1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan infection preventing boot (scvhost.exe)

Discussion in 'Virus & Other Malware Removal' started by Timmeh!, Feb 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Greetings everyone. Thanks in advance for any help!

    Our PC has been showing erratic behavior, including problems booting up. MBAM is detecting svchost.exe attempting to regularly hit various IP addresses. Re-booting after the MBAM check does not fix the problem.

    Here are the specs on the machine:
    Dell XPS L502X
    Intel Core i5-2410M
    6 GB RAM
    64 bit system
    Windows 7

    Here is our MBAM log:
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.02.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Zeynep :: ZEYNEP-PC [administrator]

    Protection: Enabled

    2/3/2012 9:33:52 AM
    mbam-log-2012-02-03 (09-33-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211123
    Time elapsed: 15 minute(s),

    Memory Processes Detected: 2
    C:\Windows\svchost.exe (Trojan.Agent) -> 7956 -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> 7964 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  2. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Here is the Hijack This Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:05:17 AM, on 2/3/2012
    Platform: Unknown Windows (WinNT 6.01.3505 SP1)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Ares\Ares.exe
    C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
    C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
    C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Zeynep\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Fantapper - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    O4 - HKLM\..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
    O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Zeynep\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [googletalk] C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-1213244044-3777014464-1362229086-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1213244044-3777014464-1362229086-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: Dropbox.lnk = C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Fantapper - {AB745E88-1BAD-4B80-A83E-7C964EAC9804} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O13 - Gopher Prefix:
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {79B9399C-6B30-43DC-BA89-7BA3F9459B12} (BznAtx Class) - http://video.englishunt.com//BizNuri/Web/resource/BznAtx.cab
    O16 - DPF: {A5261EF0-76F0-4D9C-891C-56813163D9DA} (KoinoLoader Control) - https://822.co.kr/download/_cab/KoinoLoader.cab
    O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Fantapper Player Update Service (FTSvc) - Brand Affinity Technologies - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18650 bytes
     
  3. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Zeynep at 10:10:31 on 2012-02-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.2855 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\AMBSpiE.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Ares\Ares.exe
    C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Memeo\AutoSync\MemeoAutoSync.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Memeo\Memeo Send\MemeoSend.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Users\Zeynep\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = about:blank
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\Zeynep\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
    uRun: [googletalk] C:\Users\Zeynep\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
    mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    StartupFolder: C:\Users\Zeynep\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Zeynep\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    Trusted Zone: rhapsody.com\rhap-app-4-0
    Trusted Zone: rhapsody.com\rhapreg
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {79B9399C-6B30-43DC-BA89-7BA3F9459B12} - hxxp://video.englishunt.com//BizNuri/Web/resource/BznAtx.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {A5261EF0-76F0-4D9C-891C-56813163D9DA} - hxxps://822.co.kr/download/_cab/KoinoLoader.cab
    DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E}\46C696E6B6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CAD1C1E0-559B-47A7-A46F-44EA40F2E88E}\8594149343 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{E505F44B-0194-4397-8F10-A55CAB91EAC7} : DhcpNameServer = 192.168.2.1
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll
    BHO-X64: Fantapper - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
    mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
    mRun-x64: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe --silent
    mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Zeynep\AppData\Roaming\Mozilla\Firefox\Profiles\q6gfishy.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=X-SD&o=13959&locale=en_US&apn_uid=401c9ddc-3d7f-47e1-bfc7-6b49b9dfdb24&apn_ptnrs=SV&apn_sauid=47986647-4D36-4384-AC20-085700D46066&apn_dtid=YYYYYYBFUS&&q=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Zeynep\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Zeynep\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Zeynep\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 7f8a2cbd-a1af-4a67-9657-caa0d08f87a1
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
    FF - user.js: extensions.autoDisableScopes - 14
    FF - user.js: security.csp.enable - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-16 98208]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 FTSvc;Fantapper Player Update Service;C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [2011-12-12 11776]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-1 652360]
    R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-16 1997416]
    R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-15 705856]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-11-29 378472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-15 2656280]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2012-1-25 869216]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 dfmirage;dfmirage;C:\Windows\system32\DRIVERS\dfmirage.sys --> C:\Windows\system32\DRIVERS\dfmirage.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys --> C:\Windows\system32\DRIVERS\appliand.sys [?]
    S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-4-15 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-4-15 79360]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-24 136176]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-4-15 79360]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-02-03 15:04:53 -------- d-----w- C:\Program Files\Trend Micro
    2012-02-03 14:58:27 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\SUPERAntiSpyware.com
    2012-02-03 14:57:47 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-02-03 14:57:46 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-02-03 04:54:13 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7E8E4085-428F-4351-ADC6-2CEAC479E4D3}
    2012-02-03 04:53:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4DECA14E-738F-4007-AD05-D1D6F1633D96}
    2012-02-02 15:47:18 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-02-02 15:41:32 -------- d-----w- C:\Users\Zeynep\AppData\Local\{3A2AB672-9204-4CE1-B38B-9B74D53FF649}
    2012-02-02 15:41:19 -------- d-----w- C:\Users\Zeynep\AppData\Local\{19B05124-01D1-4B46-9718-4533D8B77863}
    2012-02-02 02:35:50 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E7961303-A04C-4DC7-8962-ED31ED852B80}
    2012-02-02 02:35:30 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E658A0F5-1120-4C93-A7F8-F93D353A8983}
    2012-02-01 17:27:04 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\Malwarebytes
    2012-02-01 17:26:55 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
    2012-02-01 17:26:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-01 17:26:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-01 17:26:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-01 15:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2012-02-01 14:54:50 -------- d-----w- C:\Program Files (x86)\NirSoft
    2012-02-01 14:50:37 -------- d-----w- C:\ProgramData\Citrix
    2012-02-01 14:49:38 -------- d-----w- C:\Program Files (x86)\Citrix
    2012-02-01 14:49:24 -------- d-----w- C:\Users\Zeynep\AppData\Local\Citrix
    2012-02-01 14:44:14 103784 ----a-w- C:\Users\Zeynep\GoToAssistDownloadHelper.exe
    2012-02-01 14:34:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{AA9D689D-8BD5-4903-B77E-1F949AD27D70}
    2012-02-01 14:33:48 -------- d-----w- C:\Users\Zeynep\AppData\Local\{62F34D8D-8074-47C3-AA8B-C248D19FCE53}
    2012-01-30 22:23:57 -------- d-----w- C:\Users\Zeynep\AppData\Local\{FA01384E-213C-46DA-9927-22F3F17F805E}
    2012-01-30 22:23:36 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E2CA0EDA-9F61-4B4E-B63B-7C01F8F226A4}
    2012-01-30 21:39:14 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0CAFCB11-E87A-4F40-AAF3-7C6B75AF2E87}
    2012-01-30 21:38:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E991F2F9-3615-4D19-90B5-2282DBEBC33D}
    2012-01-29 14:15:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D0674023-A3DE-42C6-B1EE-7BA58CFFD265}
    2012-01-29 14:14:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4665AA7A-919D-42B9-A029-3678CA02353B}
    2012-01-28 12:23:07 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C2453089-15B3-42FD-809E-8E084DB569C8}
    2012-01-28 12:22:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7A4BE91C-41A2-4FD3-8A27-0E693CC01FAA}
    2012-01-27 21:38:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EF063F78-91DF-4CF7-9BDD-9F88AE3F3F3E}
    2012-01-27 21:37:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D4928D19-552C-4E9A-90B9-86FB4A3592F6}
    2012-01-27 05:39:20 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2012-01-27 05:36:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\Solid State Networks
    2012-01-26 23:13:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B9776364-8822-4AE6-BBFA-257586C03C5B}
    2012-01-26 23:13:23 -------- d-----w- C:\Users\Zeynep\AppData\Local\{71C27033-EA32-49B3-AF8F-78E18D43C770}
    2012-01-26 11:12:59 -------- d-----w- C:\Users\Zeynep\AppData\Local\{D4833C57-7619-468A-906D-41C8B55A55B0}
    2012-01-26 11:12:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0ACEE59A-B911-4C28-85FC-78D7239FB895}
    2012-01-26 01:46:26 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-01-26 01:46:24 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-01-26 01:46:23 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-01-26 01:44:54 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\AVG2012
    2012-01-26 01:44:04 -------- d-----w- C:\ProgramData\AVG2012
    2012-01-26 01:37:54 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\Sammsoft
    2012-01-26 01:24:54 -------- d-----w- C:\Program Files (x86)\ARO 2011
    2012-01-26 01:24:32 -------- d-----w- C:\Program Files (x86)\Ask.com
    2012-01-26 01:24:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\APN
    2012-01-25 23:11:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EA4A87A9-C5FA-4B23-9D7A-4D38C036A067}
    2012-01-25 23:11:08 -------- d-----w- C:\Users\Zeynep\AppData\Local\{894ED09E-2927-40A7-8553-75CE476290B2}
    2012-01-25 07:43:08 -------- d-----w- C:\Users\Zeynep\AppData\Local\{2C0A84A7-85F0-4081-838A-8EE2B6B66C69}
    2012-01-25 07:42:11 -------- d-----w- C:\Users\Zeynep\AppData\Local\{68AA132C-DE41-443E-9CFB-3ED706EF7AAF}
    2012-01-25 07:21:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{9792E9A8-5404-46C4-93FB-F215316EF308}
    2012-01-25 07:20:01 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4DDE4E86-1509-446E-9C0D-2BB92B764C60}
    2012-01-25 07:17:28 20480 ----a-w- C:\Windows\svchost.exe
    2012-01-25 01:27:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C9EC23FE-05A1-41DE-B8BB-BA2F9CE2DE2E}
    2012-01-25 01:27:11 -------- d-----w- C:\Users\Zeynep\AppData\Local\{AC8B5AAD-D473-409C-B286-554D434D3D7E}
    2012-01-24 21:09:15 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B75A600C-6AE7-4C1F-9277-44B491BC0BE7}
    2012-01-24 21:08:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{699FBDFF-402D-41DA-9781-8D7BF5B6E5AF}
    2012-01-24 13:11:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-01-24 13:06:56 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0963E96C-D6CD-4EEB-BE81-3D58F5951F7A}
    2012-01-24 02:07:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E81FF34D-A4A8-4E02-B70C-21EBC458C3E0}
    2012-01-23 06:48:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1544413A-2F69-44D8-A6B0-B051F590FAD5}
    2012-01-23 06:47:41 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E49E559C-6B80-477B-973E-3921494C48A9}
    2012-01-22 18:46:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{A22539E4-C651-4F73-9E6C-A995E99AE3B1}
    2012-01-22 18:45:58 -------- d-----w- C:\Users\Zeynep\AppData\Local\{08BD9FDC-A462-4D2B-A683-7E12DE88AD38}
    2012-01-22 03:30:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\WeatherBug
    2012-01-22 03:30:42 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\WeatherBug
    2012-01-22 03:30:40 -------- d-----w- C:\Program Files (x86)\AWS
    2012-01-22 03:29:17 -------- d--h--w- C:\$AVG
    2012-01-22 03:29:16 -------- d-----w- C:\Program Files (x86)\Brand Affinity Technologies
    2012-01-22 03:28:44 -------- d-----w- C:\Program Files (x86)\Yontoo
    2012-01-22 03:28:43 -------- d-----w- C:\ProgramData\Tarma Installer
    2012-01-22 03:27:31 -------- d-----w- C:\Program Files (x86)\1ClickDownload
    2012-01-21 16:34:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{CD028A22-2F3D-4C62-A821-EBA5DE419DEE}
    2012-01-21 16:34:28 -------- d-----w- C:\Users\Zeynep\AppData\Local\{369407EC-0943-4978-97D9-9412D4E69643}
    2012-01-20 22:37:49 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1954976F-B5EE-4AF0-BD13-595FEF127584}
    2012-01-20 22:37:32 -------- d-----w- C:\Users\Zeynep\AppData\Local\{319D1713-261D-40D9-B406-873EF1258C07}
    2012-01-19 01:20:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{5FF69442-794F-497B-875F-D05DB9D23560}
    2012-01-19 01:20:19 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F3EB3CB5-4621-4590-8B5F-FDBF82DF58E5}
    2012-01-18 09:41:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{A6F80D2B-5FC2-4343-9689-6F2210798BCC}
    2012-01-17 21:38:09 -------- d-----w- C:\Users\Zeynep\AppData\Local\{8002D2EC-3F7E-4F60-8017-2F5BABBECA69}
    2012-01-17 21:37:48 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0A51795F-C7D6-4530-98A8-0421FEAABE75}
    2012-01-17 09:37:24 -------- d-----w- C:\Users\Zeynep\AppData\Local\{540C713B-99F3-4E1E-9F80-EE687093BB99}
    2012-01-17 09:37:06 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F4D98477-9079-4B67-BB4E-D8CAE1C901ED}
    2012-01-16 17:02:17 -------- d-----w- C:\Users\Zeynep\AppData\Local\{BBC88AC9-37E4-4CA4-8482-F75C27BC080D}
    2012-01-16 17:02:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{14A9EC6F-9E35-4420-897B-20F74619639B}
    2012-01-16 00:37:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{4C5965D9-0D5A-412D-AD37-9C6ADAB25D13}
    2012-01-16 00:35:52 -------- d-----w- C:\Users\Zeynep\AppData\Local\{666DB168-B3E5-4797-A829-C0EC2D4E232D}
    2012-01-14 16:35:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{07838171-CC18-4ED4-B51D-F96A7D391595}
    2012-01-14 16:35:04 -------- d-----w- C:\Users\Zeynep\AppData\Local\{06F6BAD6-14A7-4133-BC55-1481867A3944}
    2012-01-14 02:57:39 -------- d-----w- C:\Users\Zeynep\AppData\Local\{E1E40AD0-54CC-4D51-A9D5-0191244B64D7}
    2012-01-14 02:57:16 -------- d-----w- C:\Users\Zeynep\AppData\Local\{633EBFCA-70EE-419F-AC3A-C2DAF382DDCB}
    2012-01-13 14:57:05 -------- d-----w- C:\Users\Zeynep\AppData\Local\{55BF1B65-82EC-4894-9EBD-0360989378FE}
    2012-01-13 10:25:31 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
    2012-01-13 10:25:31 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
    2012-01-13 10:25:31 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
    2012-01-13 10:25:31 43992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozutils.dll
    2012-01-13 02:56:31 -------- d-----w- C:\Users\Zeynep\AppData\Local\{931B6C90-9B2B-4546-98CD-54DE7D8FD93D}
    2012-01-13 02:56:10 -------- d-----w- C:\Users\Zeynep\AppData\Local\{3932BDEB-8C71-46AD-857F-CE0366674D21}
    2012-01-12 18:59:42 -------- d-----w- C:\Users\Zeynep\AppData\Roaming\webex
    2012-01-12 18:59:29 -------- d-----w- C:\ProgramData\WebEx
    2012-01-12 18:59:26 176952 ----a-w- C:\Program Files (x86)\Mozilla Firefox\Plugins\npatgpc.dll
    2012-01-12 14:55:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EBEBBFFA-2F7C-4400-82E0-1FBE40FE597F}
    2012-01-12 14:55:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{2F49F4B0-A252-46F9-8118-D55DD01FA9AA}
    2012-01-12 02:55:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{CAC7A5E0-BAEA-4E90-AD34-BA12C110BAD2}
    2012-01-11 17:17:42 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-11 17:17:42 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-11 17:17:42 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-11 17:17:42 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-11 17:17:40 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-11 17:17:40 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 17:17:40 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-11 17:17:40 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-11 14:26:44 -------- d-----w- C:\Users\Zeynep\AppData\Local\{FE5A4319-6DA6-4117-A9E0-D57E3C04FDE9}
    2012-01-11 14:26:34 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7EDC4DD5-EB2F-4FEA-BFAC-1710A86047FB}
    2012-01-10 21:39:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{028B4245-E2BD-4E97-9617-C1B4765FB232}
    2012-01-10 21:39:02 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7F18F66B-04CB-41B0-B08A-75665A41B6B9}
    2012-01-10 09:38:42 -------- d-----w- C:\Users\Zeynep\AppData\Local\{7BDB3BDE-6C37-4033-B622-2BAD61DD38C5}
    2012-01-10 09:38:22 -------- d-----w- C:\Users\Zeynep\AppData\Local\{9DD52509-D4C0-428D-BAFA-471257BF5843}
    2012-01-09 16:51:34 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C169112C-AA0E-4BBE-BB49-40322C983F4F}
    2012-01-09 16:51:17 -------- d-----w- C:\Users\Zeynep\AppData\Local\{97C73852-D085-4564-B071-2F0380EDC77A}
    2012-01-09 01:35:35 -------- d-----w- C:\Users\Zeynep\AppData\Local\{1D066C76-799A-497D-9820-8E9A8FC5C046}
    2012-01-09 01:35:25 -------- d-----w- C:\Users\Zeynep\AppData\Local\{B8886FC4-2B3F-4D9E-8C16-EFA9464BA7E0}
    2012-01-08 09:17:37 -------- d-----w- C:\Users\Zeynep\AppData\Local\{612043D6-8DB9-4AF8-9825-E616562E96EE}
    2012-01-08 09:17:16 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C3B7EF75-FE5E-4985-A882-C69170625A2F}
    2012-01-07 21:17:00 -------- d-----w- C:\Users\Zeynep\AppData\Local\{0472EB72-3E28-486E-A427-A8CE9BBF9000}
    2012-01-07 21:16:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C4E4DCBB-68CC-429F-959A-25692CE21717}
    2012-01-06 16:35:46 -------- d-----w- C:\Users\Zeynep\AppData\Local\{33DCD9A9-623A-4171-9C8F-F2BCF1E93DC6}
    2012-01-06 01:54:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{BB3A6C36-2819-4B22-85FF-98626877F5ED}
    2012-01-06 01:53:57 -------- d-----w- C:\Users\Zeynep\AppData\Local\{02FEA3DB-3499-40DB-90F1-9DB734C53199}
    2012-01-05 23:57:36 -------- d-----w- C:\Program Files\iPod
    2012-01-05 23:57:35 -------- d-----w- C:\Program Files\iTunes
    2012-01-05 23:57:35 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-01-05 13:23:43 -------- d-----w- C:\Users\Zeynep\AppData\Local\{EB60CAD1-2198-441E-87B2-8414055B8D8C}
    2012-01-05 13:23:21 -------- d-----w- C:\Users\Zeynep\AppData\Local\{6D88665C-ACA2-49F3-8C00-FAC727C646BA}
    2012-01-05 13:13:20 -------- d-----w- C:\Users\Zeynep\AppData\Local\{52B4F2AB-0735-484A-8310-DB73C98E0488}
    2012-01-04 16:57:56 -------- d-----w- C:\Users\Zeynep\AppData\Local\{C1B8CA46-B9DE-4214-A32B-05AC44A657DD}
    2012-01-04 16:57:45 -------- d-----w- C:\Users\Zeynep\AppData\Local\{F36B64EA-314C-43D7-8288-D34C574B0C9F}
    .
    ==================== Find3M ====================
    .
    2012-01-25 07:22:06 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-21 22:01:12 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 10:13:45.00 ===============
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Download RogueKiller (by tigzy) and save direct to your Desktop.

    Quit all programs
    Start RogueKiller.exe [​IMG]
    Wait until Prescan has finished ...
    Click on Scan. Click on Report and copy/paste the content of the notepad

    [​IMG]
     
  5. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Kevin,

    Thanks so much for your help! Here is the scan report:


    RogueKiller V7.0.4 [02/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Zeynep [Admin rights]
    Mode: Scan -- Date : 02/09/2012 03:06:25

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500420AS +++++
    --- User ---
    [MBR] dd6967e897e9549401c89a8d9f38da4a
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
    User != LL1 ... KO!
    --- LL1 ---
    [MBR] 271927eb50298151e6cf3ad586dba11f
    [BSP] a3da7b7c65472fdf352e0865a1105756 : PiHar MBR Code!
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 271927eb50298151e6cf3ad586dba11f
    [BSP] a3da7b7c65472fdf352e0865a1105756 : PiHar MBR Code!
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Continue as follows :-

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK


      [​IMG]

    • If an infected file is detected, the default action will be Cure, click on Continue.


      [​IMG]

    • If a suspicious file is detected, the default action will be Skip, click on Continue.


      [​IMG]

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


      [​IMG]

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Let me see that log...

    Kevin
     
  7. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Done. Here is the log:

    11:28:55.0254 12524 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    11:28:56.0023 12524 ============================================================
    11:28:56.0023 12524 Current date / time: 2012/02/09 11:28:56.0023
    11:28:56.0023 12524 SystemInfo:
    11:28:56.0023 12524
    11:28:56.0023 12524 OS Version: 6.1.7601 ServicePack: 1.0
    11:28:56.0023 12524 Product type: Workstation
    11:28:56.0024 12524 ComputerName: ZEYNEP-PC
    11:28:56.0024 12524 UserName: Zeynep
    11:28:56.0024 12524 Windows directory: C:\Windows
    11:28:56.0024 12524 System windows directory: C:\Windows
    11:28:56.0024 12524 Running under WOW64
    11:28:56.0024 12524 Processor architecture: Intel x64
    11:28:56.0024 12524 Number of processors: 4
    11:28:56.0024 12524 Page size: 0x1000
    11:28:56.0024 12524 Boot type: Normal boot
    11:28:56.0024 12524 ============================================================
    11:28:56.0605 12524 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:28:56.0617 12524 \Device\Harddisk0\DR0:
    11:28:56.0619 12524 MBR used
    11:28:56.0619 12524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
    11:28:56.0619 12524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
    11:28:56.0652 12524 Initialize success
    11:28:56.0652 12524 ============================================================
    11:29:33.0812 9296 ============================================================
    11:29:33.0813 9296 Scan started
    11:29:33.0813 9296 Mode: Manual; SigCheck; TDLFS;
    11:29:33.0813 9296 ============================================================
    11:29:38.0079 9296 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:29:38.0190 9296 1394ohci - ok
    11:29:38.0273 9296 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    11:29:38.0375 9296 Acceler - ok
    11:29:38.0465 9296 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:29:38.0490 9296 ACPI - ok
    11:29:38.0562 9296 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:29:38.0694 9296 AcpiPmi - ok
    11:29:38.0752 9296 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:29:38.0770 9296 adp94xx - ok
    11:29:38.0829 9296 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:29:38.0845 9296 adpahci - ok
    11:29:38.0876 9296 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:29:38.0887 9296 adpu320 - ok
    11:29:38.0987 9296 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    11:29:39.0106 9296 AFD - ok
    11:29:39.0161 9296 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:29:39.0187 9296 agp440 - ok
    11:29:39.0236 9296 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:29:39.0262 9296 aliide - ok
    11:29:39.0301 9296 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:29:39.0327 9296 amdide - ok
    11:29:39.0372 9296 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:29:39.0448 9296 AmdK8 - ok
    11:29:39.0468 9296 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:29:39.0516 9296 AmdPPM - ok
    11:29:39.0557 9296 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:29:39.0586 9296 amdsata - ok
    11:29:39.0617 9296 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:29:39.0658 9296 amdsbs - ok
    11:29:39.0678 9296 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:29:39.0687 9296 amdxata - ok
    11:29:39.0757 9296 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:29:40.0900 9296 AppID - ok
    11:29:40.0979 9296 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
    11:29:40.0996 9296 appliand - ok
    11:29:41.0001 9296 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
    11:29:41.0013 9296 appliandMP - ok
    11:29:41.0071 9296 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:29:41.0102 9296 arc - ok
    11:29:41.0122 9296 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:29:41.0133 9296 arcsas - ok
    11:29:41.0172 9296 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:29:41.0295 9296 AsyncMac - ok
    11:29:41.0344 9296 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:29:41.0354 9296 atapi - ok
    11:29:41.0436 9296 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:29:41.0482 9296 AVGIDSDriver - ok
    11:29:41.0522 9296 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:29:41.0537 9296 AVGIDSEH - ok
    11:29:41.0559 9296 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:29:41.0572 9296 AVGIDSFilter - ok
    11:29:41.0602 9296 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    11:29:41.0624 9296 Avgldx64 - ok
    11:29:41.0636 9296 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    11:29:41.0647 9296 Avgmfx64 - ok
    11:29:41.0706 9296 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    11:29:41.0727 9296 Avgrkx64 - ok
    11:29:41.0753 9296 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    11:29:41.0767 9296 Avgtdia - ok
    11:29:41.0914 9296 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:29:42.0009 9296 b06bdrv - ok
    11:29:42.0061 9296 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:29:42.0124 9296 b57nd60a - ok
    11:29:42.0163 9296 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:29:42.0253 9296 Beep - ok
    11:29:42.0307 9296 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:29:42.0335 9296 blbdrive - ok
    11:29:42.0406 9296 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:29:42.0639 9296 bowser - ok
    11:29:43.0198 9296 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:29:43.0282 9296 BrFiltLo - ok
    11:29:43.0319 9296 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:29:43.0331 9296 BrFiltUp - ok
    11:29:43.0374 9296 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:29:43.0446 9296 Brserid - ok
    11:29:43.0496 9296 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:29:43.0533 9296 BrSerWdm - ok
    11:29:43.0566 9296 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:29:43.0617 9296 BrUsbMdm - ok
    11:29:43.0640 9296 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:29:43.0684 9296 BrUsbSer - ok
    11:29:43.0767 9296 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    11:29:43.0861 9296 BthEnum - ok
    11:29:43.0887 9296 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:29:43.0929 9296 BTHMODEM - ok
    11:29:43.0981 9296 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    11:29:44.0042 9296 BthPan - ok
    11:29:44.0118 9296 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    11:29:44.0195 9296 BTHPORT - ok
    11:29:44.0249 9296 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    11:29:44.0287 9296 BTHUSB - ok
    11:29:44.0344 9296 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
    11:29:44.0351 9296 btmaux - ok
    11:29:44.0416 9296 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
    11:29:44.0501 9296 btmhsf - ok
    11:29:44.0566 9296 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    11:29:44.0591 9296 BVRPMPR5a64 - ok
    11:29:44.0638 9296 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:29:44.0717 9296 cdfs - ok
    11:29:44.0775 9296 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:29:44.0828 9296 cdrom - ok
    11:29:44.0875 9296 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:29:44.0896 9296 circlass - ok
    11:29:44.0936 9296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:29:44.0986 9296 CLFS - ok
    11:29:45.0062 9296 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:29:45.0105 9296 CmBatt - ok
    11:29:45.0451 9296 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:29:45.0478 9296 cmdide - ok
    11:29:45.0558 9296 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    11:29:45.0615 9296 CNG - ok
    11:29:45.0665 9296 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:29:45.0690 9296 Compbatt - ok
    11:29:45.0740 9296 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:29:45.0797 9296 CompositeBus - ok
    11:29:45.0830 9296 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:29:45.0839 9296 crcdisk - ok
    11:29:45.0915 9296 CtClsFlt - ok
    11:29:46.0068 9296 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
    11:29:46.0092 9296 dfmirage - ok
    11:29:46.0135 9296 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:29:46.0197 9296 DfsC - ok
    11:29:46.0231 9296 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:29:46.0270 9296 discache - ok
    11:29:46.0320 9296 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:29:46.0336 9296 Disk - ok
    11:29:46.0385 9296 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:29:46.0451 9296 drmkaud - ok
    11:29:46.0539 9296 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:29:46.0551 9296 dtsoftbus01 - ok
    11:29:46.0616 9296 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:29:46.0656 9296 DXGKrnl - ok
    11:29:46.0760 9296 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:29:46.0899 9296 ebdrv - ok
    11:29:46.0978 9296 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:29:47.0039 9296 elxstor - ok
    11:29:47.0104 9296 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:29:47.0185 9296 ErrDev - ok
    11:29:47.0281 9296 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:29:47.0339 9296 exfat - ok
    11:29:47.0390 9296 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:29:47.0449 9296 fastfat - ok
    11:29:47.0869 9296 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:29:47.0954 9296 fdc - ok
    11:29:47.0995 9296 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:29:48.0006 9296 FileInfo - ok
    11:29:48.0041 9296 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:29:48.0224 9296 Filetrace - ok
    11:29:48.0252 9296 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:29:48.0282 9296 flpydisk - ok
    11:29:48.0334 9296 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:29:48.0348 9296 FltMgr - ok
    11:29:48.0382 9296 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:29:48.0396 9296 FsDepends - ok
    11:29:48.0427 9296 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:29:48.0453 9296 Fs_Rec - ok
    11:29:48.0534 9296 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:29:48.0555 9296 fvevol - ok
    11:29:48.0608 9296 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:29:48.0623 9296 gagp30kx - ok
    11:29:48.0668 9296 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:29:48.0676 9296 GEARAspiWDM - ok
    11:29:48.0757 9296 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:29:48.0809 9296 hcw85cir - ok
    11:29:48.0849 9296 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:29:48.0914 9296 HDAudBus - ok
    11:29:48.0941 9296 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:29:48.0970 9296 HidBatt - ok
    11:29:48.0988 9296 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:29:49.0067 9296 HidBth - ok
    11:29:49.0103 9296 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:29:49.0117 9296 HidIr - ok
    11:29:49.0145 9296 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:29:49.0168 9296 HidUsb - ok
    11:29:49.0212 9296 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:29:49.0223 9296 HpSAMD - ok
    11:29:49.0278 9296 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:29:49.0370 9296 HTTP - ok
    11:29:49.0405 9296 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:29:49.0413 9296 hwpolicy - ok
    11:29:49.0467 9296 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:29:49.0501 9296 i8042prt - ok
    11:29:49.0569 9296 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
    11:29:49.0629 9296 iaStor - ok
    11:29:49.0698 9296 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:29:49.0739 9296 iaStorV - ok
    11:29:49.0773 9296 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
    11:29:49.0818 9296 iBtFltCoex - ok
    11:29:50.0588 9296 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:29:50.0936 9296 igfx - ok
    11:29:50.0981 9296 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:29:51.0005 9296 iirsp - ok
    11:29:51.0038 9296 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    11:29:51.0141 9296 Impcd - ok
    11:29:51.0353 9296 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
    11:29:51.0439 9296 IntcAzAudAddService - ok
    11:29:51.0505 9296 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:29:51.0595 9296 IntcDAud - ok
    11:29:51.0632 9296 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:29:51.0641 9296 intelide - ok
    11:29:51.0687 9296 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:29:51.0728 9296 intelppm - ok
    11:29:51.0793 9296 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:29:51.0845 9296 IpFilterDriver - ok
    11:29:51.0884 9296 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:29:51.0910 9296 IPMIDRV - ok
    11:29:51.0944 9296 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:29:52.0012 9296 IPNAT - ok
    11:29:52.0063 9296 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:29:52.0141 9296 IRENUM - ok
    11:29:52.0186 9296 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:29:52.0210 9296 isapnp - ok
    11:29:52.0256 9296 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:29:52.0295 9296 iScsiPrt - ok
    11:29:52.0541 9296 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
    11:29:52.0789 9296 JMCR - ok
    11:29:52.0826 9296 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    11:29:52.0837 9296 kbdclass - ok
    11:29:52.0862 9296 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    11:29:52.0930 9296 kbdhid - ok
    11:29:52.0980 9296 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    11:29:52.0993 9296 KSecDD - ok
    11:29:53.0083 9296 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:29:53.0110 9296 KSecPkg - ok
    11:29:53.0161 9296 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:29:53.0213 9296 ksthunk - ok
    11:29:53.0321 9296 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:29:53.0371 9296 lltdio - ok
    11:29:53.0446 9296 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:29:53.0456 9296 LSI_FC - ok
    11:29:53.0498 9296 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:29:53.0527 9296 LSI_SAS - ok
    11:29:53.0567 9296 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:29:53.0589 9296 LSI_SAS2 - ok
    11:29:53.0626 9296 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:29:53.0650 9296 LSI_SCSI - ok
    11:29:53.0677 9296 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:29:53.0744 9296 luafv - ok
    11:29:53.0853 9296 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    11:29:53.0881 9296 MBAMProtector - ok
    11:29:53.0938 9296 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:29:53.0968 9296 megasas - ok
    11:29:54.0008 9296 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:29:54.0040 9296 MegaSR - ok
    11:29:54.0119 9296 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:29:54.0148 9296 MEIx64 - ok
    11:29:54.0231 9296 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:29:54.0294 9296 Modem - ok
    11:29:54.0331 9296 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:29:54.0358 9296 monitor - ok
    11:29:54.0434 9296 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    11:29:54.0458 9296 mouclass - ok
    11:29:54.0511 9296 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:29:54.0550 9296 mouhid - ok
    11:29:54.0612 9296 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:29:54.0638 9296 mountmgr - ok
    11:29:54.0672 9296 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:29:54.0699 9296 mpio - ok
    11:29:54.0721 9296 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:29:54.0751 9296 mpsdrv - ok
    11:29:55.0211 9296 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:29:55.0310 9296 MRxDAV - ok
    11:29:55.0350 9296 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:29:55.0413 9296 mrxsmb - ok
    11:29:55.0462 9296 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:29:55.0503 9296 mrxsmb10 - ok
    11:29:55.0526 9296 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:29:55.0574 9296 mrxsmb20 - ok
    11:29:55.0610 9296 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:29:55.0630 9296 msahci - ok
    11:29:55.0669 9296 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:29:55.0690 9296 msdsm - ok
    11:29:55.0734 9296 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:29:55.0790 9296 Msfs - ok
    11:29:55.0826 9296 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:29:55.0908 9296 mshidkmdf - ok
    11:29:55.0929 9296 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:29:55.0937 9296 msisadrv - ok
    11:29:55.0984 9296 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:29:56.0037 9296 MSKSSRV - ok
    11:29:56.0073 9296 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:29:56.0126 9296 MSPCLOCK - ok
    11:29:56.0148 9296 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:29:56.0240 9296 MSPQM - ok
    11:29:56.0283 9296 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:29:56.0318 9296 MsRPC - ok
    11:29:56.0335 9296 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:29:56.0343 9296 mssmbios - ok
    11:29:56.0358 9296 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:29:56.0406 9296 MSTEE - ok
    11:29:56.0429 9296 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:29:56.0469 9296 MTConfig - ok
    11:29:56.0494 9296 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:29:56.0522 9296 Mup - ok
    11:29:56.0596 9296 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:29:56.0645 9296 NativeWifiP - ok
    11:29:56.0709 9296 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    11:29:56.0757 9296 NDIS - ok
    11:29:56.0815 9296 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:29:56.0871 9296 NdisCap - ok
    11:29:56.0906 9296 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:29:56.0965 9296 NdisTapi - ok
    11:29:56.0998 9296 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:29:57.0082 9296 Ndisuio - ok
    11:29:57.0114 9296 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:29:57.0173 9296 NdisWan - ok
    11:29:57.0617 9296 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:29:57.0682 9296 NDProxy - ok
    11:29:57.0705 9296 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:29:57.0734 9296 NetBIOS - ok
    11:29:57.0785 9296 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:29:57.0842 9296 NetBT - ok
    11:29:58.0109 9296 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    11:29:58.0326 9296 NETwNs64 - ok
    11:29:58.0392 9296 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:29:58.0418 9296 nfrd960 - ok
    11:29:58.0482 9296 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:29:58.0538 9296 Npfs - ok
    11:29:58.0562 9296 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:29:58.0638 9296 nsiproxy - ok
    11:29:58.0713 9296 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:29:58.0788 9296 Ntfs - ok
    11:29:58.0815 9296 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:29:58.0865 9296 Null - ok
    11:29:58.0930 9296 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
    11:29:58.0983 9296 nusb3hub - ok
    11:29:59.0032 9296 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    11:29:59.0089 9296 nusb3xhc - ok
    11:29:59.0134 9296 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
    11:29:59.0148 9296 NVHDA - ok
    11:29:59.0520 9296 nvlddmkm (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:29:59.0822 9296 nvlddmkm - ok
    11:30:00.0192 9296 nvpciflt (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
    11:30:00.0214 9296 nvpciflt - ok
    11:30:00.0275 9296 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:30:00.0289 9296 nvraid - ok
    11:30:00.0313 9296 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:30:00.0326 9296 nvstor - ok
    11:30:00.0369 9296 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\DRIVERS\nvstusb.sys
    11:30:00.0379 9296 NvStUSB - ok
    11:30:00.0441 9296 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:30:00.0465 9296 nv_agp - ok
    11:30:00.0514 9296 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:30:00.0597 9296 ohci1394 - ok
    11:30:00.0644 9296 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:30:00.0670 9296 Parport - ok
    11:30:00.0710 9296 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:30:00.0730 9296 partmgr - ok
    11:30:00.0776 9296 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:30:00.0794 9296 pci - ok
    11:30:00.0883 9296 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:30:00.0908 9296 pciide - ok
    11:30:00.0954 9296 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:30:00.0974 9296 pcmcia - ok
    11:30:01.0000 9296 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:30:01.0026 9296 pcw - ok
    11:30:01.0055 9296 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:30:01.0154 9296 PEAUTH - ok
    11:30:01.0221 9296 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:30:01.0284 9296 PptpMiniport - ok
    11:30:01.0322 9296 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:30:01.0343 9296 Processor - ok
    11:30:01.0411 9296 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:30:01.0485 9296 Psched - ok
    11:30:01.0532 9296 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:30:01.0559 9296 PxHlpa64 - ok
    11:30:01.0615 9296 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    11:30:01.0637 9296 qicflt - ok
    11:30:01.0695 9296 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:30:01.0767 9296 ql2300 - ok
    11:30:01.0798 9296 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:30:01.0810 9296 ql40xx - ok
    11:30:01.0847 9296 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:30:01.0880 9296 QWAVEdrv - ok
    11:30:01.0918 9296 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:30:01.0947 9296 RasAcd - ok
    11:30:02.0009 9296 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:30:02.0064 9296 RasAgileVpn - ok
    11:30:02.0126 9296 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:30:02.0187 9296 Rasl2tp - ok
    11:30:02.0610 9296 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:30:02.0667 9296 RasPppoe - ok
    11:30:02.0698 9296 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:30:02.0754 9296 RasSstp - ok
    11:30:02.0790 9296 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:30:02.0843 9296 rdbss - ok
    11:30:02.0864 9296 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:30:02.0877 9296 rdpbus - ok
    11:30:02.0914 9296 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:30:02.0967 9296 RDPCDD - ok
    11:30:02.0990 9296 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:30:03.0051 9296 RDPENCDD - ok
    11:30:03.0080 9296 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:30:03.0126 9296 RDPREFMP - ok
    11:30:03.0171 9296 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    11:30:03.0215 9296 RDPWD - ok
    11:30:03.0354 9296 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:30:03.0373 9296 rdyboost - ok
    11:30:03.0456 9296 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    11:30:03.0488 9296 RFCOMM - ok
    11:30:03.0555 9296 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:30:03.0605 9296 rspndr - ok
    11:30:03.0669 9296 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:30:03.0688 9296 RTL8167 - ok
    11:30:03.0721 9296 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:30:03.0744 9296 sbp2port - ok
    11:30:03.0791 9296 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:30:03.0846 9296 scfilter - ok
    11:30:03.0905 9296 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\drivers\sdbus.sys
    11:30:03.0986 9296 sdbus - ok
    11:30:04.0045 9296 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:30:04.0097 9296 secdrv - ok
    11:30:04.0118 9296 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:30:04.0150 9296 Serenum - ok
    11:30:04.0185 9296 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:30:04.0236 9296 Serial - ok
    11:30:04.0270 9296 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:30:04.0298 9296 sermouse - ok
    11:30:04.0338 9296 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:30:04.0382 9296 sffdisk - ok
    11:30:04.0406 9296 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:30:04.0438 9296 sffp_mmc - ok
    11:30:04.0456 9296 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:30:04.0506 9296 sffp_sd - ok
    11:30:04.0525 9296 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:30:04.0597 9296 sfloppy - ok
    11:30:05.0255 9296 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:30:05.0294 9296 Sftfs - ok
    11:30:05.0344 9296 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:30:05.0356 9296 Sftplay - ok
    11:30:05.0378 9296 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:30:05.0386 9296 Sftredir - ok
    11:30:05.0408 9296 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:30:05.0416 9296 Sftvol - ok
    11:30:05.0449 9296 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:30:05.0486 9296 SiSRaid2 - ok
    11:30:05.0511 9296 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:30:05.0522 9296 SiSRaid4 - ok
    11:30:05.0575 9296 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:30:05.0624 9296 Smb - ok
    11:30:05.0674 9296 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:30:05.0699 9296 spldr - ok
    11:30:05.0756 9296 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:30:05.0853 9296 srv - ok
    11:30:05.0876 9296 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:30:05.0936 9296 srv2 - ok
    11:30:05.0969 9296 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:30:06.0009 9296 srvnet - ok
    11:30:06.0061 9296 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    11:30:06.0074 9296 stdcfltn - ok
    11:30:06.0134 9296 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:30:06.0159 9296 stexstor - ok
    11:30:06.0211 9296 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:30:06.0226 9296 swenum - ok
    11:30:06.0293 9296 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
    11:30:06.0340 9296 SynTP - ok
    11:30:06.0439 9296 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    11:30:06.0511 9296 Tcpip - ok
    11:30:06.0574 9296 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    11:30:06.0613 9296 TCPIP6 - ok
    11:30:06.0660 9296 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:30:06.0715 9296 tcpipreg - ok
    11:30:06.0736 9296 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:30:06.0800 9296 TDPIPE - ok
    11:30:06.0826 9296 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    11:30:06.0887 9296 TDTCP - ok
    11:30:06.0945 9296 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:30:06.0986 9296 tdx - ok
    11:30:07.0040 9296 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:30:07.0068 9296 TermDD - ok
    11:30:07.0129 9296 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:30:07.0193 9296 tssecsrv - ok
    11:30:07.0740 9296 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:30:07.0802 9296 TsUsbFlt - ok
    11:30:07.0838 9296 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:30:07.0895 9296 tunnel - ok
    11:30:08.0001 9296 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    11:30:08.0013 9296 TurboB - ok
    11:30:08.0069 9296 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:30:08.0099 9296 uagp35 - ok
    11:30:08.0149 9296 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:30:08.0202 9296 udfs - ok
    11:30:08.0277 9296 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:30:08.0294 9296 uliagpkx - ok
    11:30:08.0347 9296 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    11:30:08.0386 9296 umbus - ok
    11:30:08.0422 9296 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:30:08.0449 9296 UmPass - ok
    11:30:08.0513 9296 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    11:30:08.0571 9296 USBAAPL64 - ok
    11:30:08.0635 9296 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    11:30:08.0680 9296 usbaudio - ok
    11:30:08.0716 9296 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:30:08.0782 9296 usbccgp - ok
    11:30:08.0802 9296 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:30:08.0846 9296 usbcir - ok
    11:30:08.0886 9296 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:30:08.0967 9296 usbehci - ok
    11:30:09.0041 9296 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
    11:30:09.0099 9296 usbhub - ok
    11:30:09.0155 9296 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    11:30:09.0253 9296 usbohci - ok
    11:30:09.0313 9296 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:30:09.0340 9296 usbprint - ok
    11:30:09.0394 9296 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:30:09.0451 9296 usbscan - ok
    11:30:09.0480 9296 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:30:09.0530 9296 USBSTOR - ok
    11:30:09.0554 9296 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    11:30:09.0588 9296 usbuhci - ok
    11:30:09.0668 9296 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    11:30:09.0703 9296 usbvideo - ok
    11:30:10.0104 9296 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:30:10.0130 9296 vdrvroot - ok
    11:30:10.0168 9296 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:30:10.0192 9296 vga - ok
    11:30:10.0218 9296 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:30:10.0281 9296 VgaSave - ok
    11:30:10.0325 9296 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:30:10.0338 9296 vhdmp - ok
    11:30:10.0377 9296 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:30:10.0387 9296 viaide - ok
    11:30:10.0442 9296 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:30:10.0454 9296 volmgr - ok
    11:30:10.0528 9296 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:30:10.0542 9296 volmgrx - ok
    11:30:10.0598 9296 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:30:10.0629 9296 volsnap - ok
    11:30:10.0677 9296 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:30:10.0718 9296 vsmraid - ok
    11:30:10.0778 9296 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:30:10.0813 9296 vwifibus - ok
    11:30:10.0838 9296 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:30:10.0874 9296 vwififlt - ok
    11:30:10.0907 9296 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:30:10.0934 9296 vwifimp - ok
    11:30:10.0961 9296 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:30:10.0979 9296 WacomPen - ok
    11:30:11.0118 9296 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:30:11.0211 9296 WANARP - ok
    11:30:11.0215 9296 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:30:11.0243 9296 Wanarpv6 - ok
    11:30:11.0286 9296 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:30:11.0296 9296 Wd - ok
    11:30:11.0340 9296 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:30:11.0371 9296 Wdf01000 - ok
    11:30:11.0448 9296 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
    11:30:11.0489 9296 wdkmd - ok
    11:30:11.0533 9296 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:30:11.0565 9296 WfpLwf - ok
    11:30:11.0603 9296 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    11:30:11.0615 9296 WimFltr - ok
    11:30:11.0636 9296 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:30:11.0647 9296 WIMMount - ok
    11:30:11.0742 9296 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:30:11.0788 9296 WinUsb - ok
    11:30:11.0878 9296 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:30:11.0894 9296 WmiAcpi - ok
    11:30:11.0964 9296 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:30:12.0012 9296 ws2ifsl - ok
    11:30:12.0571 9296 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:30:12.0629 9296 WudfPf - ok
    11:30:12.0679 9296 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:30:12.0739 9296 WUDFRd - ok
    11:30:12.0763 9296 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
    11:30:12.0790 9296 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    11:30:12.0790 9296 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    11:30:12.0894 9296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    11:30:12.0894 9296 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    11:30:12.0933 9296 Boot (0x1200) (4980b5f8fa0890f5e98eda07dcebc2f2) \Device\Harddisk0\DR0\Partition0
    11:30:12.0935 9296 \Device\Harddisk0\DR0\Partition0 - ok
    11:30:12.0954 9296 Boot (0x1200) (683c52ad82086aedc39384b3d0160f54) \Device\Harddisk0\DR0\Partition1
    11:30:12.0957 9296 \Device\Harddisk0\DR0\Partition1 - ok
    11:30:12.0958 9296 ============================================================
    11:30:12.0958 9296 Scan finished
    11:30:12.0958 9296 ============================================================
    11:30:12.0979 15332 Detected object count: 2
    11:30:12.0979 15332 Actual detected object count: 2
    11:31:15.0862 15332 \Device\Harddisk0\DR0\# - copied to quarantine
    11:31:15.0862 15332 \Device\Harddisk0\DR0 - copied to quarantine
    11:31:15.0973 15332 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    11:31:15.0976 15332 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    11:31:15.0982 15332 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    11:31:15.0989 15332 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    11:31:15.0997 15332 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    11:31:16.0738 15332 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    11:31:16.0772 15332 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    11:31:16.0805 15332 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    11:31:16.0811 15332 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    11:31:16.0813 15332 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    11:31:16.0827 15332 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    11:31:16.0832 15332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    11:31:16.0834 15332 \Device\Harddisk0\DR0 - ok
    11:31:17.0048 15332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    11:31:17.0049 15332 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    11:31:17.0049 15332 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    11:31:24.0364 12456 Deinitialize success
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    We are making good progress, run TDSSKiller again, when you see this Device\Harddisk0\DR0 ( TDSS File System ) Select delete this time, not skip.

    Re-boot and run Malwarebytes, make sure to update first. Let me see the two logs in next reply. Also tell me if your system has improved...

    Kevin
     
  9. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Kevin,

    This is great. We deleted the fill with TDSS. This is the log. We rebooted, and are currently running MBAM's full scan. So far, so good -- MBAM has not popped up with it's normal detection of the malware! We will post the MBAM log as soon as it's done!

    11:55:20.0129 1184 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
    11:55:20.0411 1184 ============================================================
    11:55:20.0411 1184 Current date / time: 2012/02/09 11:55:20.0411
    11:55:20.0411 1184 SystemInfo:
    11:55:20.0411 1184
    11:55:20.0411 1184 OS Version: 6.1.7601 ServicePack: 1.0
    11:55:20.0411 1184 Product type: Workstation
    11:55:20.0412 1184 ComputerName: ZEYNEP-PC
    11:55:20.0412 1184 UserName: Zeynep
    11:55:20.0412 1184 Windows directory: C:\Windows
    11:55:20.0412 1184 System windows directory: C:\Windows
    11:55:20.0412 1184 Running under WOW64
    11:55:20.0412 1184 Processor architecture: Intel x64
    11:55:20.0412 1184 Number of processors: 4
    11:55:20.0412 1184 Page size: 0x1000
    11:55:20.0412 1184 Boot type: Normal boot
    11:55:20.0412 1184 ============================================================
    11:55:21.0468 1184 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:55:21.0474 1184 \Device\Harddisk0\DR0:
    11:55:21.0475 1184 MBR used
    11:55:21.0475 1184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
    11:55:21.0475 1184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
    11:55:21.0505 1184 Initialize success
    11:55:21.0505 1184 ============================================================
    11:55:30.0386 5732 ============================================================
    11:55:30.0386 5732 Scan started
    11:55:30.0386 5732 Mode: Manual; SigCheck; TDLFS;
    11:55:30.0386 5732 ============================================================
    11:55:31.0758 5732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    11:55:31.0872 5732 1394ohci - ok
    11:55:31.0917 5732 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
    11:55:31.0956 5732 Acceler - ok
    11:55:32.0008 5732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    11:55:32.0046 5732 ACPI - ok
    11:55:32.0090 5732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    11:55:32.0175 5732 AcpiPmi - ok
    11:55:32.0217 5732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:55:32.0266 5732 adp94xx - ok
    11:55:32.0314 5732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:55:32.0349 5732 adpahci - ok
    11:55:32.0370 5732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:55:32.0396 5732 adpu320 - ok
    11:55:32.0483 5732 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    11:55:32.0574 5732 AFD - ok
    11:55:32.0615 5732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    11:55:32.0642 5732 agp440 - ok
    11:55:32.0698 5732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    11:55:32.0720 5732 aliide - ok
    11:55:32.0739 5732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    11:55:32.0747 5732 amdide - ok
    11:55:32.0768 5732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:55:32.0819 5732 AmdK8 - ok
    11:55:32.0864 5732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:55:32.0917 5732 AmdPPM - ok
    11:55:32.0978 5732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    11:55:33.0006 5732 amdsata - ok
    11:55:33.0046 5732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:55:33.0070 5732 amdsbs - ok
    11:55:33.0099 5732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    11:55:33.0124 5732 amdxata - ok
    11:55:33.0195 5732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    11:55:33.0365 5732 AppID - ok
    11:55:33.0451 5732 appliand (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
    11:55:33.0470 5732 appliand - ok
    11:55:33.0484 5732 appliandMP (0eeff7103e4f3e783f3d2b870af67f1c) C:\Windows\system32\DRIVERS\appliand.sys
    11:55:33.0491 5732 appliandMP - ok
    11:55:33.0543 5732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:55:33.0570 5732 arc - ok
    11:55:33.0877 5732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:55:33.0905 5732 arcsas - ok
    11:55:33.0958 5732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:55:34.0140 5732 AsyncMac - ok
    11:55:34.0196 5732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    11:55:34.0222 5732 atapi - ok
    11:55:34.0305 5732 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    11:55:34.0326 5732 AVGIDSDriver - ok
    11:55:34.0366 5732 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    11:55:34.0384 5732 AVGIDSEH - ok
    11:55:34.0427 5732 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    11:55:34.0446 5732 AVGIDSFilter - ok
    11:55:34.0470 5732 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
    11:55:34.0486 5732 Avgldx64 - ok
    11:55:34.0497 5732 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
    11:55:34.0507 5732 Avgmfx64 - ok
    11:55:34.0565 5732 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
    11:55:34.0583 5732 Avgrkx64 - ok
    11:55:34.0605 5732 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
    11:55:34.0615 5732 Avgtdia - ok
    11:55:34.0691 5732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:55:34.0766 5732 b06bdrv - ok
    11:55:34.0819 5732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:55:34.0854 5732 b57nd60a - ok
    11:55:34.0899 5732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:55:34.0971 5732 Beep - ok
    11:55:35.0011 5732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:55:35.0049 5732 blbdrive - ok
    11:55:35.0118 5732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    11:55:35.0183 5732 bowser - ok
    11:55:35.0208 5732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:55:35.0292 5732 BrFiltLo - ok
    11:55:35.0312 5732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:55:35.0331 5732 BrFiltUp - ok
    11:55:35.0359 5732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:55:35.0431 5732 Brserid - ok
    11:55:35.0456 5732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:55:35.0505 5732 BrSerWdm - ok
    11:55:35.0523 5732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:55:35.0560 5732 BrUsbMdm - ok
    11:55:35.0572 5732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:55:35.0634 5732 BrUsbSer - ok
    11:55:35.0686 5732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    11:55:35.0746 5732 BthEnum - ok
    11:55:35.0798 5732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:55:35.0827 5732 BTHMODEM - ok
    11:55:35.0866 5732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    11:55:36.0107 5732 BthPan - ok
    11:55:36.0458 5732 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    11:55:36.0548 5732 BTHPORT - ok
    11:55:36.0598 5732 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    11:55:36.0646 5732 BTHUSB - ok
    11:55:36.0684 5732 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
    11:55:36.0705 5732 btmaux - ok
    11:55:36.0740 5732 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
    11:55:36.0803 5732 btmhsf - ok
    11:55:36.0857 5732 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
    11:55:36.0880 5732 BVRPMPR5a64 - ok
    11:55:36.0938 5732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:55:37.0012 5732 cdfs - ok
    11:55:37.0065 5732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    11:55:37.0115 5732 cdrom - ok
    11:55:37.0149 5732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:55:37.0181 5732 circlass - ok
    11:55:37.0219 5732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:55:37.0256 5732 CLFS - ok
    11:55:37.0311 5732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:55:37.0356 5732 CmBatt - ok
    11:55:37.0387 5732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    11:55:37.0413 5732 cmdide - ok
    11:55:37.0461 5732 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    11:55:37.0488 5732 CNG - ok
    11:55:37.0535 5732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:55:37.0558 5732 Compbatt - ok
    11:55:37.0625 5732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    11:55:37.0672 5732 CompositeBus - ok
    11:55:37.0700 5732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:55:37.0708 5732 crcdisk - ok
    11:55:37.0750 5732 CtClsFlt - ok
    11:55:37.0805 5732 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys
    11:55:37.0815 5732 dfmirage - ok
    11:55:37.0872 5732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    11:55:37.0921 5732 DfsC - ok
    11:55:37.0944 5732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:55:37.0975 5732 discache - ok
    11:55:38.0089 5732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:55:38.0099 5732 Disk - ok
    11:55:38.0140 5732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:55:38.0171 5732 drmkaud - ok
    11:55:38.0211 5732 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    11:55:38.0221 5732 dtsoftbus01 - ok
    11:55:38.0271 5732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    11:55:38.0292 5732 DXGKrnl - ok
    11:55:38.0383 5732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:55:38.0649 5732 ebdrv - ok
    11:55:39.0029 5732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:55:39.0090 5732 elxstor - ok
    11:55:39.0155 5732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    11:55:39.0205 5732 ErrDev - ok
    11:55:39.0348 5732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:55:39.0410 5732 exfat - ok
    11:55:39.0448 5732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:55:39.0500 5732 fastfat - ok
    11:55:39.0524 5732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:55:39.0566 5732 fdc - ok
    11:55:39.0602 5732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:55:39.0626 5732 FileInfo - ok
    11:55:39.0647 5732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:55:39.0699 5732 Filetrace - ok
    11:55:39.0724 5732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:55:39.0755 5732 flpydisk - ok
    11:55:39.0794 5732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    11:55:39.0819 5732 FltMgr - ok
    11:55:39.0839 5732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:55:39.0850 5732 FsDepends - ok
    11:55:39.0868 5732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    11:55:39.0875 5732 Fs_Rec - ok
    11:55:39.0944 5732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:55:39.0971 5732 fvevol - ok
    11:55:39.0991 5732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:55:40.0000 5732 gagp30kx - ok
    11:55:40.0035 5732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:55:40.0054 5732 GEARAspiWDM - ok
    11:55:40.0132 5732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:55:40.0197 5732 hcw85cir - ok
    11:55:40.0242 5732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    11:55:40.0297 5732 HDAudBus - ok
    11:55:40.0316 5732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:55:40.0359 5732 HidBatt - ok
    11:55:40.0385 5732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:55:40.0446 5732 HidBth - ok
    11:55:40.0478 5732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:55:40.0509 5732 HidIr - ok
    11:55:40.0536 5732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    11:55:40.0582 5732 HidUsb - ok
    11:55:40.0637 5732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    11:55:40.0658 5732 HpSAMD - ok
    11:55:40.0711 5732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    11:55:40.0814 5732 HTTP - ok
    11:55:40.0846 5732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    11:55:40.0853 5732 hwpolicy - ok
    11:55:40.0900 5732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    11:55:40.0928 5732 i8042prt - ok
    11:55:41.0604 5732 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
    11:55:41.0639 5732 iaStor - ok
    11:55:41.0700 5732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    11:55:41.0739 5732 iaStorV - ok
    11:55:41.0768 5732 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
    11:55:41.0800 5732 iBtFltCoex - ok
    11:55:42.0073 5732 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:55:42.0459 5732 igfx - ok
    11:55:42.0504 5732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:55:42.0513 5732 iirsp - ok
    11:55:42.0561 5732 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    11:55:42.0664 5732 Impcd - ok
    11:55:42.0758 5732 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
    11:55:42.0799 5732 IntcAzAudAddService - ok
    11:55:42.0857 5732 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:55:42.0965 5732 IntcDAud - ok
    11:55:43.0007 5732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    11:55:43.0032 5732 intelide - ok
    11:55:43.0087 5732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:55:43.0133 5732 intelppm - ok
    11:55:43.0177 5732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:55:43.0248 5732 IpFilterDriver - ok
    11:55:43.0283 5732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    11:55:43.0294 5732 IPMIDRV - ok
    11:55:43.0352 5732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:55:43.0429 5732 IPNAT - ok
    11:55:43.0470 5732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:55:43.0565 5732 IRENUM - ok
    11:55:44.0096 5732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    11:55:44.0126 5732 isapnp - ok
    11:55:44.0175 5732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    11:55:44.0200 5732 iScsiPrt - ok
    11:55:44.0257 5732 JMCR (e56417c56b6a7316b6f527c890a1860d) C:\Windows\system32\DRIVERS\jmcr.sys
    11:55:44.0285 5732 JMCR - ok
    11:55:44.0307 5732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    11:55:44.0315 5732 kbdclass - ok
    11:55:44.0335 5732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    11:55:44.0378 5732 kbdhid - ok
    11:55:44.0421 5732 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    11:55:44.0447 5732 KSecDD - ok
    11:55:44.0489 5732 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    11:55:44.0520 5732 KSecPkg - ok
    11:55:44.0552 5732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:55:44.0648 5732 ksthunk - ok
    11:55:44.0712 5732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:55:44.0781 5732 lltdio - ok
    11:55:44.0829 5732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:55:44.0838 5732 LSI_FC - ok
    11:55:44.0855 5732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:55:44.0866 5732 LSI_SAS - ok
    11:55:44.0883 5732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:55:44.0892 5732 LSI_SAS2 - ok
    11:55:44.0919 5732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:55:44.0947 5732 LSI_SCSI - ok
    11:55:44.0969 5732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:55:45.0037 5732 luafv - ok
    11:55:45.0112 5732 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    11:55:45.0130 5732 MBAMProtector - ok
    11:55:45.0166 5732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:55:45.0188 5732 megasas - ok
    11:55:45.0217 5732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:55:45.0249 5732 MegaSR - ok
    11:55:45.0280 5732 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:55:45.0300 5732 MEIx64 - ok
    11:55:45.0358 5732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:55:45.0437 5732 Modem - ok
    11:55:45.0467 5732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:55:45.0512 5732 monitor - ok
    11:55:45.0561 5732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    11:55:45.0586 5732 mouclass - ok
    11:55:45.0639 5732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:55:45.0670 5732 mouhid - ok
    11:55:45.0699 5732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    11:55:45.0726 5732 mountmgr - ok
    11:55:45.0767 5732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    11:55:45.0789 5732 mpio - ok
    11:55:45.0815 5732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:55:45.0844 5732 mpsdrv - ok
    11:55:45.0885 5732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    11:55:45.0990 5732 MRxDAV - ok
    11:55:46.0034 5732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:55:46.0097 5732 mrxsmb - ok
    11:55:46.0647 5732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:55:46.0686 5732 mrxsmb10 - ok
    11:55:46.0702 5732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:55:46.0715 5732 mrxsmb20 - ok
    11:55:46.0762 5732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    11:55:46.0782 5732 msahci - ok
    11:55:46.0837 5732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    11:55:46.0848 5732 msdsm - ok
    11:55:46.0895 5732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:55:46.0943 5732 Msfs - ok
    11:55:46.0971 5732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:55:47.0078 5732 mshidkmdf - ok
    11:55:47.0098 5732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    11:55:47.0105 5732 msisadrv - ok
    11:55:47.0170 5732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:55:47.0228 5732 MSKSSRV - ok
    11:55:47.0258 5732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:55:47.0307 5732 MSPCLOCK - ok
    11:55:47.0333 5732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:55:47.0417 5732 MSPQM - ok
    11:55:47.0452 5732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    11:55:47.0467 5732 MsRPC - ok
    11:55:47.0487 5732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    11:55:47.0495 5732 mssmbios - ok
    11:55:47.0519 5732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:55:47.0574 5732 MSTEE - ok
    11:55:47.0598 5732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:55:47.0637 5732 MTConfig - ok
    11:55:47.0662 5732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:55:47.0670 5732 Mup - ok
    11:55:47.0740 5732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:55:47.0788 5732 NativeWifiP - ok
    11:55:47.0846 5732 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    11:55:47.0896 5732 NDIS - ok
    11:55:47.0918 5732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:55:47.0947 5732 NdisCap - ok
    11:55:47.0984 5732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:55:48.0050 5732 NdisTapi - ok
    11:55:48.0084 5732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:55:48.0157 5732 Ndisuio - ok
    11:55:48.0194 5732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:55:48.0256 5732 NdisWan - ok
    11:55:48.0299 5732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    11:55:48.0353 5732 NDProxy - ok
    11:55:48.0379 5732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:55:48.0408 5732 NetBIOS - ok
    11:55:48.0458 5732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    11:55:48.0515 5732 NetBT - ok
    11:55:49.0415 5732 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    11:55:49.0691 5732 NETwNs64 - ok
    11:55:49.0733 5732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:55:49.0743 5732 nfrd960 - ok
    11:55:49.0815 5732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:55:49.0863 5732 Npfs - ok
    11:55:49.0887 5732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:55:49.0942 5732 nsiproxy - ok
    11:55:50.0014 5732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    11:55:50.0089 5732 Ntfs - ok
    11:55:50.0108 5732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:55:50.0136 5732 Null - ok
    11:55:50.0189 5732 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
    11:55:50.0226 5732 nusb3hub - ok
    11:55:50.0275 5732 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
    11:55:50.0332 5732 nusb3xhc - ok
    11:55:50.0360 5732 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
    11:55:50.0368 5732 NVHDA - ok
    11:55:50.0655 5732 nvlddmkm (24aa5e3ed7a2b48b8e798a1059a2b323) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    11:55:50.0830 5732 nvlddmkm - ok
    11:55:50.0858 5732 nvpciflt (58aa797b41410daea6a6eb33e77f9b7a) C:\Windows\system32\DRIVERS\nvpciflt.sys
    11:55:50.0877 5732 nvpciflt - ok
    11:55:50.0932 5732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    11:55:50.0959 5732 nvraid - ok
    11:55:51.0005 5732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    11:55:51.0036 5732 nvstor - ok
    11:55:51.0069 5732 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\DRIVERS\nvstusb.sys
    11:55:51.0092 5732 NvStUSB - ok
    11:55:51.0156 5732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    11:55:51.0185 5732 nv_agp - ok
    11:55:51.0237 5732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    11:55:51.0341 5732 ohci1394 - ok
    11:55:51.0722 5732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:55:51.0759 5732 Parport - ok
    11:55:51.0795 5732 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    11:55:51.0804 5732 partmgr - ok
    11:55:51.0844 5732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    11:55:51.0883 5732 pci - ok
    11:55:51.0928 5732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    11:55:51.0952 5732 pciide - ok
    11:55:51.0980 5732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:55:51.0993 5732 pcmcia - ok
    11:55:52.0011 5732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:55:52.0021 5732 pcw - ok
    11:55:52.0050 5732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:55:52.0124 5732 PEAUTH - ok
    11:55:52.0192 5732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    11:55:52.0270 5732 PptpMiniport - ok
    11:55:52.0293 5732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:55:52.0329 5732 Processor - ok
    11:55:52.0373 5732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    11:55:52.0451 5732 Psched - ok
    11:55:52.0487 5732 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:55:52.0506 5732 PxHlpa64 - ok
    11:55:52.0561 5732 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
    11:55:52.0581 5732 qicflt - ok
    11:55:52.0627 5732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:55:52.0700 5732 ql2300 - ok
    11:55:52.0720 5732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:55:52.0730 5732 ql40xx - ok
    11:55:52.0751 5732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:55:52.0794 5732 QWAVEdrv - ok
    11:55:52.0839 5732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:55:52.0880 5732 RasAcd - ok
    11:55:52.0922 5732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:55:52.0972 5732 RasAgileVpn - ok
    11:55:53.0013 5732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:55:53.0087 5732 Rasl2tp - ok
    11:55:53.0118 5732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:55:53.0147 5732 RasPppoe - ok
    11:55:53.0182 5732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:55:53.0260 5732 RasSstp - ok
    11:55:53.0301 5732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    11:55:53.0354 5732 rdbss - ok
    11:55:53.0381 5732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:55:53.0394 5732 rdpbus - ok
    11:55:53.0414 5732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:55:53.0476 5732 RDPCDD - ok
    11:55:53.0499 5732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:55:53.0540 5732 RDPENCDD - ok
    11:55:53.0564 5732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:55:53.0591 5732 RDPREFMP - ok
    11:55:54.0017 5732 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    11:55:54.0055 5732 RDPWD - ok
    11:55:54.0103 5732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    11:55:54.0129 5732 rdyboost - ok
    11:55:54.0189 5732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    11:55:54.0248 5732 RFCOMM - ok
    11:55:54.0303 5732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:55:54.0381 5732 rspndr - ok
    11:55:54.0462 5732 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:55:54.0489 5732 RTL8167 - ok
    11:55:54.0544 5732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    11:55:54.0574 5732 sbp2port - ok
    11:55:54.0621 5732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    11:55:54.0711 5732 scfilter - ok
    11:55:54.0816 5732 sdbus (84e00908975faf79e91282ed8fb88c2f) C:\Windows\system32\drivers\sdbus.sys
    11:55:54.0856 5732 sdbus - ok
    11:55:54.0934 5732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:55:55.0010 5732 secdrv - ok
    11:55:55.0072 5732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:55:55.0112 5732 Serenum - ok
    11:55:55.0156 5732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:55:55.0192 5732 Serial - ok
    11:55:55.0265 5732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:55:55.0296 5732 sermouse - ok
    11:55:55.0350 5732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    11:55:55.0414 5732 sffdisk - ok
    11:55:55.0434 5732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    11:55:55.0445 5732 sffp_mmc - ok
    11:55:55.0459 5732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    11:55:55.0506 5732 sffp_sd - ok
    11:55:55.0529 5732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:55:55.0563 5732 sfloppy - ok
    11:55:55.0631 5732 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:55:55.0663 5732 Sftfs - ok
    11:55:55.0713 5732 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:55:55.0739 5732 Sftplay - ok
    11:55:55.0763 5732 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:55:55.0769 5732 Sftredir - ok
    11:55:55.0793 5732 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:55:55.0799 5732 Sftvol - ok
    11:55:55.0843 5732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:55:55.0867 5732 SiSRaid2 - ok
    11:55:55.0887 5732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:55:55.0902 5732 SiSRaid4 - ok
    11:55:55.0944 5732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:55:56.0004 5732 Smb - ok
    11:55:56.0431 5732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:55:56.0455 5732 spldr - ok
    11:55:56.0520 5732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    11:55:56.0593 5732 srv - ok
    11:55:56.0624 5732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    11:55:56.0667 5732 srv2 - ok
    11:55:56.0700 5732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    11:55:56.0749 5732 srvnet - ok
    11:55:56.0793 5732 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
    11:55:56.0802 5732 stdcfltn - ok
    11:55:56.0858 5732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:55:56.0884 5732 stexstor - ok
    11:55:56.0934 5732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    11:55:56.0953 5732 swenum - ok
    11:55:57.0012 5732 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
    11:55:57.0052 5732 SynTP - ok
    11:55:57.0145 5732 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    11:55:57.0199 5732 Tcpip - ok
    11:55:57.0242 5732 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    11:55:57.0294 5732 TCPIP6 - ok
    11:55:57.0331 5732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    11:55:57.0383 5732 tcpipreg - ok
    11:55:57.0410 5732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:55:57.0471 5732 TDPIPE - ok
    11:55:57.0491 5732 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    11:55:57.0553 5732 TDTCP - ok
    11:55:57.0593 5732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    11:55:57.0621 5732 tdx - ok
    11:55:57.0663 5732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    11:55:57.0687 5732 TermDD - ok
    11:55:57.0745 5732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:55:57.0801 5732 tssecsrv - ok
    11:55:57.0852 5732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    11:55:57.0877 5732 TsUsbFlt - ok
    11:55:57.0925 5732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    11:55:57.0988 5732 tunnel - ok
    11:55:58.0040 5732 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
    11:55:58.0049 5732 TurboB - ok
    11:55:58.0082 5732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:55:58.0094 5732 uagp35 - ok
    11:55:58.0137 5732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    11:55:58.0187 5732 udfs - ok
    11:55:58.0242 5732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    11:55:58.0266 5732 uliagpkx - ok
    11:55:58.0312 5732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    11:55:58.0331 5732 umbus - ok
    11:55:58.0353 5732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:55:58.0378 5732 UmPass - ok
    11:55:59.0022 5732 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    11:55:59.0069 5732 USBAAPL64 - ok
    11:55:59.0118 5732 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    11:55:59.0171 5732 usbaudio - ok
    11:55:59.0208 5732 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
    11:55:59.0252 5732 usbccgp - ok
    11:55:59.0295 5732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    11:55:59.0332 5732 usbcir - ok
    11:55:59.0395 5732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    11:55:59.0438 5732 usbehci - ok
    11:55:59.0475 5732 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
    11:55:59.0538 5732 usbhub - ok
    11:55:59.0598 5732 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    11:55:59.0674 5732 usbohci - ok
    11:55:59.0731 5732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:55:59.0780 5732 usbprint - ok
    11:55:59.0820 5732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    11:55:59.0849 5732 usbscan - ok
    11:55:59.0873 5732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:55:59.0928 5732 USBSTOR - ok
    11:55:59.0956 5732 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    11:55:59.0992 5732 usbuhci - ok
    11:56:00.0036 5732 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    11:56:00.0070 5732 usbvideo - ok
    11:56:00.0125 5732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    11:56:00.0151 5732 vdrvroot - ok
    11:56:00.0181 5732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:56:00.0216 5732 vga - ok
    11:56:00.0239 5732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:56:00.0292 5732 VgaSave - ok
    11:56:00.0329 5732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    11:56:00.0358 5732 vhdmp - ok
    11:56:00.0398 5732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    11:56:00.0423 5732 viaide - ok
    11:56:00.0446 5732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    11:56:00.0457 5732 volmgr - ok
    11:56:00.0507 5732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    11:56:00.0545 5732 volmgrx - ok
    11:56:00.0569 5732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    11:56:00.0582 5732 volsnap - ok
    11:56:00.0622 5732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:56:00.0635 5732 vsmraid - ok
    11:56:00.0700 5732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    11:56:00.0733 5732 vwifibus - ok
    11:56:00.0759 5732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    11:56:00.0784 5732 vwififlt - ok
    11:56:00.0805 5732 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    11:56:00.0826 5732 vwifimp - ok
    11:56:00.0840 5732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:56:00.0860 5732 WacomPen - ok
    11:56:00.0924 5732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:56:00.0999 5732 WANARP - ok
    11:56:01.0477 5732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    11:56:01.0522 5732 Wanarpv6 - ok
    11:56:01.0559 5732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:56:01.0567 5732 Wd - ok
    11:56:01.0598 5732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:56:01.0617 5732 Wdf01000 - ok
    11:56:01.0667 5732 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
    11:56:01.0710 5732 wdkmd - ok
    11:56:01.0735 5732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:56:01.0763 5732 WfpLwf - ok
    11:56:01.0797 5732 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    11:56:01.0812 5732 WimFltr - ok
    11:56:01.0831 5732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:56:01.0839 5732 WIMMount - ok
    11:56:01.0920 5732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    11:56:01.0978 5732 WinUsb - ok
    11:56:02.0024 5732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    11:56:02.0048 5732 WmiAcpi - ok
    11:56:02.0075 5732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:56:02.0142 5732 ws2ifsl - ok
    11:56:02.0186 5732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    11:56:02.0263 5732 WudfPf - ok
    11:56:02.0313 5732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:56:02.0373 5732 WUDFRd - ok
    11:56:02.0423 5732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    11:56:02.0590 5732 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    11:56:02.0590 5732 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    11:56:02.0597 5732 Boot (0x1200) (4980b5f8fa0890f5e98eda07dcebc2f2) \Device\Harddisk0\DR0\Partition0
    11:56:02.0598 5732 \Device\Harddisk0\DR0\Partition0 - ok
    11:56:02.0630 5732 Boot (0x1200) (683c52ad82086aedc39384b3d0160f54) \Device\Harddisk0\DR0\Partition1
    11:56:02.0631 5732 \Device\Harddisk0\DR0\Partition1 - ok
    11:56:02.0632 5732 ============================================================
    11:56:02.0632 5732 Scan finished
    11:56:02.0632 5732 ============================================================
    11:56:02.0639 3036 Detected object count: 1
    11:56:02.0639 3036 Actual detected object count: 1
    11:56:10.0442 3036 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    11:56:10.0445 3036 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    11:56:10.0448 3036 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    11:56:10.0451 3036 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    11:56:10.0455 3036 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    11:56:10.0488 3036 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    11:56:10.0508 3036 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    11:56:10.0530 3036 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    11:56:10.0537 3036 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    11:56:10.0545 3036 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    11:56:10.0558 3036 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
    11:56:10.0559 3036 \Device\Harddisk0\DR0\TDLFS - deleted
    11:56:10.0559 3036 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    OK, post the log when ready, a quick scan would have been adequate but a full scan is fine. I`ve got to go out, will be back maybe 1 to 2 hours....

    Kevin
     
  11. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Kevin,

    We aborted and ran a quick scan. Here you go:


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.09.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Zeynep :: ZEYNEP-PC [administrator]

    Protection: Enabled

    2/9/2012 12:23:07 PM
    mbam-log-2012-02-09 (12-23-07).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212640
    Time elapsed: 11 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  12. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Kevin, it looks like MBAM is showing a clean scan! Thanks so much for your help on this! Do you recommend continuing to use MBAM as our virus protection to avoid this happening again?
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    Malwarebytes does not give Anti-Virus protection, it is however an excellent program and will protect from all other forms of malware if realtime protection is engaged. You will need the pro version for that option.

    Run the following scan, post the logs when complete:

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      [B]netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /mp /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Next,

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Let me see the following in your reply :-

    • OTL.txt
    • Extras.txt
    • Log from Security Checks

    Kevin
     
  14. Timmeh!

    Timmeh! Thread Starter

    Joined:
    Jun 5, 2007
    Messages:
    20
    Here is the OTL log:

    OTL Extras logfile created on: 2/9/2012 5:52:41 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zeynep\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.92 Gb Total Physical Memory | 3.40 Gb Available Physical Memory | 57.46% Memory free
    11.83 Gb Paging File | 8.94 Gb Available in Paging File | 75.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 271.21 Gb Free Space | 60.13% Space Free | Partition Type: NTFS

    Computer Name: ZEYNEP-PC | User Name: Zeynep | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1213244044-3777014464-1362229086-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1A26F3E9-1351-400B-B296-A0B24F2FDA8C}" = CXP Color Printer Driver
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi Software
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 265.94
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 265.94
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 265.94
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
    "{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
    "{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "ARO 2011_is1" = ARO 2011
    "AVG" = AVG 2012
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
    "{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype&#8482; 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8FAFAEE-94E2-43D9-8046-87F96D0FD7CF}" = Fantapper Player
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECC2ECA-7737-4E13-A0ED-8D0A38FBE1CE}_is1" = EXARadyo 3
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "BizNuri" = BizNuri 4.0
    "Canon MG5200 series User Registration" = Canon MG5200 series User Registration
    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon My Printer
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist Corporate
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Kur'an Öðreniyorum (Bedava Web Sürümü)" = Kur'an Öðreniyorum (Bedava Web Sürümü)
    "Kur'an Ögreniyorum 1.0" = Kur'an Ögreniyorum 1.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "NirSoft BlueScreenView" = NirSoft BlueScreenView
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Picasa 3" = Picasa 3
    "Replay Media Catcher 4" = Replay Media Catcher 4 (4.2.9)
    "Rhapsody" = Rhapsody
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1213244044-3777014464-1362229086-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater
    "Dropbox" = Dropbox
    "Spotify" = Spotify

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/2/2012 5:02:45 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5102

    Error - 2/2/2012 5:02:45 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5102

    Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6116

    Error - 2/2/2012 5:02:46 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6116

    Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7114

    Error - 2/2/2012 5:02:47 AM | Computer Name = Zeynep-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7114

    Error - 2/2/2012 12:17:54 PM | Computer Name = Zeynep-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error - 2/3/2012 12:52:36 AM | Computer Name = Zeynep-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: NOBuAgent.exe, version: 2.1.19634.0, time
    stamp: 0x4c75b543 Faulting module name: NOBuAgent.exe, version: 2.1.19634.0, time
    stamp: 0x4c75b543 Exception code: 0xc0000409 Fault offset: 0x000000000011e276 Faulting
    process id: 0x12e4 Faulting application start time: 0x01cce22f98ee7f10 Faulting application
    path: C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe Faulting module
    path: C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe Report Id:
    e3d8937a-4e22-11e1-80d2-bc773736e86c

    [ Dell Events ]
    Error - 11/21/2011 6:27:47 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/21/2011 7:01:37 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 11/21/2011 7:01:37 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/5/2011 5:49:37 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/5/2011 5:49:37 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/8/2011 9:08:32 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/8/2011 9:08:32 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/25/2012 3:22:20 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/25/2012 3:22:20 AM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 2/1/2012 12:02:17 PM | Computer Name = Zeynep-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ OSession Events ]
    Error - 8/30/2011 7:04:03 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 536 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/2/2011 8:45:13 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 358 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 9/14/2011 6:26:01 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 287 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/14/2011 6:52:35 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 320 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/19/2011 8:05:07 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 299 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/20/2011 7:45:14 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 533 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/22/2011 7:45:28 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 2674 seconds with 480 seconds of active time. This session ended with a
    crash.

    Error - 11/1/2011 8:30:05 AM | Computer Name = Zeynep-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 537 seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/15/2011 3:04:01 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (120000 milliseconds) while waiting for the
    Windows Search service to connect.

    Error - 9/15/2011 3:04:01 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053

    Error - 9/15/2011 3:05:30 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (120000 milliseconds) while waiting for the
    Windows Search service to connect.

    Error - 9/15/2011 3:05:30 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053

    Error - 9/15/2011 3:05:51 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (120000 milliseconds) while waiting for the
    Windows Search service to connect.

    Error - 9/15/2011 3:05:51 AM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7000
    Description = The Windows Search service failed to start due to the following error:
    %%1053

    Error - 9/15/2011 5:40:49 AM | Computer Name = Zeynep-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 5:39:18 AM on ?9/?15/?2011 was unexpected.

    Error - 9/15/2011 3:37:39 PM | Computer Name = Zeynep-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (120000 milliseconds) was reached while waiting for a transaction
    response from the SysMain service.

    Error - 9/15/2011 3:37:50 PM | Computer Name = Zeynep-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/20/2011 5:31:26 AM | Computer Name = Zeynep-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,154
    That is Extras.txt, still need OTL.txt (that is the main log) Also need the log from Security Checks...
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1039401