\Users\Art & Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2012-07-11] (Google Inc.)

HKU\hooked82\...\Run: [Google Update] "C:\Users\hooked82\AppData\Local\Google\Update\GoogleUpdate.exe" /c [ 2010-07-07] (Google Inc.)

Startup: C:\Users\Art & Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\hooked82\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 Akamai; c:\program files\common files\akamai/netsession_win_ca0e279.dll [4561152 2013-03-25] (Akamai Technologies, Inc.)

S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [13824 2009-07-13] (Microsoft Corporation)

S2 MSCOMGeoInfoService; C:\Program Files\Microsoft\MSCOMGeoSystem\MSCOMGeoInfoServer.exe [28672 2007-02-22] (MS)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3217744 2009-07-02] (Microsoft Corporation)

S2 WebUpdate4; C:\Windows\system32\WebUpdateSvc4.exe [262416 2009-12-01] (Data Perceptions / PowerProgrammer)

==================== Drivers (Whitelisted) ====================

S3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)

S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)

S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)

S3 VSPerfDrv90; C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [55664 2007-09-04] (Microsoft Corporation)

S3 GrooveAuditService;

S3 GrooveInstallerService;

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

S3 vpnva; system32\DRIVERS\vpnva.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-14 00:10 - 2013-06-14 00:10 - 00000000 ____D C:\FRST

2013-06-13 18:10 - 2013-06-13 18:10 - 00057510 ____A C:\OTL.Txt

2013-05-22 19:27 - 2013-05-22 19:27 - 02250054 ____A C:\ProgramData\1.bmp

2013-05-22 19:16 - 2013-05-22 19:16 - 00044032 ____A C:\ProgramData\DisplaySwitch.exe

2013-05-15 20:53 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-15 20:53 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-15 20:53 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-05-15 20:53 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-15 20:53 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-15 20:53 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-05-15 20:53 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-15 20:53 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-15 20:53 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-05-15 20:53 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-05-15 20:53 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-15 20:53 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-15 20:53 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-05-15 20:53 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-15 20:49 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-15 20:49 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-15 19:29 - 2013-04-09 21:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 19:29 - 2013-04-09 21:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 19:29 - 2013-04-09 19:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 19:29 - 2013-03-18 20:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 19:29 - 2013-03-18 19:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 19:29 - 2013-02-26 21:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 19:29 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 19:29 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 19:29 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 19:29 - 2013-02-26 20:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

==================== One Month Modified Files and Folders ========

2013-06-14 00:10 - 2013-06-14 00:10 - 00000000 ____D C:\FRST

2013-06-13 18:10 - 2013-06-13 18:10 - 00057510 ____A C:\OTL.Txt

2013-06-13 17:54 - 2012-07-11 20:44 - 00000000 ____D C:\users\Art & Lee

2013-06-13 17:54 - 2011-03-18 10:22 - 00000000 ____D C:\users\MyFishingCompanion

2013-06-13 17:54 - 2010-05-02 19:40 - 00000000 ____D C:\users\Classic .NET AppPool

2013-06-13 17:54 - 2010-04-30 12:04 - 00000000 ____D C:\users\hooked82

2013-06-02 23:04 - 2010-05-02 12:30 - 00000000 ____D C:\Program Files\Common Files\Akamai

2013-06-02 23:03 - 2012-08-15 17:20 - 00065536 _____ C:\Windows\System32\Ikeext.etl

2013-06-02 23:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-02 23:03 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\inetsrv

2013-06-02 23:02 - 2009-07-13 20:39 - 00079429 ____A C:\Windows\setupact.log

2013-06-02 12:40 - 2010-04-30 11:57 - 01744831 ____A C:\Windows\WindowsUpdate.log

2013-06-02 12:39 - 2012-07-11 20:52 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014UA.job

2013-06-02 12:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\tracing

2013-06-02 12:35 - 2012-07-11 20:52 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014Core.job

2013-05-25 07:17 - 2013-04-28 19:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-25 07:17 - 2010-07-07 19:15 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000UA.job

2013-05-25 07:17 - 2010-07-07 19:15 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000Core.job

2013-05-22 19:27 - 2013-05-22 19:27 - 02250054 ____A C:\ProgramData\1.bmp

2013-05-22 19:16 - 2013-05-22 19:16 - 00044032 ____A C:\ProgramData\DisplaySwitch.exe

2013-05-22 19:07 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-22 19:07 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-21 20:15 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-05-16 19:30 - 2009-07-13 20:33 - 03794536 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-15 20:55 - 2010-05-01 12:05 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-05-15 20:51 - 2010-04-30 12:07 - 00909016 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-15 20:47 - 2010-04-30 12:16 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 19:25 - 2013-04-28 19:33 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-05-15 19:25 - 2013-04-28 19:33 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-05-15 19:18 - 2009-07-13 20:53 - 00032558 ____A C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:

====================

C:\ProgramData\DisplaySwitch.exe

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-15 20:46:15

Restore point made on: 2013-05-19 22:39:07

==================== Memory info ===========================

Percentage of memory in use: 22%

Total physical RAM: 2046.44 MB

Available physical RAM: 1576.22 MB

Total Pagefile: 2046.44 MB

Available Pagefile: 1576.88 MB

Total Virtual: 2047.88 MB

Available Virtual: 1931.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:72.43 GB) (Free:6.44 GB) NTFS

Drive f: (ANDROID DEV) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: 28000000)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=72 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)

========================================================

Disk: 1 (Size: 4 GB) (Disk ID: 44224421)

Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-05-14 12:25

==================== End Of Log ============================

I'm thinking the following 2 lines are the culprit, but I'll await the professionals :)

2013-05-22 19:07 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-22 19:07 - 2009-07-13 20:34 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

Thanks!

Link to post
Share on other sites

Hello hooked82 and welcome to Malwarebytes!

I'm D-FRED-BROWN and I'll be helping you. :)

On the clean computer,

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

HKLM\...\Winlogon: [shell] C:\ProgramData\DisplaySwitch.exe [x ] () <=== ATTENTION

2013-05-22 19:27 - 2013-05-22 19:27 - 02250054 ____A C:\ProgramData\1.bmp

2013-05-22 19:16 - 2013-05-22 19:16 - 00044032 ____A C:\ProgramData\DisplaySwitch.exe

2013-06-02 23:03 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-02 12:39 - 2012-07-11 20:52 - 00000924 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014UA.job

2013-06-02 12:35 - 2012-07-11 20:52 - 00000872 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014Core.job

2013-05-25 07:17 - 2013-04-28 19:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-25 07:17 - 2010-07-07 19:15 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000UA.job

2013-05-25 07:17 - 2010-07-07 19:15 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000Core.job

C:\ProgramData\DisplaySwitch.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options on the infected computer.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply. Afterwards, are you able to boot into Normal Mode now?

Let me know how things go. If you at any point have trouble using FRST, please stop and post back here to let me know.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Here's the results. I was also able to boot into safe mode (I didn't try starting windows normally yet, but have not been able to get into safe mode prior to this)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-06-2013

Ran by SYSTEM at 2013-06-14 00:35:19 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.

C:\ProgramData\1.bmp => Moved successfully.

C:\ProgramData\DisplaySwitch.exe => Moved successfully.

C:\Windows\Tasks\SA.DAT => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014UA.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1014Core.job => Moved successfully.

C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000UA.job => Moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3389471612-1632245861-4103010220-1000Core.job => Moved successfully.

C:\ProgramData\DisplaySwitch.exe => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

Awesome. Let's start getting rid of the rest of it:

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

Link to post
Share on other sites

Here are the results for Step 1. It found 1 thread (Hidden file (Akamai)). It didn't have the "Cure" option. Do I leave it to skip and click the "Continue" button or leave the threads detected window open and move to step 2?

22:57:52.0662 3180 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19

22:57:53.0394 3180 ============================================================

22:57:53.0394 3180 Current date / time: 2013/06/13 22:57:53.0394

22:57:53.0394 3180 SystemInfo:

22:57:53.0394 3180

22:57:53.0394 3180 OS Version: 6.1.7601 ServicePack: 1.0

22:57:53.0394 3180 Product type: Workstation

22:57:53.0394 3180 ComputerName: DELLLAPTOP

22:57:53.0394 3180 UserName: Art & Lee

22:57:53.0394 3180 Windows directory: C:\Windows

22:57:53.0394 3180 System windows directory: C:\Windows

22:57:53.0394 3180 Processor architecture: Intel x86

22:57:53.0394 3180 Number of processors: 2

22:57:53.0394 3180 Page size: 0x1000

22:57:53.0394 3180 Boot type: Normal boot

22:57:53.0394 3180 ============================================================

22:57:54.0098 3180 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:57:54.0100 3180 ============================================================

22:57:54.0100 3180 \Device\Harddisk0\DR0:

22:57:54.0100 3180 MBR partitions:

22:57:54.0100 3180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

22:57:54.0100 3180 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x90DC800

22:57:54.0123 3180 ============================================================

22:57:54.0170 3180 C: <-> \Device\Harddisk0\DR0\Partition2

22:57:54.0171 3180 ============================================================

22:57:54.0171 3180 Initialize success

22:57:54.0171 3180 ============================================================

22:58:21.0041 1740 ============================================================

22:58:21.0041 1740 Scan started

22:58:21.0041 1740 Mode: Manual;

22:58:21.0041 1740 ============================================================

22:58:23.0539 1740 ================ Scan system memory ========================

22:58:23.0539 1740 System memory - ok

22:58:23.0540 1740 ================ Scan services =============================

22:58:23.0745 1740 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

22:58:23.0748 1740 1394ohci - ok

22:58:23.0818 1740 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys

22:58:23.0824 1740 ACPI - ok

22:58:23.0856 1740 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

22:58:23.0858 1740 AcpiPmi - ok

22:58:23.0995 1740 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

22:58:24.0001 1740 AdobeFlashPlayerUpdateSvc - ok

22:58:24.0067 1740 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

22:58:24.0078 1740 adp94xx - ok

22:58:24.0105 1740 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

22:58:24.0113 1740 adpahci - ok

22:58:24.0138 1740 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

22:58:24.0143 1740 adpu320 - ok

22:58:24.0176 1740 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

22:58:24.0179 1740 AeLookupSvc - ok

22:58:24.0253 1740 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys

22:58:24.0264 1740 AFD - ok

22:58:24.0316 1740 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys

22:58:24.0319 1740 agp440 - ok

22:58:24.0367 1740 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys

22:58:24.0369 1740 aic78xx - ok

22:58:24.0674 1740 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files\common files\akamai/netsession_win_ca0e279.dll

22:58:24.0675 1740 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE

22:58:24.0688 1740 Akamai ( HiddenFile.Multi.Generic ) - warning

22:58:24.0688 1740 Akamai - detected HiddenFile.Multi.Generic (1)

22:58:24.0728 1740 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe

22:58:24.0730 1740 ALG - ok

22:58:24.0786 1740 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys

22:58:24.0788 1740 aliide - ok

22:58:24.0814 1740 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys

22:58:24.0817 1740 amdagp - ok

22:58:24.0836 1740 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys

22:58:24.0838 1740 amdide - ok

22:58:24.0880 1740 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

22:58:24.0883 1740 AmdK8 - ok

22:58:24.0900 1740 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

22:58:24.0903 1740 AmdPPM - ok

22:58:24.0962 1740 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys

22:58:24.0965 1740 amdsata - ok

22:58:24.0993 1740 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

22:58:24.0998 1740 amdsbs - ok

22:58:25.0015 1740 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys

22:58:25.0017 1740 amdxata - ok

22:58:25.0119 1740 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll

22:58:25.0121 1740 AppHostSvc - ok

22:58:25.0173 1740 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys

22:58:25.0175 1740 AppID - ok

22:58:25.0206 1740 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll

22:58:25.0208 1740 AppIDSvc - ok

22:58:25.0272 1740 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll

22:58:25.0274 1740 Appinfo - ok

22:58:25.0370 1740 [ 2E3E53A6AEF23E24F402C7855B9B1542 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:58:25.0374 1740 Apple Mobile Device - ok

22:58:25.0427 1740 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll

22:58:25.0432 1740 AppMgmt - ok

22:58:25.0481 1740 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys

22:58:25.0484 1740 arc - ok

22:58:25.0509 1740 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

22:58:25.0512 1740 arcsas - ok

22:58:25.0674 1740 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

22:58:25.0776 1740 aspnet_state - ok

22:58:25.0818 1740 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

22:58:25.0820 1740 AsyncMac - ok

22:58:25.0879 1740 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys

22:58:25.0880 1740 atapi - ok

22:58:26.0001 1740 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

22:58:26.0012 1740 AudioEndpointBuilder - ok

22:58:26.0027 1740 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll

22:58:26.0033 1740 Audiosrv - ok

22:58:26.0087 1740 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll

22:58:26.0089 1740 AxInstSV - ok

22:58:26.0155 1740 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys

22:58:26.0165 1740 b06bdrv - ok

22:58:26.0215 1740 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys

22:58:26.0221 1740 b57nd60x - ok

22:58:26.0274 1740 [ 82DD21BFA8BBE0A3A3833A1BD8E86158 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys

22:58:26.0277 1740 bcm4sbxp - ok

22:58:26.0314 1740 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll

22:58:26.0317 1740 BDESVC - ok

22:58:26.0355 1740 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys

22:58:26.0357 1740 Beep - ok

22:58:26.0430 1740 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll

22:58:26.0443 1740 BFE - ok

22:58:26.0512 1740 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll

22:58:26.0545 1740 BITS - ok

22:58:26.0574 1740 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

22:58:26.0576 1740 blbdrive - ok

22:58:26.0686 1740 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

22:58:26.0694 1740 Bonjour Service - ok

22:58:26.0748 1740 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

22:58:26.0751 1740 bowser - ok

22:58:26.0778 1740 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:58:26.0781 1740 BrFiltLo - ok

22:58:26.0799 1740 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:58:26.0801 1740 BrFiltUp - ok

22:58:26.0867 1740 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll

22:58:26.0870 1740 Browser - ok

22:58:26.0902 1740 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys

22:58:26.0909 1740 Brserid - ok

22:58:26.0934 1740 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

22:58:26.0937 1740 BrSerWdm - ok

22:58:26.0957 1740 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

22:58:26.0959 1740 BrUsbMdm - ok

22:58:26.0981 1740 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

22:58:26.0983 1740 BrUsbSer - ok

22:58:27.0050 1740 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

22:58:27.0052 1740 BthEnum - ok

22:58:27.0084 1740 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

22:58:27.0087 1740 BTHMODEM - ok

22:58:27.0130 1740 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

22:58:27.0132 1740 BthPan - ok

22:58:27.0207 1740 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

22:58:27.0216 1740 BTHPORT - ok

22:58:27.0252 1740 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll

22:58:27.0255 1740 bthserv - ok

22:58:27.0306 1740 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

22:58:27.0308 1740 BTHUSB - ok

22:58:27.0393 1740 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys

22:58:27.0395 1740 btusbflt - ok

22:58:27.0420 1740 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

22:58:27.0424 1740 cdfs - ok

22:58:27.0503 1740 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys

22:58:27.0507 1740 cdrom - ok

22:58:27.0574 1740 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll

22:58:27.0576 1740 CertPropSvc - ok

22:58:27.0622 1740 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys

22:58:27.0624 1740 circlass - ok

22:58:27.0671 1740 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys

22:58:27.0677 1740 CLFS - ok

22:58:27.0743 1740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:58:27.0749 1740 clr_optimization_v2.0.50727_32 - ok

22:58:27.0805 1740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:58:27.0924 1740 clr_optimization_v4.0.30319_32 - ok

22:58:27.0963 1740 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

22:58:27.0966 1740 CmBatt - ok

22:58:28.0016 1740 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys

22:58:28.0018 1740 cmdide - ok

22:58:28.0075 1740 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys

22:58:28.0084 1740 CNG - ok

22:58:28.0119 1740 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

22:58:28.0121 1740 Compbatt - ok

22:58:28.0160 1740 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

22:58:28.0162 1740 CompositeBus - ok

22:58:28.0187 1740 COMSysApp - ok

22:58:28.0216 1740 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

22:58:28.0219 1740 crcdisk - ok

22:58:28.0294 1740 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll

22:58:28.0297 1740 CryptSvc - ok

22:58:28.0357 1740 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys

22:58:28.0367 1740 CSC - ok

22:58:28.0438 1740 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll

22:58:28.0452 1740 CscService - ok

22:58:28.0517 1740 [ 91C1736E77CFF029302728B431D0EEDB ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

22:58:28.0519 1740 dc3d - ok

22:58:28.0553 1740 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll

22:58:28.0569 1740 DcomLaunch - ok

22:58:28.0605 1740 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll

22:58:28.0612 1740 defragsvc - ok

22:58:28.0672 1740 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

22:58:28.0675 1740 DfsC - ok

22:58:28.0754 1740 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll

22:58:28.0761 1740 Dhcp - ok

22:58:28.0781 1740 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys

22:58:28.0782 1740 discache - ok

22:58:28.0832 1740 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys

22:58:28.0835 1740 Disk - ok

22:58:28.0893 1740 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

22:58:28.0898 1740 Dnscache - ok

22:58:28.0948 1740 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll

22:58:28.0954 1740 dot3svc - ok

22:58:29.0010 1740 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll

22:58:29.0015 1740 DPS - ok

22:58:29.0051 1740 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

22:58:29.0053 1740 drmkaud - ok

22:58:29.0120 1740 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

22:58:29.0138 1740 DXGKrnl - ok

22:58:29.0177 1740 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll

22:58:29.0182 1740 EapHost - ok

22:58:29.0340 1740 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys

22:58:29.0463 1740 ebdrv - ok

22:58:29.0506 1740 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe

22:58:29.0508 1740 EFS - ok

22:58:29.0596 1740 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

22:58:29.0608 1740 ehRecvr - ok

22:58:29.0652 1740 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe

22:58:29.0654 1740 ehSched - ok

22:58:29.0691 1740 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

22:58:29.0710 1740 elxstor - ok

22:58:29.0761 1740 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys

22:58:29.0763 1740 ErrDev - ok

22:58:29.0818 1740 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll

22:58:29.0826 1740 EventSystem - ok

22:58:29.0852 1740 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys

22:58:29.0855 1740 exfat - ok

22:58:29.0883 1740 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys

22:58:29.0886 1740 fastfat - ok

22:58:29.0959 1740 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe

22:58:29.0985 1740 Fax - ok

22:58:30.0023 1740 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

22:58:30.0025 1740 fdc - ok

22:58:30.0047 1740 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll

22:58:30.0050 1740 fdPHost - ok

22:58:30.0068 1740 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll

22:58:30.0071 1740 FDResPub - ok

22:58:30.0089 1740 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

22:58:30.0091 1740 FileInfo - ok

22:58:30.0109 1740 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

22:58:30.0111 1740 Filetrace - ok

22:58:30.0133 1740 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

22:58:30.0135 1740 flpydisk - ok

22:58:30.0167 1740 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

22:58:30.0171 1740 FltMgr - ok

22:58:30.0264 1740 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll

22:58:30.0315 1740 FontCache - ok

22:58:30.0374 1740 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

22:58:30.0378 1740 FontCache3.0.0.0 - ok

22:58:30.0414 1740 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

22:58:30.0416 1740 FsDepends - ok

22:58:30.0464 1740 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

22:58:30.0466 1740 Fs_Rec - ok

22:58:30.0530 1740 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

22:58:30.0534 1740 fvevol - ok

22:58:30.0565 1740 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

22:58:30.0568 1740 gagp30kx - ok

22:58:30.0632 1740 [ 86D3D834D35EBE920D85FFEDCEF79FAF ] GemCCID C:\Windows\system32\Drivers\GemCCID.sys

22:58:30.0635 1740 GemCCID - ok

22:58:30.0698 1740 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll

22:58:30.0732 1740 gpsvc - ok

22:58:30.0781 1740 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

22:58:30.0783 1740 hcw85cir - ok

22:58:30.0854 1740 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

22:58:30.0861 1740 HdAudAddService - ok

22:58:30.0892 1740 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

22:58:30.0895 1740 HDAudBus - ok

22:58:30.0919 1740 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

22:58:30.0921 1740 HidBatt - ok

22:58:30.0943 1740 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

22:58:30.0946 1740 HidBth - ok

22:58:30.0988 1740 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

22:58:30.0991 1740 HidIr - ok

22:58:31.0025 1740 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll

22:58:31.0028 1740 hidserv - ok

22:58:31.0101 1740 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

22:58:31.0103 1740 HidUsb - ok

22:58:31.0155 1740 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll

22:58:31.0160 1740 hkmsvc - ok

22:58:31.0217 1740 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

22:58:31.0225 1740 HomeGroupListener - ok

22:58:31.0277 1740 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

22:58:31.0286 1740 HomeGroupProvider - ok

22:58:31.0328 1740 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

22:58:31.0331 1740 HpSAMD - ok

22:58:31.0425 1740 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

22:58:31.0444 1740 HPSLPSVC - ok

22:58:31.0537 1740 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

22:58:31.0581 1740 HSF_DPV - ok

22:58:31.0622 1740 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

22:58:31.0627 1740 HSXHWAZL - ok

22:58:31.0685 1740 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys

22:58:31.0687 1740 HTCAND32 - ok

22:58:31.0761 1740 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys

22:58:31.0775 1740 HTTP - ok

22:58:31.0824 1740 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

22:58:31.0825 1740 hwpolicy - ok

22:58:31.0896 1740 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

22:58:31.0899 1740 i8042prt - ok

22:58:31.0938 1740 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

22:58:31.0946 1740 iaStorV - ok

22:58:32.0078 1740 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

22:58:32.0082 1740 IDriverT - ok

22:58:32.0180 1740 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

22:58:32.0240 1740 idsvc - ok

22:58:32.0278 1740 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

22:58:32.0280 1740 iirsp - ok

22:58:32.0314 1740 [ FC9735B66850CF8AEBBC1E207ECB2AD8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe

22:58:32.0315 1740 IISADMIN - ok

22:58:32.0393 1740 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll

22:58:32.0428 1740 IKEEXT - ok

22:58:32.0486 1740 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys

22:58:32.0488 1740 intelide - ok

22:58:32.0513 1740 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

22:58:32.0514 1740 intelppm - ok

22:58:32.0541 1740 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

22:58:32.0544 1740 IPBusEnum - ok

22:58:32.0568 1740 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:58:32.0570 1740 IpFilterDriver - ok

22:58:32.0630 1740 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

22:58:32.0654 1740 iphlpsvc - ok

22:58:32.0700 1740 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

22:58:32.0703 1740 IPMIDRV - ok

22:58:32.0725 1740 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys

22:58:32.0729 1740 IPNAT - ok

22:58:32.0773 1740 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys

22:58:32.0775 1740 IRENUM - ok

22:58:32.0801 1740 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys

22:58:32.0803 1740 isapnp - ok

22:58:32.0859 1740 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

22:58:32.0865 1740 iScsiPrt - ok

22:58:32.0934 1740 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

22:58:32.0937 1740 kbdclass - ok

22:58:32.0997 1740 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

22:58:32.0999 1740 kbdhid - ok

22:58:33.0015 1740 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe

22:58:33.0019 1740 KeyIso - ok

22:58:33.0078 1740 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

22:58:33.0081 1740 KSecDD - ok

22:58:33.0104 1740 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

22:58:33.0108 1740 KSecPkg - ok

22:58:33.0148 1740 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll

22:58:33.0159 1740 KtmRm - ok

22:58:33.0181 1740 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll

22:58:33.0187 1740 LanmanServer - ok

22:58:33.0237 1740 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

22:58:33.0246 1740 LanmanWorkstation - ok

22:58:33.0315 1740 [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0 C:\Windows\system32\drivers\libusb0.sys

22:58:33.0317 1740 libusb0 - ok

22:58:33.0358 1740 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

22:58:33.0361 1740 lltdio - ok

22:58:33.0395 1740 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll

22:58:33.0403 1740 lltdsvc - ok

22:58:33.0421 1740 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll

22:58:33.0425 1740 lmhosts - ok

22:58:33.0457 1740 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

22:58:33.0460 1740 LSI_FC - ok

22:58:33.0475 1740 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

22:58:33.0478 1740 LSI_SAS - ok

22:58:33.0498 1740 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:58:33.0500 1740 LSI_SAS2 - ok

22:58:33.0517 1740 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:58:33.0519 1740 LSI_SCSI - ok

22:58:33.0539 1740 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys

22:58:33.0541 1740 luafv - ok

22:58:33.0587 1740 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

22:58:33.0591 1740 Mcx2Svc - ok

22:58:33.0608 1740 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

22:58:33.0610 1740 mdmxsdk - ok

22:58:33.0627 1740 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

22:58:33.0628 1740 megasas - ok

22:58:33.0666 1740 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

22:58:33.0671 1740 MegaSR - ok

22:58:33.0774 1740 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

22:58:33.0777 1740 Microsoft Office Groove Audit Service - ok

22:58:33.0812 1740 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll

22:58:33.0817 1740 MMCSS - ok

22:58:33.0831 1740 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys

22:58:33.0832 1740 Modem - ok

22:58:33.0867 1740 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

22:58:33.0868 1740 monitor - ok

22:58:33.0893 1740 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

22:58:33.0895 1740 mouclass - ok

22:58:33.0927 1740 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

22:58:33.0929 1740 mouhid - ok

22:58:33.0984 1740 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

22:58:33.0986 1740 mountmgr - ok

22:58:34.0046 1740 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys

22:58:34.0050 1740 mpio - ok

22:58:34.0070 1740 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

22:58:34.0073 1740 mpsdrv - ok

22:58:34.0143 1740 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll

22:58:34.0161 1740 MpsSvc - ok

22:58:34.0215 1740 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

22:58:34.0219 1740 MRxDAV - ok

22:58:34.0281 1740 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

22:58:34.0286 1740 mrxsmb - ok

22:58:34.0306 1740 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:58:34.0313 1740 mrxsmb10 - ok

22:58:34.0333 1740 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:58:34.0337 1740 mrxsmb20 - ok

22:58:34.0362 1740 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys

22:58:34.0364 1740 msahci - ok

22:58:34.0516 1740 [ EC97D9456CFB771D11C0A21613CD78D3 ] MSCOMGeoInfoService C:\Program Files\Microsoft\MSCOMGeoSystem\MSCOMGeoInfoServer.exe

22:58:34.0518 1740 MSCOMGeoInfoService - ok

22:58:34.0542 1740 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys

22:58:34.0547 1740 msdsm - ok

22:58:34.0566 1740 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe

22:58:34.0570 1740 MSDTC - ok

22:58:34.0607 1740 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys

22:58:34.0608 1740 Msfs - ok

22:58:34.0622 1740 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

22:58:34.0623 1740 mshidkmdf - ok

22:58:34.0646 1740 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

22:58:34.0647 1740 msisadrv - ok

22:58:34.0693 1740 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

22:58:34.0697 1740 MSiSCSI - ok

22:58:34.0701 1740 msiserver - ok

22:58:34.0725 1740 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

22:58:34.0726 1740 MSKSSRV - ok

22:58:34.0738 1740 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

22:58:34.0739 1740 MSPCLOCK - ok

22:58:34.0744 1740 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

22:58:34.0745 1740 MSPQM - ok

22:58:34.0765 1740 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

22:58:34.0769 1740 MsRPC - ok

22:58:34.0783 1740 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

22:58:34.0784 1740 mssmbios - ok

22:58:34.0800 1740 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

22:58:34.0801 1740 MSTEE - ok

22:58:35.0065 1740 [ 4F06D526E882E02A57A76209F6653B82 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe

22:58:35.0192 1740 msvsmon90 - ok

22:58:35.0232 1740 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

22:58:35.0234 1740 MTConfig - ok

22:58:35.0254 1740 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys

22:58:35.0256 1740 Mup - ok

22:58:35.0313 1740 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll

22:58:35.0326 1740 napagent - ok

22:58:35.0382 1740 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

22:58:35.0389 1740 NativeWifiP - ok

22:58:35.0462 1740 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys

22:58:35.0479 1740 NDIS - ok

22:58:35.0499 1740 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

22:58:35.0501 1740 NdisCap - ok

22:58:35.0537 1740 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

22:58:35.0539 1740 NdisTapi - ok

22:58:35.0585 1740 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

22:58:35.0586 1740 Ndisuio - ok

22:58:35.0642 1740 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

22:58:35.0647 1740 NdisWan - ok

22:58:35.0701 1740 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

22:58:35.0704 1740 NDProxy - ok

22:58:35.0765 1740 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

22:58:35.0768 1740 Net Driver HPZ12 - ok

22:58:35.0783 1740 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

22:58:35.0785 1740 NetBIOS - ok

22:58:35.0845 1740 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

22:58:35.0850 1740 NetBT - ok

22:58:35.0876 1740 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe

22:58:35.0880 1740 Netlogon - ok

22:58:35.0927 1740 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll

22:58:35.0936 1740 Netman - ok

22:58:35.0997 1740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:58:36.0017 1740 NetMsmqActivator - ok

22:58:36.0025 1740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:58:36.0027 1740 NetPipeActivator - ok

22:58:36.0063 1740 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll

22:58:36.0075 1740 netprofm - ok

22:58:36.0085 1740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:58:36.0087 1740 NetTcpActivator - ok

22:58:36.0092 1740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

22:58:36.0094 1740 NetTcpPortSharing - ok

22:58:36.0248 1740 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys

22:58:36.0397 1740 netw5v32 - ok

22:58:36.0429 1740 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

22:58:36.0430 1740 nfrd960 - ok

22:58:36.0484 1740 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll

22:58:36.0493 1740 NlaSvc - ok

22:58:36.0514 1740 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys

22:58:36.0516 1740 Npfs - ok

22:58:36.0543 1740 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll

22:58:36.0548 1740 nsi - ok

22:58:36.0565 1740 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

22:58:36.0566 1740 nsiproxy - ok

22:58:36.0662 1740 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

22:58:36.0714 1740 Ntfs - ok

22:58:36.0790 1740 [ EF2B9A14EC5DD74ADE3417FAF1B45E16 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

22:58:36.0792 1740 NuidFltr - ok

22:58:36.0799 1740 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys

22:58:36.0801 1740 Null - ok

22:58:37.0084 1740 [ 05B288B25C2EBD9A4E9E5114AE790876 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:58:37.0338 1740 nvlddmkm - ok

22:58:37.0390 1740 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys

22:58:37.0393 1740 nvraid - ok

22:58:37.0411 1740 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys

22:58:37.0414 1740 nvstor - ok

22:58:37.0448 1740 [ E937A615D4289E83E234C3EC26092431 ] nvsvc C:\Windows\system32\nvvsvc.exe

22:58:37.0454 1740 nvsvc - ok

22:58:37.0506 1740 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

22:58:37.0510 1740 nv_agp - ok

22:58:37.0628 1740 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:58:37.0635 1740 odserv - ok

22:58:37.0682 1740 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

22:58:37.0686 1740 ohci1394 - ok

22:58:37.0736 1740 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:58:37.0740 1740 ose - ok

22:58:37.0780 1740 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

22:58:37.0786 1740 p2pimsvc - ok

22:58:37.0807 1740 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll

22:58:37.0814 1740 p2psvc - ok

22:58:37.0839 1740 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys

22:58:37.0841 1740 Parport - ok

22:58:37.0889 1740 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys

22:58:37.0892 1740 partmgr - ok

22:58:37.0914 1740 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

22:58:37.0916 1740 Parvdm - ok

22:58:37.0938 1740 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll

22:58:37.0943 1740 PcaSvc - ok

22:58:37.0961 1740 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys

22:58:37.0965 1740 pci - ok

22:58:38.0021 1740 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys

22:58:38.0023 1740 pciide - ok

22:58:38.0049 1740 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

22:58:38.0055 1740 pcmcia - ok

22:58:38.0091 1740 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys

22:58:38.0093 1740 pcw - ok

22:58:38.0141 1740 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys

22:58:38.0157 1740 PEAUTH - ok

22:58:38.0235 1740 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

22:58:38.0278 1740 PeerDistSvc - ok

22:58:38.0391 1740 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll

22:58:38.0468 1740 pla - ok

22:58:38.0561 1740 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

22:58:38.0573 1740 PlugPlay - ok

22:58:38.0599 1740 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

22:58:38.0602 1740 Pml Driver HPZ12 - ok

22:58:38.0621 1740 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

22:58:38.0625 1740 PNRPAutoReg - ok

22:58:38.0645 1740 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

22:58:38.0649 1740 PNRPsvc - ok

22:58:38.0684 1740 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys

22:58:38.0686 1740 Point32 - ok

22:58:38.0735 1740 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

22:58:38.0747 1740 PolicyAgent - ok

22:58:38.0807 1740 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll

22:58:38.0813 1740 Power - ok

22:58:38.0847 1740 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

22:58:38.0850 1740 PptpMiniport - ok

22:58:38.0875 1740 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys

22:58:38.0878 1740 Processor - ok

22:58:38.0948 1740 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll

22:58:38.0956 1740 ProfSvc - ok

22:58:38.0970 1740 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe

22:58:38.0974 1740 ProtectedStorage - ok

22:58:39.0007 1740 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys

22:58:39.0010 1740 Psched - ok

22:58:39.0080 1740 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

22:58:39.0141 1740 ql2300 - ok

22:58:39.0178 1740 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

22:58:39.0181 1740 ql40xx - ok

22:58:39.0217 1740 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll

22:58:39.0223 1740 QWAVE - ok

22:58:39.0242 1740 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

22:58:39.0244 1740 QWAVEdrv - ok

22:58:39.0264 1740 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

22:58:39.0265 1740 RasAcd - ok

22:58:39.0308 1740 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

22:58:39.0310 1740 RasAgileVpn - ok

22:58:39.0340 1740 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll

22:58:39.0344 1740 RasAuto - ok

22:58:39.0364 1740 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

22:58:39.0366 1740 Rasl2tp - ok

22:58:39.0432 1740 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll

22:58:39.0443 1740 RasMan - ok

22:58:39.0461 1740 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

22:58:39.0464 1740 RasPppoe - ok

22:58:39.0480 1740 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

22:58:39.0482 1740 RasSstp - ok

22:58:39.0536 1740 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

22:58:39.0542 1740 rdbss - ok

22:58:39.0569 1740 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

22:58:39.0572 1740 rdpbus - ok

22:58:39.0626 1740 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

22:58:39.0627 1740 RDPCDD - ok

22:58:39.0685 1740 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

22:58:39.0689 1740 RDPDR - ok

22:58:39.0712 1740 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

22:58:39.0713 1740 RDPENCDD - ok

22:58:39.0728 1740 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

22:58:39.0728 1740 RDPREFMP - ok

22:58:39.0795 1740 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

22:58:39.0797 1740 RdpVideoMiniport - ok

22:58:39.0853 1740 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

22:58:39.0858 1740 RDPWD - ok

22:58:39.0916 1740 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

22:58:39.0922 1740 rdyboost - ok

22:58:39.0957 1740 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll

22:58:39.0962 1740 RemoteAccess - ok

22:58:40.0014 1740 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll

22:58:40.0022 1740 RemoteRegistry - ok

22:58:40.0074 1740 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

22:58:40.0078 1740 RFCOMM - ok

22:58:40.0134 1740 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys

22:58:40.0137 1740 rimmptsk - ok

22:58:40.0199 1740 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys

22:58:40.0201 1740 rimsptsk - ok

22:58:40.0251 1740 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys

22:58:40.0253 1740 rismxdp - ok

22:58:40.0289 1740 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

22:58:40.0295 1740 RpcEptMapper - ok

22:58:40.0323 1740 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe

22:58:40.0327 1740 RpcLocator - ok

22:58:40.0355 1740 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll

22:58:40.0364 1740 RpcSs - ok

22:58:40.0410 1740 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

22:58:40.0413 1740 rspndr - ok

22:58:40.0460 1740 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

22:58:40.0463 1740 s3cap - ok

22:58:40.0484 1740 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe

22:58:40.0488 1740 SamSs - ok

22:58:40.0517 1740 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

22:58:40.0520 1740 sbp2port - ok

22:58:40.0565 1740 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll

22:58:40.0573 1740 SCardSvr - ok

22:58:40.0612 1740 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

22:58:40.0615 1740 scfilter - ok

22:58:40.0677 1740 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll

22:58:40.0693 1740 Schedule - ok

22:58:40.0748 1740 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll

22:58:40.0749 1740 SCPolicySvc - ok

22:58:40.0781 1740 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys

22:58:40.0784 1740 sdbus - ok

22:58:40.0833 1740 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll

22:58:40.0841 1740 SDRSVC - ok

22:58:40.0876 1740 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

22:58:40.0878 1740 secdrv - ok

22:58:40.0907 1740 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll

22:58:40.0911 1740 seclogon - ok

22:58:40.0925 1740 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll

22:58:40.0930 1740 SENS - ok

22:58:40.0962 1740 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll

22:58:40.0967 1740 SensrSvc - ok

22:58:41.0002 1740 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

22:58:41.0004 1740 Serenum - ok

22:58:41.0023 1740 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys

22:58:41.0026 1740 Serial - ok

22:58:41.0072 1740 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

22:58:41.0074 1740 sermouse - ok

22:58:41.0157 1740 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll

22:58:41.0165 1740 SessionEnv - ok

22:58:41.0217 1740 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys

22:58:41.0219 1740 sffdisk - ok

22:58:41.0234 1740 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

22:58:41.0237 1740 sffp_mmc - ok

22:58:41.0256 1740 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys

22:58:41.0258 1740 sffp_sd - ok

22:58:41.0290 1740 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

22:58:41.0292 1740 sfloppy - ok

22:58:41.0333 1740 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll

22:58:41.0343 1740 SharedAccess - ok

22:58:41.0401 1740 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

22:58:41.0413 1740 ShellHWDetection - ok

22:58:41.0455 1740 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys

22:58:41.0458 1740 sisagp - ok

22:58:41.0486 1740 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:58:41.0489 1740 SiSRaid2 - ok

22:58:41.0513 1740 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

22:58:41.0516 1740 SiSRaid4 - ok

22:58:41.0547 1740 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys

22:58:41.0549 1740 Smb - ok

22:58:41.0599 1740 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

22:58:41.0604 1740 SNMPTRAP - ok

22:58:41.0616 1740 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys

22:58:41.0618 1740 spldr - ok

22:58:41.0676 1740 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe

22:58:41.0688 1740 Spooler - ok

22:58:41.0816 1740 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe

22:58:41.0936 1740 sppsvc - ok

22:58:41.0985 1740 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll

22:58:41.0989 1740 sppuinotify - ok

22:58:42.0044 1740 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys

22:58:42.0052 1740 srv - ok

22:58:42.0075 1740 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

22:58:42.0082 1740 srv2 - ok

22:58:42.0133 1740 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS

22:58:42.0137 1740 SrvHsfHDA - ok

22:58:42.0187 1740 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS

22:58:42.0230 1740 SrvHsfV92 - ok

22:58:42.0271 1740 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

22:58:42.0305 1740 SrvHsfWinac - ok

22:58:42.0329 1740 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

22:58:42.0332 1740 srvnet - ok

22:58:42.0364 1740 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

22:58:42.0371 1740 SSDPSRV - ok

22:58:42.0404 1740 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll

22:58:42.0410 1740 SstpSvc - ok

22:58:42.0430 1740 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

22:58:42.0432 1740 stexstor - ok

22:58:42.0481 1740 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

22:58:42.0482 1740 StillCam - ok

22:58:42.0543 1740 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll

22:58:42.0561 1740 StiSvc - ok

22:58:42.0605 1740 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

22:58:42.0607 1740 storflt - ok

22:58:42.0650 1740 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys

22:58:42.0652 1740 storvsc - ok

22:58:42.0697 1740 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys

22:58:42.0699 1740 swenum - ok

22:58:42.0731 1740 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll

22:58:42.0744 1740 swprv - ok

22:58:42.0772 1740 Synth3dVsc - ok

22:58:42.0841 1740 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

22:58:42.0846 1740 SynTP - ok

22:58:42.0940 1740 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll

22:58:42.0993 1740 SysMain - ok

22:58:43.0046 1740 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll

22:58:43.0054 1740 TabletInputService - ok

22:58:43.0113 1740 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll

22:58:43.0124 1740 TapiSrv - ok

22:58:43.0154 1740 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll

22:58:43.0161 1740 TBS - ok

22:58:43.0257 1740 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

22:58:43.0269 1740 Tcpip - ok

22:58:43.0335 1740 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

22:58:43.0344 1740 TCPIP6 - ok

22:58:43.0395 1740 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

22:58:43.0397 1740 tcpipreg - ok

22:58:43.0443 1740 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

22:58:43.0446 1740 TDPIPE - ok

22:58:43.0492 1740 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

22:58:43.0494 1740 TDTCP - ok

22:58:43.0543 1740 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

22:58:43.0547 1740 tdx - ok

22:58:43.0592 1740 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys

22:58:43.0595 1740 TermDD - ok

22:58:43.0669 1740 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll

22:58:43.0688 1740 TermService - ok

22:58:43.0718 1740 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll

22:58:43.0724 1740 Themes - ok

22:58:43.0743 1740 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll

22:58:43.0748 1740 THREADORDER - ok

22:58:43.0781 1740 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll

22:58:43.0785 1740 TrkWks - ok

22:58:43.0865 1740 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

22:58:43.0870 1740 TrustedInstaller - ok

22:58:43.0927 1740 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

22:58:43.0928 1740 tssecsrv - ok

22:58:43.0978 1740 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

22:58:43.0981 1740 TsUsbFlt - ok

22:58:43.0987 1740 tsusbhub - ok

22:58:44.0061 1740 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

22:58:44.0065 1740 tunnel - ok

22:58:44.0096 1740 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

22:58:44.0099 1740 uagp35 - ok

22:58:44.0148 1740 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys

22:58:44.0155 1740 udfs - ok

22:58:44.0190 1740 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

22:58:44.0197 1740 UI0Detect - ok

22:58:44.0231 1740 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

22:58:44.0234 1740 uliagpkx - ok

22:58:44.0296 1740 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys

22:58:44.0299 1740 umbus - ok

22:58:44.0317 1740 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

22:58:44.0319 1740 UmPass - ok

22:58:44.0372 1740 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll

22:58:44.0382 1740 UmRdpService - ok

22:58:44.0408 1740 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll

22:58:44.0419 1740 upnphost - ok

22:58:44.0463 1740 [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

22:58:44.0466 1740 USBAAPL - ok

22:58:44.0515 1740 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

22:58:44.0519 1740 usbccgp - ok

22:58:44.0573 1740 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys

22:58:44.0576 1740 usbcir - ok

22:58:44.0620 1740 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

22:58:44.0623 1740 usbehci - ok

22:58:44.0665 1740 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

22:58:44.0672 1740 usbhub - ok

22:58:44.0694 1740 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys

22:58:44.0697 1740 usbohci - ok

22:58:44.0740 1740 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

22:58:44.0743 1740 usbprint - ok

22:58:44.0795 1740 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

22:58:44.0797 1740 usbscan - ok

22:58:44.0809 1740 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:58:44.0812 1740 USBSTOR - ok

22:58:44.0820 1740 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

22:58:44.0823 1740 usbuhci - ok

22:58:44.0876 1740 [ FE8A57C8E04EDD3AA8ADD8F3C8F65297 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys

22:58:44.0878 1740 USB_RNDIS - ok

22:58:44.0912 1740 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll

22:58:44.0919 1740 UxSms - ok

22:58:44.0935 1740 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe

22:58:44.0938 1740 VaultSvc - ok

22:58:44.0966 1740 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

22:58:44.0969 1740 vdrvroot - ok

22:58:45.0026 1740 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe

22:58:45.0052 1740 vds - ok

22:58:45.0100 1740 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

22:58:45.0102 1740 vga - ok

22:58:45.0127 1740 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys

22:58:45.0129 1740 VgaSave - ok

22:58:45.0139 1740 VGPU - ok

22:58:45.0192 1740 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

22:58:45.0197 1740 vhdmp - ok

22:58:45.0233 1740 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys

22:58:45.0236 1740 viaagp - ok

22:58:45.0257 1740 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys

22:58:45.0259 1740 ViaC7 - ok

22:58:45.0301 1740 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys

22:58:45.0304 1740 viaide - ok

22:58:45.0355 1740 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys

22:58:45.0361 1740 vmbus - ok

22:58:45.0379 1740 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

22:58:45.0382 1740 VMBusHID - ok

22:58:45.0402 1740 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys

22:58:45.0405 1740 volmgr - ok

22:58:45.0436 1740 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

22:58:45.0443 1740 volmgrx - ok

22:58:45.0471 1740 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys

22:58:45.0480 1740 volsnap - ok

22:58:45.0500 1740 vpnva - ok

22:58:45.0531 1740 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

22:58:45.0536 1740 vsmraid - ok

22:58:45.0648 1740 [ 0BD123313159CB8963D7A0404F7D96A5 ] VSPerfDrv90 C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys

22:58:45.0653 1740 VSPerfDrv90 - ok

22:58:45.0737 1740 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe

22:58:45.0789 1740 VSS - ok

22:58:45.0810 1740 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

22:58:45.0811 1740 vwifibus - ok

22:58:45.0860 1740 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll

22:58:45.0869 1740 W32Time - ok

22:58:45.0983 1740 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll

22:58:45.0991 1740 W3SVC - ok

22:58:46.0022 1740 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

22:58:46.0024 1740 WacomPen - ok

22:58:46.0090 1740 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

22:58:46.0093 1740 WANARP - ok

22:58:46.0099 1740 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

22:58:46.0101 1740 Wanarpv6 - ok

22:58:46.0136 1740 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll

22:58:46.0139 1740 WAS - ok

22:58:46.0245 1740 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

22:58:46.0321 1740 WatAdminSvc - ok

22:58:46.0402 1740 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe

22:58:46.0463 1740 wbengine - ok

22:58:46.0503 1740 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

22:58:46.0511 1740 WbioSrvc - ok

22:58:46.0557 1740 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll

22:58:46.0569 1740 wcncsvc - ok

22:58:46.0590 1740 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

22:58:46.0594 1740 WcsPlugInService - ok

22:58:46.0616 1740 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys

22:58:46.0617 1740 Wd - ok

22:58:46.0681 1740 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

22:58:46.0706 1740 Wdf01000 - ok

22:58:46.0723 1740 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll

22:58:46.0730 1740 WdiServiceHost - ok

22:58:46.0735 1740 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll

22:58:46.0740 1740 WdiSystemHost - ok

22:58:46.0780 1740 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll

22:58:46.0789 1740 WebClient - ok

22:58:46.0869 1740 [ 2331F2C931C47B0325E34FC0688F5FEB ] WebUpdate4 C:\Windows\system32\WebUpdateSvc4.exe

22:58:46.0882 1740 WebUpdate4 - ok

22:58:46.0911 1740 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll

22:58:46.0921 1740 Wecsvc - ok

22:58:46.0938 1740 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll

22:58:46.0944 1740 wercplsupport - ok

22:58:46.0976 1740 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll

22:58:46.0982 1740 WerSvc - ok

22:58:47.0016 1740 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

22:58:47.0018 1740 WfpLwf - ok

22:58:47.0038 1740 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys

22:58:47.0040 1740 WIMMount - ok

22:58:47.0101 1740 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

22:58:47.0119 1740 winachsf - ok

22:58:47.0191 1740 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

22:58:47.0226 1740 WinDefend - ok

22:58:47.0239 1740 WinHttpAutoProxySvc - ok

22:58:47.0296 1740 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

22:58:47.0300 1740 Winmgmt - ok

22:58:47.0391 1740 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll

22:58:47.0452 1740 WinRM - ok

22:58:47.0520 1740 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

22:58:47.0523 1740 WinUsb - ok

22:58:47.0576 1740 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll

22:58:47.0619 1740 Wlansvc - ok

22:58:47.0782 1740 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:58:47.0850 1740 wlidsvc - ok

22:58:47.0912 1740 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

22:58:47.0914 1740 WmiAcpi - ok

22:58:47.0959 1740 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

22:58:47.0966 1740 wmiApSrv - ok

22:58:48.0081 1740 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

22:58:48.0125 1740 WMPNetworkSvc - ok

22:58:48.0160 1740 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll

22:58:48.0165 1740 WPCSvc - ok

22:58:48.0207 1740 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

22:58:48.0215 1740 WPDBusEnum - ok

22:58:48.0237 1740 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

22:58:48.0239 1740 ws2ifsl - ok

22:58:48.0260 1740 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll

22:58:48.0269 1740 wscsvc - ok

22:58:48.0325 1740 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

22:58:48.0328 1740 WSDPrintDevice - ok

22:58:48.0334 1740 WSearch - ok

22:58:48.0449 1740 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

22:58:48.0530 1740 wuauserv - ok

22:58:48.0586 1740 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

22:58:48.0588 1740 WudfPf - ok

22:58:48.0630 1740 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

22:58:48.0635 1740 WUDFRd - ok

22:58:48.0688 1740 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

22:58:48.0696 1740 wudfsvc - ok

22:58:48.0751 1740 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll

22:58:48.0764 1740 WwanSvc - ok

22:58:48.0792 1740 ================ Scan global ===============================

22:58:48.0847 1740 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll

22:58:48.0896 1740 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:58:48.0912 1740 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll

22:58:48.0950 1740 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll

22:58:48.0969 1740 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe

22:58:48.0979 1740 [Global] - ok

22:58:48.0980 1740 ================ Scan MBR ==================================

22:58:48.0992 1740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

22:58:49.0198 1740 \Device\Harddisk0\DR0 - ok

22:58:49.0199 1740 ================ Scan VBR ==================================

22:58:49.0205 1740 [ 6DB2EB878209B48A1CE6B172D31A532F ] \Device\Harddisk0\DR0\Partition1

22:58:49.0208 1740 \Device\Harddisk0\DR0\Partition1 - ok

22:58:49.0220 1740 [ 6840C4BC03C16853F87BEE897DFB2AB9 ] \Device\Harddisk0\DR0\Partition2

22:58:49.0222 1740 \Device\Harddisk0\DR0\Partition2 - ok

22:58:49.0223 1740 ============================================================

22:58:49.0223 1740 Scan finished

22:58:49.0223 1740 ============================================================

22:58:49.0239 3336 Detected object count: 1

22:58:49.0240 3336 Actual detected object count: 1

Link to post
Share on other sites

No worries, I appreciate it. I've attached all the log files. MBAR ran through once and found something, I cleaned it up and ran it again, that's why there's 2 MBAR log files attached.

Everything seems to have ran smoothly and the checkup.txt isn't attached because it was just an empty file when all said and done.

I'll go ahead and reboot and see how the system reacts. Thanks!!

mbar-log-2013-06-13 (23-05-53).txt

mbar-log-2013-06-13 (23-38-18).txt

system-log.txt

ComboFix.txt

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

78340552

File::

C:\Windows\System32\Drivers\78340552.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Link to post
Share on other sites

Your system looks a whole lot better. Please run the following scans to see what else needs cleaning:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

BTW, I sent you a donation earlier, appreciate the help!

Thank you very much! :)

Should my machine be all set now?

Still have a little more to do, but we're nearly there.

----------Step 1----------------

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
    :OTL
    [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]


  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

----------Step 2----------------

Instructions for DELETE:

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

Afterwards, please reboot the computer.

----------Step 3----------------

Please post the OTL and AdwCleaner reports in your next reply. How are things running now?

Link to post
Share on other sites

I'll include the instructions below:

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

I think the developer is having some issues, so I'll just move on. :)

(Just keep your programs such as Java, Adobe Reader, Adobe Flash Player, and any web browsers up-to-date at all times. Outdated software leaves you vulnerable to malware.)

-----------

Your logs appear to be clean, and unless there are any other issues, I will now provide you with some steps to better protect your computer.

First, however we need to remove ComboFix.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------------

Let's remove OTL and the other tools we used as well:

  • Reopen otlicon.png on your desktop.
  • Click on cleanup.png
  • You will be prompted to reboot your system. Please do so.

-------------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

-------------------

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Microsoft Security Essentials

-------------------

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

-------------------

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

-------------------

Please keep your security programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time.

-------------------

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

-------------------

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

-------------------

For more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

-------------------

I would grateful if you could reply to this post so that I know you have read it and, if you have no other questions, the thread can then be closed.

I will leave the thread open for a few more days. If you need anything, just come back here and let me know. After that time you will have to send me a PM.

-DFB

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.