Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Agent in svchost.exe can't remove!!


  • This topic is locked This topic is locked
10 replies to this topic

#1 nikthequick

nikthequick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 March 2012 - 02:09 AM

Hey everyone,

I got a pretty nasty virus that for the life of me I can't get off my laptop. I have a newerish HP laptop with Windows 7 64-bit on it. During a malwarebytes scan It found a Trojan.agent virus in my c:/windows/ svchost.exe file that I cannot get off at all. I even tried doing a system restore off the partition on my hard drive and it would still not come off after the disk wipe! Any help at all would be greatly appreciated!!

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 21 March 2012 - 04:14 PM

Good evening. :)

Please go here, follow steps six, seven and eight as best you can, skipping those that you cannot run for any reason, and then post accordingly into this thread.

So long, and thanks for all the fish.

 

 


#3 nikthequick

nikthequick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 21 March 2012 - 10:42 PM

Thank you Noviciate for the quick reply!

Per your instructions I did the steps and these were the results:

Step 7 - DDS Logs

DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Nik at 20:06:57 on 2012-03-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3820 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B633A733-BA5F-4F7B-9C8F-3C4444F8AA94} : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-8 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-1 365568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-4-28 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-2-17 265544]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-6-8 2375168]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/06/08 11:16:09;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-21 06:59:57 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-03-21 06:22:41 20480 ----a-w- C:\Windows\svchost.exe
2012-03-21 04:50:15 -------- d-----w- C:\Users\Nik\AppData\Roaming\Malwarebytes
2012-03-21 04:49:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-21 04:48:57 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-21 04:48:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-21 02:30:56 -------- d-----w- C:\Users\Nik\AppData\Roaming\AVG2012
2012-03-21 02:29:43 -------- d--h--w- C:\ProgramData\Common Files
2012-03-21 02:29:12 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-03-21 02:27:53 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-03-21 02:27:53 -------- d-----w- C:\ProgramData\AVG2012
2012-03-21 02:25:09 -------- d-----w- C:\Program Files (x86)\AVG
2012-03-21 02:09:14 -------- d-----w- C:\ProgramData\MFAData
2012-03-21 01:39:03 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-21 01:33:13 -------- d-sh--w- C:\found.000
2012-03-21 01:32:58 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-21 01:32:58 -------- d-----w- C:\Windows\System32\Wat
2012-03-21 01:09:56 8390656 ----a-w- C:\Windows\SysWow64\SETD0CB.tmp
2012-03-21 00:08:52 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-21 00:08:03 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7CC6B1C-E1AC-4316-B0CD-1CA27C017678}\mpengine.dll
2012-03-21 00:06:40 8643640 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-03-20 22:56:57 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-03-20 22:55:48 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2012-03-20 22:54:58 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-03-20 22:52:30 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-03-20 22:52:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-03-20 22:52:30 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-03-20 22:52:27 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-03-20 22:52:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-03-20 22:52:27 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-03-20 22:52:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-03-20 22:51:42 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-03-20 22:51:23 77312 ----a-w- C:\Windows\System32\packager.dll
2012-03-20 22:51:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-03-20 22:28:37 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-20 22:28:37 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-20 22:28:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-20 22:24:56 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-20 22:24:56 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-20 22:24:55 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-20 22:24:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-20 22:04:13 -------- d-----w- C:\Users\Nik\AppData\Local\AMD
2012-03-20 22:03:51 -------- d-----w- C:\Users\Nik\AppData\Local\ATI
2012-03-20 22:02:45 -------- d-----w- C:\Users\Nik\AppData\Roaming\hpqLog
2012-03-20 22:02:41 -------- d-----w- C:\Users\Nik\AppData\Roaming\Synaptics
.
==================== Find3M ====================
.
2012-03-21 06:59:01 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2012-02-23 16:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 20:11:11.91 ===============




Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/20/2012 2:55:58 PM
System Uptime: 3/21/2012 8:01:17 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 358D
Processor: AMD A8-3500M APU with Radeon™ HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 543.654 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.62 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 3/20/2012 2:57:53 PM - First_User_Boot
RP4: 3/20/2012 3:06:26 PM - Removed Blio.
RP5: 3/20/2012 3:08:58 PM - Removed Evernote v. 4.2.2
RP6: 3/20/2012 3:15:41 PM - Removed Microsoft Office 2010
RP7: 3/20/2012 4:13:09 PM - Windows Update
RP8: 3/20/2012 5:05:44 PM - Windows Update
RP9: 3/20/2012 5:12:23 PM - Windows Update
RP10: 3/20/2012 5:57:59 PM - Windows Update
RP11: 3/20/2012 6:16:41 PM - Windows Update
RP12: 3/20/2012 7:22:41 PM - Installed AVG 2012
RP13: 3/20/2012 7:26:05 PM - Installed AVG 2012
RP14: 3/20/2012 8:39:14 PM - Windows Update
RP15: 3/20/2012 11:53:22 PM - Installed Java™ 7 Update 3 (64-bit)
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
ESU for Microsoft Windows 7
Farm Frenzy
FATE - The Traitor Soul
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java™ 6 Update 24
Junk Mail filter update
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Slingo Supreme
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
3/21/2012 1:25:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
3/20/2012 9:44:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cbab5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-52915-01.
3/20/2012 9:27:43 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc. - Display, Other hardware - AMD Radeon™ HD 6620G.
3/20/2012 9:09:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
3/20/2012 7:03:31 PM, Error: Service Control Manager [7023] -
3/20/2012 6:11:43 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000102113c0c, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cb0ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-57907-01.
3/20/2012 6:04:52 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b3: Synaptics - Input - Synaptics PS/2 Port TouchPad.
3/20/2012 5:47:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
3/20/2012 5:47:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f82a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
3/20/2012 5:45:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/20/2012 5:35:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cb8ab5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-31481-01.
3/20/2012 5:09:24 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365
3/20/2012 5:05:41 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
3/20/2012 3:20:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002a808ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032012-45224-01.
.
==== End Of File ===========================





Step 8- GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-21 20:41:43
Windows 6.1.7601 Service Pack 1
Running: xjtu0obd.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\2312[1].gif 62 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\2312[1].htm 77 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\al[5].js 38 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\blognba_smacchat_com[1].htm 101706 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\content-right-box-bg[1].png 292 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\control[5].xml 41971 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\crossdomainCAIL342B.xml 302 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\dvtp_src[2].js 7832 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\e5559a34903d27433098d3269e7920fc56138907[1] 14423 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\getCAH8KO80 18 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\logCAIQVKYJ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\nf[1].htm 2256 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\pointer[1].png 239 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\recette_encodesc60r01512K_[1].jpg 12173 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\text_group[1].js 1915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02LOCT0Z\travelers_q2_chopper_dogYears_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\01[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\01[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\728ad[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\a@x15[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\ads[7].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\amazon-logo[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\answers[1].htm 205507 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\ATT_Value_Ability_300x250[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\context[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\find1[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\get[10] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\get[11] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\get[2].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\get[3].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\GetAdDirector_BannerCreative[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\GnewsSearch[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\GrabOSMFPlayer[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\header-bg[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\iframe[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\index[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\ipad2-review[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\lgl[5].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\likebox[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\logCAO28BF8.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\logCARTLDG7.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\logCAWF0KD0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\menu-item-bg[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\oauth[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\recette_encodesc13r02512K_[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\region-map[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\rnd=1962875153[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\SmartPlayer_181[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\srad[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BMCXI75A\you-must-have-acquired-taste-for-this[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGK12RB4\init[3].js 7067 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGK12RB4\recette_encodesc22r01512K_[1].jpg 8200 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGK12RB4\sonic[1].swf 1223240 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\29071-15.3283148[1].js 5997 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\2[3].xml 11988 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\_dv6t_CustomerAppreciation_549_728x90_Flash[1].swf 20348 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\ads[11].js 10010 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\adsCA08UVJ1.js 10441 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\Arkanoid-100x100[1].png 7282 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\B6296629[2].js 16286 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\Breakout-100x100[1].png 3933 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\click[2].js 5763 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\crossdomainCA2BQX2B.xml 297 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\crossdomainCAS13QI8.xml 200 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\datapair[1].gif 42 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\get[10] 18 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\Intel_dv6t_CustomerAppreciation_579_300x250_Flash[1].swf 27039 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\Jetpac-100x100[1].png 3807 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\logCA5VZMF1.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\ova[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\play-free-casual-flash-game-18-wheeler-3-100x100[1].jpg 5867 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\play-free-casual-flash-game-big-truck-adventures-2-100x100[1].jpg 6637 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\recette_encodesc62r04512K_[1].jpg 11949 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\recipes2[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\SetURLCookie[1].gif 85 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\smartad[1].js 2074 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\stat[1].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H9KXFT4Z\Varth-100x100[1].png 14278 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\2[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\4094[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\728x90[1].jpg 23707 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\a@Top1[2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\ads[5].js 8551 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\al[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\andes_catcher[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\astropanic1-100x100[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\b_blue-square-media_com[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\b_blue-square-media_com[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\crossdomainCACHY1M1.xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\emily[2].htm 10846 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\follow_button.1331751378[1].htm 62952 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\frogger-small[1].jpg 4707 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\Galaga-100x100[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\get[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\getjs[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\getSegment[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\iframe!t=1209![2].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\in[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\index[4].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\leftnav_bullet_over99[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\logCAQKRFQN.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\logCAVVMMJG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\play-free-flash-game-darkhorizon-100x100[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\play-free-flash-game-light-cut-100x100[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\play-free-flash-game-rocket-man-100x100[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\preroll[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\recipes1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\Rick-Dangerous1-100x100[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\rnd=1339118390[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\rnd=513428214[1].htm 8212 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\serve[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\REUOD1XS\StreetFighter2-100x100[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1K59984C.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\4JKWXXYA.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6HKEA2QY.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7F3BI32C.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8M0FD07S.txt 1587 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8Q9EZVI0.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C3YNC06S.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CIFXKVPG.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\EAZ8D4U3.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L0TZ3CI1.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O2LH0NIK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OEJAKJEX.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OMKDC2IL.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PMLJ313S.txt 4273 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\RZ58WJ7N.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S65121EK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\U3ND0GGV.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V1UN9KD3.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X1J0SN46.txt 126 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X863MEWZ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\XSNSBKW1.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\YJJOTVT9.txt 0 bytes

---- EOF - GMER 1.0.15 ----



Please let me know what to do next!

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 22 March 2012 - 04:03 PM

Good evening. :)

If you are lucky this could be a simple process, but if not it could take a little time - PC nasties are getting decidedly nastier.

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#5 nikthequick

nikthequick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 March 2012 - 04:59 PM

Thanks for the quick reply Nov!

Here is the log of the scan, but in short 3 items were found, by default 1 was cured and 2 were skipped. Also going forward I have a pretty good knowledge of computers and programs, so if it will help you save time by typing less step by step instructions, I will get the jist of what is needed.





14:49:23.0706 6588 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
14:49:25.0706 6588 ============================================================
14:49:25.0706 6588 Current date / time: 2012/03/22 14:49:25.0706
14:49:25.0706 6588 SystemInfo:
14:49:25.0706 6588
14:49:25.0706 6588 OS Version: 6.1.7601 ServicePack: 1.0
14:49:25.0706 6588 Product type: Workstation
14:49:25.0706 6588 ComputerName: NIK-HP
14:49:25.0706 6588 UserName: Nik
14:49:25.0706 6588 Windows directory: C:\Windows
14:49:25.0706 6588 System windows directory: C:\Windows
14:49:25.0706 6588 Running under WOW64
14:49:25.0706 6588 Processor architecture: Intel x64
14:49:25.0706 6588 Number of processors: 4
14:49:25.0706 6588 Page size: 0x1000
14:49:25.0706 6588 Boot type: Normal boot
14:49:25.0706 6588 ============================================================
14:49:26.0566 6588 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:49:26.0576 6588 \Device\Harddisk0\DR0:
14:49:26.0576 6588 MBR used
14:49:26.0576 6588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:49:26.0576 6588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A95800
14:49:26.0576 6588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AF9800, BlocksNum 0x1D2A800
14:49:26.0576 6588 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
14:49:26.0686 6588 Initialize success
14:49:26.0686 6588 ============================================================
14:49:43.0466 7628 ============================================================
14:49:43.0466 7628 Scan started
14:49:43.0466 7628 Mode: Manual; SigCheck; TDLFS;
14:49:43.0466 7628 ============================================================
14:49:47.0186 7628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:49:47.0306 7628 1394ohci - ok
14:49:47.0646 7628 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
14:49:47.0666 7628 Accelerometer - ok
14:49:47.0956 7628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:49:47.0976 7628 ACPI - ok
14:49:48.0266 7628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:49:48.0336 7628 AcpiPmi - ok
14:49:48.0666 7628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
14:49:48.0696 7628 adp94xx - ok
14:49:49.0016 7628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
14:49:49.0036 7628 adpahci - ok
14:49:49.0596 7628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
14:49:49.0616 7628 adpu320 - ok
14:49:50.0046 7628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:49:50.0166 7628 AeLookupSvc - ok
14:49:50.0276 7628 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
14:49:50.0346 7628 AESTFilters - ok
14:49:50.0806 7628 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:49:50.0856 7628 AFD - ok
14:49:51.0156 7628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:49:51.0166 7628 agp440 - ok
14:49:51.0656 7628 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:49:51.0766 7628 ALG - ok
14:49:52.0426 7628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:49:52.0436 7628 aliide - ok
14:49:52.0756 7628 AMD External Events Utility (3de8dc285540733818588cc94e7fc96e) C:\Windows\system32\atiesrxx.exe
14:49:52.0906 7628 AMD External Events Utility - ok
14:49:52.0956 7628 AMD FUEL Service - ok
14:49:53.0366 7628 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
14:49:53.0386 7628 amdhub30 - ok
14:49:53.0946 7628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:49:53.0956 7628 amdide - ok
14:49:54.0256 7628 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
14:49:54.0276 7628 amdiox64 - ok
14:49:54.0646 7628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
14:49:54.0686 7628 AmdK8 - ok
14:49:55.0236 7628 amdkmdag (42d53daf85f948c39ce1351a8f5b5808) C:\Windows\system32\DRIVERS\atikmdag.sys
14:49:55.0566 7628 amdkmdag - ok
14:49:55.0886 7628 amdkmdap (75182b5784015b271932088551616a96) C:\Windows\system32\DRIVERS\atikmpag.sys
14:49:55.0926 7628 amdkmdap - ok
14:49:56.0216 7628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:49:56.0256 7628 AmdPPM - ok
14:49:56.0676 7628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:49:56.0686 7628 amdsata - ok
14:49:57.0416 7628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
14:49:57.0426 7628 amdsbs - ok
14:49:58.0026 7628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:49:58.0046 7628 amdxata - ok
14:49:58.0716 7628 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
14:49:58.0726 7628 amdxhc - ok
14:49:59.0116 7628 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
14:49:59.0126 7628 amd_sata - ok
14:49:59.0956 7628 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
14:49:59.0966 7628 amd_xata - ok
14:50:00.0516 7628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:50:00.0586 7628 AppID - ok
14:50:00.0826 7628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:50:00.0886 7628 AppIDSvc - ok
14:50:01.0226 7628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:50:01.0326 7628 Appinfo - ok
14:50:02.0206 7628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
14:50:02.0216 7628 arc - ok
14:50:03.0006 7628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
14:50:03.0026 7628 arcsas - ok
14:50:03.0286 7628 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:50:03.0296 7628 aspnet_state - ok
14:50:03.0726 7628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:03.0806 7628 AsyncMac - ok
14:50:04.0196 7628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:50:04.0206 7628 atapi - ok
14:50:04.0556 7628 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
14:50:04.0576 7628 AtiHDAudioService - ok
14:50:04.0856 7628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:04.0936 7628 AudioEndpointBuilder - ok
14:50:04.0976 7628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:50:05.0026 7628 AudioSrv - ok
14:50:05.0246 7628 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
14:50:05.0346 7628 AVGIDSAgent - ok
14:50:05.0656 7628 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:50:05.0666 7628 AVGIDSDriver - ok
14:50:05.0996 7628 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:50:06.0006 7628 AVGIDSEH - ok
14:50:06.0296 7628 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:50:06.0306 7628 AVGIDSFilter - ok
14:50:06.0626 7628 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
14:50:06.0636 7628 Avgldx64 - ok
14:50:06.0996 7628 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
14:50:07.0006 7628 Avgmfx64 - ok
14:50:07.0506 7628 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
14:50:07.0516 7628 Avgrkx64 - ok
14:50:07.0656 7628 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
14:50:07.0676 7628 avgwd - ok
14:50:07.0936 7628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:50:08.0016 7628 AxInstSV - ok
14:50:08.0346 7628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
14:50:08.0396 7628 b06bdrv - ok
14:50:08.0806 7628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:50:08.0846 7628 b57nd60a - ok
14:50:09.0356 7628 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:50:09.0426 7628 BCM43XX - ok
14:50:09.0646 7628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:50:09.0696 7628 BDESVC - ok
14:50:10.0056 7628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:50:10.0126 7628 Beep - ok
14:50:10.0356 7628 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:50:10.0426 7628 BFE - ok
14:50:10.0676 7628 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:50:10.0756 7628 BITS - ok
14:50:11.0196 7628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
14:50:11.0476 7628 blbdrive - ok
14:50:12.0306 7628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:50:12.0356 7628 bowser - ok
14:50:12.0876 7628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
14:50:12.0916 7628 BrFiltLo - ok
14:50:13.0996 7628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
14:50:14.0016 7628 BrFiltUp - ok
14:50:14.0266 7628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:50:14.0336 7628 Browser - ok
14:50:14.0626 7628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:50:14.0686 7628 Brserid - ok
14:50:15.0026 7628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:50:15.0076 7628 BrSerWdm - ok
14:50:15.0456 7628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:50:15.0496 7628 BrUsbMdm - ok
14:50:15.0766 7628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:50:15.0786 7628 BrUsbSer - ok
14:50:16.0086 7628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
14:50:16.0126 7628 BTHMODEM - ok
14:50:16.0336 7628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:50:16.0406 7628 bthserv - ok
14:50:16.0696 7628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:50:16.0746 7628 cdfs - ok
14:50:17.0076 7628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
14:50:17.0106 7628 cdrom - ok
14:50:17.0326 7628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:50:17.0416 7628 CertPropSvc - ok
14:50:17.0716 7628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:50:17.0756 7628 circlass - ok
14:50:17.0996 7628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:50:18.0016 7628 CLFS - ok
14:50:18.0156 7628 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
14:50:18.0176 7628 CLKMSVC10_38F51D56 - ok
14:50:18.0406 7628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:50:18.0416 7628 clr_optimization_v2.0.50727_32 - ok
14:50:18.0656 7628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:50:18.0666 7628 clr_optimization_v2.0.50727_64 - ok
14:50:18.0916 7628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:50:18.0936 7628 clr_optimization_v4.0.30319_32 - ok
14:50:19.0236 7628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:50:19.0256 7628 clr_optimization_v4.0.30319_64 - ok
14:50:19.0606 7628 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
14:50:19.0616 7628 clwvd - ok
14:50:19.0936 7628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
14:50:19.0966 7628 CmBatt - ok
14:50:20.0256 7628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:50:20.0266 7628 cmdide - ok
14:50:20.0546 7628 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:50:20.0576 7628 CNG - ok
14:50:20.0886 7628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
14:50:20.0896 7628 Compbatt - ok
14:50:21.0326 7628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:50:21.0376 7628 CompositeBus - ok
14:50:21.0726 7628 COMSysApp - ok
14:50:22.0026 7628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
14:50:22.0036 7628 crcdisk - ok
14:50:22.0376 7628 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:50:22.0436 7628 CryptSvc - ok
14:50:22.0746 7628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:50:22.0826 7628 DcomLaunch - ok
14:50:23.0076 7628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:50:23.0136 7628 defragsvc - ok
14:50:23.0526 7628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:50:23.0586 7628 DfsC - ok
14:50:23.0826 7628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:50:23.0886 7628 Dhcp - ok
14:50:24.0176 7628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:50:24.0246 7628 discache - ok
14:50:24.0536 7628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
14:50:24.0556 7628 Disk - ok
14:50:24.0776 7628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:50:24.0826 7628 Dnscache - ok
14:50:25.0136 7628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:50:25.0246 7628 dot3svc - ok
14:50:26.0136 7628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:50:26.0246 7628 DPS - ok
14:50:26.0826 7628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:50:26.0886 7628 drmkaud - ok
14:50:27.0706 7628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:50:27.0736 7628 DXGKrnl - ok
14:50:28.0196 7628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:50:28.0276 7628 EapHost - ok
14:50:28.0696 7628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
14:50:28.0756 7628 ebdrv - ok
14:50:28.0966 7628 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:50:29.0006 7628 EFS - ok
14:50:29.0196 7628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:50:29.0286 7628 ehRecvr - ok
14:50:29.0416 7628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:50:29.0436 7628 ehSched - ok
14:50:29.0736 7628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
14:50:29.0766 7628 elxstor - ok
14:50:30.0066 7628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:50:30.0116 7628 ErrDev - ok
14:50:30.0436 7628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:50:30.0536 7628 EventSystem - ok
14:50:30.0856 7628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:50:30.0916 7628 exfat - ok
14:50:31.0286 7628 ezSharedSvc - ok
14:50:31.0806 7628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:50:31.0896 7628 fastfat - ok
14:50:32.0326 7628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:50:32.0426 7628 Fax - ok
14:50:32.0816 7628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
14:50:32.0846 7628 fdc - ok
14:50:33.0236 7628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:50:33.0286 7628 fdPHost - ok
14:50:33.0716 7628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:50:33.0776 7628 FDResPub - ok
14:50:34.0196 7628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:50:34.0206 7628 FileInfo - ok
14:50:34.0496 7628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:50:34.0556 7628 Filetrace - ok
14:50:34.0846 7628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
14:50:34.0866 7628 flpydisk - ok
14:50:35.0426 7628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:50:35.0446 7628 FltMgr - ok
14:50:35.0946 7628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:50:36.0046 7628 FontCache - ok
14:50:36.0266 7628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:50:36.0276 7628 FontCache3.0.0.0 - ok
14:50:36.0406 7628 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
14:50:36.0426 7628 FPLService - ok
14:50:36.0806 7628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:50:36.0826 7628 FsDepends - ok
14:50:37.0376 7628 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:50:37.0386 7628 Fs_Rec - ok
14:50:37.0976 7628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:50:37.0996 7628 fvevol - ok
14:50:38.0536 7628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
14:50:38.0546 7628 gagp30kx - ok
14:50:38.0636 7628 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
14:50:38.0656 7628 GamesAppService - ok
14:50:38.0876 7628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:50:38.0936 7628 gpsvc - ok
14:50:39.0336 7628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:50:39.0396 7628 hcw85cir - ok
14:50:40.0076 7628 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:50:40.0136 7628 HdAudAddService - ok
14:50:40.0566 7628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:40.0616 7628 HDAudBus - ok
14:50:41.0066 7628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
14:50:41.0106 7628 HidBatt - ok
14:50:41.0506 7628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
14:50:41.0536 7628 HidBth - ok
14:50:41.0826 7628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
14:50:41.0846 7628 HidIr - ok
14:50:42.0056 7628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:50:42.0116 7628 hidserv - ok
14:50:42.0446 7628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:50:42.0466 7628 HidUsb - ok
14:50:42.0716 7628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:50:42.0786 7628 hkmsvc - ok
14:50:43.0036 7628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:50:43.0126 7628 HomeGroupListener - ok
14:50:43.0576 7628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:50:43.0626 7628 HomeGroupProvider - ok
14:50:43.0806 7628 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:50:43.0816 7628 HP Health Check Service - ok
14:50:43.0946 7628 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
14:50:43.0976 7628 HPAuto - ok
14:50:44.0106 7628 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:50:44.0116 7628 HPClientSvc - ok
14:50:44.0226 7628 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
14:50:44.0266 7628 hpCMSrv - ok
14:50:44.0366 7628 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:50:44.0386 7628 HPDrvMntSvc.exe - ok
14:50:44.0776 7628 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
14:50:44.0786 7628 hpdskflt - ok
14:50:44.0906 7628 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:50:44.0936 7628 hpqwmiex - ok
14:50:45.0416 7628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:50:45.0426 7628 HpSAMD - ok
14:50:45.0756 7628 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
14:50:45.0766 7628 hpsrv - ok
14:50:45.0966 7628 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:50:45.0986 7628 HPWMISVC - ok
14:50:46.0356 7628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:50:46.0446 7628 HTTP - ok
14:50:46.0736 7628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:50:46.0746 7628 hwpolicy - ok
14:50:47.0046 7628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:50:47.0066 7628 i8042prt - ok
14:50:47.0706 7628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:50:47.0726 7628 iaStorV - ok
14:50:47.0916 7628 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
14:50:47.0976 7628 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
14:50:47.0976 7628 IconMan_R - detected UnsignedFile.Multi.Generic (1)
14:50:48.0226 7628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:50:48.0256 7628 idsvc - ok
14:50:48.0586 7628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
14:50:48.0606 7628 iirsp - ok
14:50:48.0816 7628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:50:48.0886 7628 IKEEXT - ok
14:50:49.0296 7628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:50:49.0316 7628 intelide - ok
14:50:49.0926 7628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
14:50:49.0976 7628 intelppm - ok
14:50:50.0446 7628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:50:50.0536 7628 IPBusEnum - ok
14:50:51.0006 7628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:51.0046 7628 IpFilterDriver - ok
14:50:51.0456 7628 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:50:51.0546 7628 iphlpsvc - ok
14:50:51.0896 7628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:50:51.0926 7628 IPMIDRV - ok
14:50:52.0216 7628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:50:52.0276 7628 IPNAT - ok
14:50:52.0596 7628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:50:52.0626 7628 IRENUM - ok
14:50:52.0916 7628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:50:52.0936 7628 isapnp - ok
14:50:53.0526 7628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:50:53.0546 7628 iScsiPrt - ok
14:50:53.0956 7628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:53.0966 7628 kbdclass - ok
14:50:54.0466 7628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:50:54.0486 7628 kbdhid - ok
14:50:54.0696 7628 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:50:54.0716 7628 KeyIso - ok
14:50:54.0996 7628 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:50:55.0016 7628 KSecDD - ok
14:50:55.0666 7628 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:50:55.0686 7628 KSecPkg - ok
14:50:56.0086 7628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:50:56.0146 7628 ksthunk - ok
14:50:56.0366 7628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:50:56.0436 7628 KtmRm - ok
14:50:56.0656 7628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:50:56.0716 7628 LanmanServer - ok
14:50:56.0946 7628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:50:56.0996 7628 LanmanWorkstation - ok
14:50:57.0556 7628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:50:57.0626 7628 lltdio - ok
14:50:57.0836 7628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:50:57.0906 7628 lltdsvc - ok
14:50:58.0116 7628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:50:58.0166 7628 lmhosts - ok
14:50:58.0486 7628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
14:50:58.0496 7628 LSI_FC - ok
14:50:58.0846 7628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
14:50:58.0866 7628 LSI_SAS - ok
14:50:59.0186 7628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
14:50:59.0196 7628 LSI_SAS2 - ok
14:50:59.0696 7628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
14:50:59.0716 7628 LSI_SCSI - ok
14:51:00.0066 7628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:51:00.0126 7628 luafv - ok
14:51:00.0346 7628 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:51:00.0366 7628 Mcx2Svc - ok
14:51:00.0646 7628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
14:51:00.0666 7628 megasas - ok
14:51:00.0976 7628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
14:51:00.0996 7628 MegaSR - ok
14:51:01.0466 7628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:51:01.0546 7628 MMCSS - ok
14:51:01.0976 7628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:51:02.0036 7628 Modem - ok
14:51:02.0416 7628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:51:02.0456 7628 monitor - ok
14:51:02.0756 7628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:51:02.0766 7628 mouclass - ok
14:51:03.0056 7628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
14:51:03.0086 7628 mouhid - ok
14:51:03.0576 7628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:51:03.0596 7628 mountmgr - ok
14:51:03.0976 7628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:51:03.0986 7628 mpio - ok
14:51:04.0566 7628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:51:04.0616 7628 mpsdrv - ok
14:51:04.0826 7628 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:51:04.0896 7628 MpsSvc - ok
14:51:05.0306 7628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:51:05.0356 7628 MRxDAV - ok
14:51:05.0656 7628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:51:05.0696 7628 mrxsmb - ok
14:51:06.0056 7628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:51:06.0076 7628 mrxsmb10 - ok
14:51:06.0376 7628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:51:06.0396 7628 mrxsmb20 - ok
14:51:06.0916 7628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:51:06.0926 7628 msahci - ok
14:51:07.0506 7628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:51:07.0526 7628 msdsm - ok
14:51:07.0826 7628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:51:07.0876 7628 MSDTC - ok
14:51:08.0246 7628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:51:08.0296 7628 Msfs - ok
14:51:08.0556 7628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:51:08.0626 7628 mshidkmdf - ok
14:51:08.0896 7628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:51:08.0906 7628 msisadrv - ok
14:51:09.0156 7628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:51:09.0236 7628 MSiSCSI - ok
14:51:09.0576 7628 msiserver - ok
14:51:10.0156 7628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:51:10.0236 7628 MSKSSRV - ok
14:51:10.0716 7628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:51:10.0776 7628 MSPCLOCK - ok
14:51:11.0196 7628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:51:11.0256 7628 MSPQM - ok
14:51:11.0746 7628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:51:11.0766 7628 MsRPC - ok
14:51:12.0196 7628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:51:12.0206 7628 mssmbios - ok
14:51:12.0496 7628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:51:12.0546 7628 MSTEE - ok
14:51:12.0846 7628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
14:51:12.0866 7628 MTConfig - ok
14:51:13.0486 7628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:51:13.0496 7628 Mup - ok
14:51:14.0396 7628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:51:14.0476 7628 napagent - ok
14:51:15.0206 7628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:51:15.0306 7628 NativeWifiP - ok
14:51:15.0886 7628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:51:15.0916 7628 NDIS - ok
14:51:16.0346 7628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:51:16.0436 7628 NdisCap - ok
14:51:16.0836 7628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:51:16.0886 7628 NdisTapi - ok
14:51:17.0346 7628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:51:17.0416 7628 Ndisuio - ok
14:51:18.0006 7628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:51:18.0086 7628 NdisWan - ok
14:51:18.0616 7628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:51:18.0666 7628 NDProxy - ok
14:51:19.0676 7628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:51:19.0746 7628 NetBIOS - ok
14:51:20.0046 7628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:51:20.0106 7628 NetBT - ok
14:51:20.0316 7628 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:51:20.0326 7628 Netlogon - ok
14:51:20.0556 7628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:51:20.0616 7628 Netman - ok
14:51:20.0896 7628 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:20.0906 7628 NetMsmqActivator - ok
14:51:20.0916 7628 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:20.0926 7628 NetPipeActivator - ok
14:51:21.0426 7628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:51:21.0506 7628 netprofm - ok
14:51:21.0936 7628 netr28x (813b7c722ba97e703d375aba170e16cc) C:\Windows\system32\DRIVERS\netr28x.sys
14:51:21.0966 7628 netr28x - ok
14:51:22.0236 7628 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:22.0246 7628 NetTcpActivator - ok
14:51:22.0256 7628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:22.0266 7628 NetTcpPortSharing - ok
14:51:22.0546 7628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
14:51:22.0556 7628 nfrd960 - ok
14:51:22.0816 7628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:51:22.0886 7628 NlaSvc - ok
14:51:23.0596 7628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:51:23.0646 7628 Npfs - ok
14:51:23.0956 7628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:51:24.0026 7628 nsi - ok
14:51:24.0746 7628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:51:24.0806 7628 nsiproxy - ok
14:51:25.0996 7628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:51:26.0066 7628 Ntfs - ok
14:51:26.0436 7628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:51:26.0486 7628 Null - ok
14:51:26.0846 7628 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:51:26.0896 7628 NVENETFD - ok
14:51:27.0396 7628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:51:27.0406 7628 nvraid - ok
14:51:27.0846 7628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:51:27.0866 7628 nvstor - ok
14:51:28.0566 7628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:51:28.0586 7628 nv_agp - ok
14:51:28.0936 7628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:51:28.0956 7628 ohci1394 - ok
14:51:29.0246 7628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:51:29.0356 7628 p2pimsvc - ok
14:51:30.0086 7628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:51:30.0126 7628 p2psvc - ok
14:51:30.0846 7628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
14:51:30.0866 7628 Parport - ok
14:51:31.0526 7628 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:51:31.0536 7628 partmgr - ok
14:51:32.0196 7628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:51:32.0256 7628 PcaSvc - ok
14:51:32.0706 7628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:51:32.0726 7628 pci - ok
14:51:33.0706 7628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:51:33.0716 7628 pciide - ok
14:51:34.0476 7628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
14:51:34.0496 7628 pcmcia - ok
14:51:34.0826 7628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:51:34.0836 7628 pcw - ok
14:51:35.0466 7628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:51:35.0546 7628 PEAUTH - ok
14:51:35.0856 7628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:51:35.0886 7628 PerfHost - ok
14:51:36.0166 7628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:51:36.0266 7628 pla - ok
14:51:36.0786 7628 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:51:36.0846 7628 PlugPlay - ok
14:51:37.0786 7628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:51:37.0856 7628 PNRPAutoReg - ok
14:51:38.0306 7628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:51:38.0336 7628 PNRPsvc - ok
14:51:38.0546 7628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:51:38.0616 7628 PolicyAgent - ok
14:51:38.0836 7628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:51:38.0906 7628 Power - ok
14:51:39.0246 7628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:51:39.0306 7628 PptpMiniport - ok
14:51:39.0646 7628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
14:51:39.0676 7628 Processor - ok
14:51:39.0916 7628 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:51:39.0976 7628 ProfSvc - ok
14:51:40.0196 7628 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:51:40.0206 7628 ProtectedStorage - ok
14:51:40.0506 7628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:51:40.0586 7628 Psched - ok
14:51:40.0896 7628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
14:51:40.0956 7628 ql2300 - ok
14:51:41.0636 7628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
14:51:41.0656 7628 ql40xx - ok
14:51:42.0226 7628 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:51:42.0256 7628 QWAVE - ok
14:51:42.0896 7628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:51:42.0936 7628 QWAVEdrv - ok
14:51:43.0526 7628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:51:43.0596 7628 RasAcd - ok
14:51:44.0326 7628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:51:44.0376 7628 RasAgileVpn - ok
14:51:44.0656 7628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:51:44.0716 7628 RasAuto - ok
14:51:45.0006 7628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:51:45.0076 7628 Rasl2tp - ok
14:51:45.0436 7628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:51:45.0516 7628 RasMan - ok
14:51:45.0896 7628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:51:45.0976 7628 RasPppoe - ok
14:51:46.0266 7628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:51:46.0336 7628 RasSstp - ok
14:51:46.0626 7628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:51:46.0686 7628 rdbss - ok
14:51:46.0966 7628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
14:51:46.0996 7628 rdpbus - ok
14:51:47.0466 7628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:51:47.0536 7628 RDPCDD - ok
14:51:47.0896 7628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:51:47.0976 7628 RDPENCDD - ok
14:51:48.0376 7628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:51:48.0426 7628 RDPREFMP - ok
14:51:48.0706 7628 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:51:48.0756 7628 RDPWD - ok
14:51:49.0036 7628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:51:49.0046 7628 rdyboost - ok
14:51:49.0376 7628 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:51:49.0426 7628 RemoteAccess - ok
14:51:49.0736 7628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:51:49.0806 7628 RemoteRegistry - ok
14:51:49.0916 7628 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:51:49.0936 7628 RoxioNow Service - ok
14:51:50.0186 7628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:51:50.0236 7628 RpcEptMapper - ok
14:51:50.0486 7628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:51:50.0496 7628 RpcLocator - ok
14:51:50.0726 7628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:51:50.0786 7628 RpcSs - ok
14:51:51.0106 7628 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
14:51:51.0126 7628 RSPCIESTOR - ok
14:51:51.0596 7628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:51:51.0646 7628 rspndr - ok
14:51:51.0966 7628 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:51:51.0996 7628 RTL8167 - ok
14:51:52.0316 7628 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:51:52.0326 7628 SamSs - ok
14:51:52.0656 7628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:51:52.0666 7628 sbp2port - ok
14:51:52.0876 7628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:51:52.0926 7628 SCardSvr - ok
14:51:53.0446 7628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:51:53.0546 7628 scfilter - ok
14:51:53.0946 7628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:51:54.0056 7628 Schedule - ok
14:51:54.0376 7628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:51:54.0416 7628 SCPolicySvc - ok
14:51:54.0726 7628 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
14:51:54.0766 7628 sdbus - ok
14:51:54.0986 7628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:51:55.0026 7628 SDRSVC - ok
14:51:55.0616 7628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:51:55.0696 7628 secdrv - ok
14:51:55.0916 7628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:51:55.0966 7628 seclogon - ok
14:51:56.0176 7628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:51:56.0236 7628 SENS - ok
14:51:56.0486 7628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:51:56.0526 7628 SensrSvc - ok
14:51:56.0796 7628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
14:51:56.0826 7628 Serenum - ok
14:51:57.0256 7628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
14:51:57.0296 7628 Serial - ok
14:51:57.0796 7628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
14:51:57.0846 7628 sermouse - ok
14:51:58.0166 7628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:51:58.0226 7628 SessionEnv - ok
14:51:58.0526 7628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:51:58.0546 7628 sffdisk - ok
14:51:58.0816 7628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:51:58.0846 7628 sffp_mmc - ok
14:51:59.0166 7628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:51:59.0206 7628 sffp_sd - ok
14:51:59.0696 7628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
14:51:59.0746 7628 sfloppy - ok
14:52:00.0276 7628 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:52:00.0336 7628 SharedAccess - ok
14:52:00.0626 7628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:52:00.0696 7628 ShellHWDetection - ok
14:52:00.0976 7628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
14:52:00.0996 7628 SiSRaid2 - ok
14:52:01.0396 7628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
14:52:01.0416 7628 SiSRaid4 - ok
14:52:01.0776 7628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:52:01.0836 7628 Smb - ok
14:52:02.0046 7628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:52:02.0086 7628 SNMPTRAP - ok
14:52:02.0376 7628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:52:02.0386 7628 spldr - ok
14:52:02.0606 7628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:52:02.0666 7628 Spooler - ok
14:52:02.0926 7628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:52:03.0056 7628 sppsvc - ok
14:52:03.0656 7628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:52:03.0706 7628 sppuinotify - ok
14:52:04.0096 7628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:52:04.0136 7628 srv - ok
14:52:04.0436 7628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:52:04.0486 7628 srv2 - ok
14:52:04.0946 7628 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:52:04.0976 7628 SrvHsfHDA - ok
14:52:05.0766 7628 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:52:05.0876 7628 SrvHsfV92 - ok
14:52:06.0386 7628 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:52:06.0426 7628 SrvHsfWinac - ok
14:52:06.0896 7628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:06.0916 7628 srvnet - ok
14:52:07.0366 7628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:52:07.0446 7628 SSDPSRV - ok
14:52:07.0776 7628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:52:07.0826 7628 SstpSvc - ok
14:52:08.0016 7628 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
14:52:08.0036 7628 STacSV - ok
14:52:08.0316 7628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
14:52:08.0326 7628 stexstor - ok
14:52:08.0646 7628 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
14:52:08.0686 7628 STHDA - ok
14:52:08.0916 7628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:52:08.0956 7628 stisvc - ok
14:52:09.0486 7628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:52:09.0496 7628 swenum - ok
14:52:09.0966 7628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:52:10.0056 7628 swprv - ok
14:52:10.0436 7628 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
14:52:10.0486 7628 SynTP - ok
14:52:10.0746 7628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:52:10.0846 7628 SysMain - ok
14:52:11.0056 7628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:52:11.0106 7628 TabletInputService - ok
14:52:11.0356 7628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:52:11.0426 7628 TapiSrv - ok
14:52:11.0636 7628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:52:11.0696 7628 TBS - ok
14:52:12.0016 7628 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:52:12.0066 7628 Tcpip - ok
14:52:12.0406 7628 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:12.0456 7628 TCPIP6 - ok
14:52:12.0746 7628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:52:12.0816 7628 tcpipreg - ok
14:52:13.0106 7628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:52:13.0126 7628 TDPIPE - ok
14:52:13.0516 7628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:52:13.0546 7628 TDTCP - ok
14:52:13.0986 7628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:52:14.0036 7628 tdx - ok
14:52:14.0356 7628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:52:14.0366 7628 TermDD - ok
14:52:14.0586 7628 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:52:14.0666 7628 TermService - ok
14:52:14.0896 7628 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:52:14.0916 7628 Themes - ok
14:52:15.0146 7628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:52:15.0196 7628 THREADORDER - ok
14:52:15.0646 7628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:52:15.0756 7628 TrkWks - ok
14:52:15.0896 7628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:52:15.0986 7628 TrustedInstaller - ok
14:52:16.0486 7628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:16.0556 7628 tssecsrv - ok
14:52:17.0236 7628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:52:17.0266 7628 TsUsbFlt - ok
14:52:17.0756 7628 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
14:52:17.0826 7628 TsUsbGD - ok
14:52:18.0636 7628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:18.0706 7628 tunnel - ok
14:52:19.0536 7628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
14:52:19.0556 7628 uagp35 - ok
14:52:20.0056 7628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:52:20.0146 7628 udfs - ok
14:52:20.0416 7628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:52:20.0436 7628 UI0Detect - ok
14:52:20.0716 7628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:52:20.0726 7628 uliagpkx - ok
14:52:21.0156 7628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
14:52:21.0196 7628 umbus - ok
14:52:21.0666 7628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
14:52:21.0706 7628 UmPass - ok
14:52:21.0946 7628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:52:22.0016 7628 upnphost - ok
14:52:22.0326 7628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:22.0366 7628 usbccgp - ok
14:52:22.0666 7628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:52:22.0686 7628 usbcir - ok
14:52:23.0006 7628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:52:23.0036 7628 usbehci - ok
14:52:23.0436 7628 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
14:52:23.0456 7628 usbfilter - ok
14:52:23.0766 7628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:23.0806 7628 usbhub - ok
14:52:24.0126 7628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:52:24.0146 7628 usbohci - ok
14:52:24.0426 7628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
14:52:24.0466 7628 usbprint - ok
14:52:24.0756 7628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
14:52:24.0806 7628 USBSTOR - ok
14:52:25.0096 7628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:52:25.0156 7628 usbuhci - ok
14:52:25.0596 7628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
14:52:25.0626 7628 usbvideo - ok
14:52:25.0886 7628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:52:25.0966 7628 UxSms - ok
14:52:26.0176 7628 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:52:26.0186 7628 VaultSvc - ok
14:52:26.0456 7628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:52:26.0476 7628 vdrvroot - ok
14:52:26.0706 7628 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:52:26.0776 7628 vds - ok
14:52:27.0076 7628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:27.0096 7628 vga - ok
14:52:28.0086 7628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:52:28.0176 7628 VgaSave - ok
14:52:28.0506 7628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:52:28.0526 7628 vhdmp - ok
14:52:28.0806 7628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:52:28.0826 7628 viaide - ok
14:52:29.0236 7628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:52:29.0246 7628 volmgr - ok
14:52:29.0576 7628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:52:29.0596 7628 volmgrx - ok
14:52:29.0906 7628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:52:29.0926 7628 volsnap - ok
14:52:30.0206 7628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
14:52:30.0226 7628 vsmraid - ok
14:52:30.0476 7628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:52:30.0566 7628 VSS - ok
14:52:30.0936 7628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:52:30.0956 7628 vwifibus - ok
14:52:31.0536 7628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:52:31.0566 7628 vwififlt - ok
14:52:31.0806 7628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:52:31.0856 7628 W32Time - ok
14:52:32.0166 7628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
14:52:32.0196 7628 WacomPen - ok
14:52:32.0486 7628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:32.0546 7628 WANARP - ok
14:52:32.0546 7628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:32.0606 7628 Wanarpv6 - ok
14:52:32.0886 7628 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:52:32.0926 7628 WatAdminSvc - ok
14:52:33.0456 7628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:52:33.0556 7628 wbengine - ok
14:52:34.0006 7628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:52:34.0036 7628 WbioSrvc - ok
14:52:34.0246 7628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:52:34.0286 7628 wcncsvc - ok
14:52:34.0496 7628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:52:34.0526 7628 WcsPlugInService - ok
14:52:34.0806 7628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
14:52:34.0816 7628 Wd - ok
14:52:35.0246 7628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:52:35.0276 7628 Wdf01000 - ok
14:52:35.0626 7628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:35.0716 7628 WdiServiceHost - ok
14:52:35.0736 7628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:52:35.0766 7628 WdiSystemHost - ok
14:52:35.0986 7628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:52:36.0026 7628 WebClient - ok
14:52:36.0236 7628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:52:36.0306 7628 Wecsvc - ok
14:52:36.0506 7628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:52:36.0556 7628 wercplsupport - ok
14:52:36.0766 7628 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:52:36.0826 7628 WerSvc - ok
14:52:37.0236 7628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:52:37.0276 7628 WfpLwf - ok
14:52:37.0856 7628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:52:37.0866 7628 WIMMount - ok
14:52:37.0916 7628 WinDefend - ok
14:52:37.0926 7628 WinHttpAutoProxySvc - ok
14:52:38.0246 7628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:52:38.0296 7628 Winmgmt - ok
14:52:38.0546 7628 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:52:38.0626 7628 WinRM - ok
14:52:38.0916 7628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
14:52:38.0936 7628 WinUsb - ok
14:52:39.0376 7628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:52:39.0436 7628 Wlansvc - ok
14:52:39.0556 7628 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:52:39.0566 7628 wlcrasvc - ok
14:52:39.0756 7628 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:39.0816 7628 wlidsvc - ok
14:52:40.0146 7628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:52:40.0176 7628 WmiAcpi - ok
14:52:40.0486 7628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:40.0526 7628 wmiApSrv - ok
14:52:40.0566 7628 WMPNetworkSvc - ok
14:52:40.0776 7628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:52:40.0806 7628 WPCSvc - ok
14:52:41.0056 7628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:52:41.0076 7628 WPDBusEnum - ok
14:52:41.0546 7628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:41.0586 7628 ws2ifsl - ok
14:52:41.0806 7628 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
14:52:41.0846 7628 wscsvc - ok
14:52:42.0076 7628 WSearch - ok
14:52:42.0316 7628 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:52:42.0416 7628 wuauserv - ok
14:52:42.0856 7628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:52:42.0936 7628 WudfPf - ok
14:52:43.0236 7628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:43.0296 7628 WUDFRd - ok
14:52:43.0506 7628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:52:43.0556 7628 wudfsvc - ok
14:52:43.0766 7628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:52:43.0806 7628 WwanSvc - ok
14:52:43.0846 7628 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0
14:52:43.0876 7628 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:52:43.0876 7628 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:52:43.0926 7628 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:52:43.0926 7628 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:52:43.0956 7628 Boot (0x1200) (2a56d3a441a04bd265febe6e85ed4a01) \Device\Harddisk0\DR0\Partition0
14:52:43.0956 7628 \Device\Harddisk0\DR0\Partition0 - ok
14:52:43.0976 7628 Boot (0x1200) (21a8adbd59a363c851a9057115c3bae3) \Device\Harddisk0\DR0\Partition1
14:52:43.0976 7628 \Device\Harddisk0\DR0\Partition1 - ok
14:52:44.0016 7628 Boot (0x1200) (252a36ebeff2e325d4ce13a22b87faaa) \Device\Harddisk0\DR0\Partition2
14:52:44.0016 7628 \Device\Harddisk0\DR0\Partition2 - ok
14:52:44.0026 7628 Boot (0x1200) (1c70bd21d3a948ffc847866312a63a81) \Device\Harddisk0\DR0\Partition3
14:52:44.0046 7628 \Device\Harddisk0\DR0\Partition3 - ok
14:52:44.0046 7628 ============================================================
14:52:44.0056 7628 Scan finished
14:52:44.0056 7628 ============================================================
14:52:44.0066 5352 Detected object count: 3
14:52:44.0066 5352 Actual detected object count: 3
14:53:18.0706 5352 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
14:53:18.0706 5352 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:53:18.0826 5352 \Device\Harddisk0\DR0\# - copied to quarantine
14:53:18.0826 5352 \Device\Harddisk0\DR0 - copied to quarantine
14:53:18.0886 5352 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:53:18.0886 5352 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:53:18.0886 5352 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:53:18.0896 5352 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:53:18.0916 5352 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:53:18.0926 5352 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:53:18.0926 5352 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:53:18.0926 5352 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:53:18.0926 5352 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:53:18.0936 5352 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:53:18.0936 5352 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:53:18.0936 5352 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:53:18.0966 5352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:53:19.0026 5352 \Device\Harddisk0\DR0 - ok
14:53:23.0276 5352 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:53:23.0276 5352 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:53:23.0276 5352 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
14:53:32.0266 6956 Deinitialize success

#6 nikthequick

nikthequick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 March 2012 - 05:09 PM

And unfortunately after running Malwarebytes the virus is still active. :(

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 22 March 2012 - 05:35 PM

Run TDSSKiller again and have it deal with anything that it finds and then ensure that the PC reboots. Once done, run MBAM and let it fix anything it finds too and let me have both the MBAM and TDSSKiller logs.

so if it will help you save time by typing less step by step instructions...

Instructions are written once then copy and pasted many times. :busy:

So long, and thanks for all the fish.

 

 


#8 nikthequick

nikthequick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 March 2012 - 06:32 PM

Here are the logs:


TDSSKiller

15:47:54.0793 2312 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
15:47:55.0432 2312 ============================================================
15:47:55.0432 2312 Current date / time: 2012/03/22 15:47:55.0432
15:47:55.0432 2312 SystemInfo:
15:47:55.0432 2312
15:47:55.0432 2312 OS Version: 6.1.7601 ServicePack: 1.0
15:47:55.0432 2312 Product type: Workstation
15:47:55.0432 2312 ComputerName: NIK-HP
15:47:55.0432 2312 UserName: Nik
15:47:55.0432 2312 Windows directory: C:\Windows
15:47:55.0432 2312 System windows directory: C:\Windows
15:47:55.0432 2312 Running under WOW64
15:47:55.0432 2312 Processor architecture: Intel x64
15:47:55.0432 2312 Number of processors: 4
15:47:55.0432 2312 Page size: 0x1000
15:47:55.0432 2312 Boot type: Normal boot
15:47:55.0432 2312 ============================================================
15:47:56.0103 2312 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:47:56.0103 2312 \Device\Harddisk0\DR0:
15:47:56.0103 2312 MBR used
15:47:56.0103 2312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:47:56.0103 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A95800
15:47:56.0103 2312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AF9800, BlocksNum 0x1D2A800
15:47:56.0103 2312 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
15:47:56.0212 2312 Initialize success
15:47:56.0212 2312 ============================================================
15:48:03.0856 4456 ============================================================
15:48:03.0856 4456 Scan started
15:48:03.0856 4456 Mode: Manual; SigCheck; TDLFS;
15:48:03.0856 4456 ============================================================
15:48:05.0900 4456 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:48:05.0978 4456 1394ohci - ok
15:48:06.0306 4456 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
15:48:06.0337 4456 Accelerometer - ok
15:48:06.0649 4456 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:48:06.0664 4456 ACPI - ok
15:48:06.0961 4456 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:48:06.0992 4456 AcpiPmi - ok
15:48:07.0366 4456 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:48:07.0382 4456 adp94xx - ok
15:48:07.0725 4456 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:48:07.0741 4456 adpahci - ok
15:48:08.0068 4456 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:48:08.0084 4456 adpu320 - ok
15:48:08.0302 4456 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:48:08.0349 4456 AeLookupSvc - ok
15:48:08.0458 4456 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:48:08.0505 4456 AESTFilters - ok
15:48:08.0817 4456 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:48:08.0864 4456 AFD - ok
15:48:09.0285 4456 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:48:09.0285 4456 agp440 - ok
15:48:09.0519 4456 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:48:09.0550 4456 ALG - ok
15:48:09.0831 4456 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:48:09.0847 4456 aliide - ok
15:48:10.0112 4456 AMD External Events Utility (3de8dc285540733818588cc94e7fc96e) C:\Windows\system32\atiesrxx.exe
15:48:10.0143 4456 AMD External Events Utility - ok
15:48:10.0190 4456 AMD FUEL Service - ok
15:48:10.0486 4456 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
15:48:10.0502 4456 amdhub30 - ok
15:48:10.0814 4456 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:48:10.0814 4456 amdide - ok
15:48:11.0204 4456 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:48:11.0220 4456 amdiox64 - ok
15:48:11.0641 4456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:48:11.0672 4456 AmdK8 - ok
15:48:12.0187 4456 amdkmdag (42d53daf85f948c39ce1351a8f5b5808) C:\Windows\system32\DRIVERS\atikmdag.sys
15:48:12.0483 4456 amdkmdag - ok
15:48:12.0811 4456 amdkmdap (75182b5784015b271932088551616a96) C:\Windows\system32\DRIVERS\atikmpag.sys
15:48:12.0842 4456 amdkmdap - ok
15:48:13.0232 4456 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:48:13.0279 4456 AmdPPM - ok
15:48:13.0591 4456 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:48:13.0606 4456 amdsata - ok
15:48:13.0934 4456 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:48:13.0950 4456 amdsbs - ok
15:48:14.0246 4456 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:48:14.0262 4456 amdxata - ok
15:48:14.0574 4456 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
15:48:14.0589 4456 amdxhc - ok
15:48:14.0886 4456 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
15:48:14.0901 4456 amd_sata - ok
15:48:15.0213 4456 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
15:48:15.0229 4456 amd_xata - ok
15:48:15.0541 4456 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:48:15.0572 4456 AppID - ok
15:48:15.0790 4456 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:48:15.0837 4456 AppIDSvc - ok
15:48:16.0056 4456 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:48:16.0102 4456 Appinfo - ok
15:48:16.0446 4456 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:48:16.0461 4456 arc - ok
15:48:16.0758 4456 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:48:16.0773 4456 arcsas - ok
15:48:17.0038 4456 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:48:17.0054 4456 aspnet_state - ok
15:48:17.0366 4456 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:48:17.0428 4456 AsyncMac - ok
15:48:17.0740 4456 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:48:17.0756 4456 atapi - ok
15:48:18.0084 4456 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
15:48:18.0099 4456 AtiHDAudioService - ok
15:48:18.0333 4456 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:18.0380 4456 AudioEndpointBuilder - ok
15:48:18.0396 4456 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:18.0427 4456 AudioSrv - ok
15:48:18.0630 4456 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:48:18.0708 4456 AVGIDSAgent - ok
15:48:19.0051 4456 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
15:48:19.0051 4456 AVGIDSDriver - ok
15:48:19.0378 4456 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
15:48:19.0378 4456 AVGIDSEH - ok
15:48:19.0690 4456 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
15:48:19.0690 4456 AVGIDSFilter - ok
15:48:20.0018 4456 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
15:48:20.0034 4456 Avgldx64 - ok
15:48:20.0392 4456 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:48:20.0408 4456 Avgmfx64 - ok
15:48:20.0751 4456 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:48:20.0751 4456 Avgrkx64 - ok
15:48:20.0876 4456 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:48:20.0876 4456 avgwd - ok
15:48:21.0157 4456 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:48:21.0204 4456 AxInstSV - ok
15:48:21.0531 4456 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:48:21.0562 4456 b06bdrv - ok
15:48:21.0906 4456 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:48:21.0937 4456 b57nd60a - ok
15:48:22.0311 4456 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:48:22.0358 4456 BCM43XX - ok
15:48:22.0592 4456 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:48:22.0623 4456 BDESVC - ok
15:48:22.0951 4456 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:48:23.0013 4456 Beep - ok
15:48:23.0388 4456 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:48:23.0434 4456 BFE - ok
15:48:23.0668 4456 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:48:23.0731 4456 BITS - ok
15:48:24.0027 4456 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:48:24.0043 4456 blbdrive - ok
15:48:24.0417 4456 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:48:24.0433 4456 bowser - ok
15:48:24.0729 4456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:48:24.0776 4456 BrFiltLo - ok
15:48:25.0072 4456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:48:25.0088 4456 BrFiltUp - ok
15:48:25.0369 4456 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:48:25.0416 4456 Browser - ok
15:48:25.0712 4456 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:48:25.0759 4456 Brserid - ok
15:48:26.0071 4456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:48:26.0086 4456 BrSerWdm - ok
15:48:26.0414 4456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:48:26.0445 4456 BrUsbMdm - ok
15:48:26.0757 4456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:48:26.0788 4456 BrUsbSer - ok
15:48:27.0147 4456 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:48:27.0178 4456 BTHMODEM - ok
15:48:27.0412 4456 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:48:27.0444 4456 bthserv - ok
15:48:27.0756 4456 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:48:27.0802 4456 cdfs - ok
15:48:28.0161 4456 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:48:28.0192 4456 cdrom - ok
15:48:28.0411 4456 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:48:28.0473 4456 CertPropSvc - ok
15:48:28.0785 4456 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:48:28.0816 4456 circlass - ok
15:48:29.0050 4456 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:48:29.0066 4456 CLFS - ok
15:48:29.0300 4456 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
15:48:29.0300 4456 CLKMSVC10_38F51D56 - ok
15:48:29.0550 4456 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:29.0550 4456 clr_optimization_v2.0.50727_32 - ok
15:48:29.0799 4456 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:29.0799 4456 clr_optimization_v2.0.50727_64 - ok
15:48:30.0080 4456 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:48:30.0096 4456 clr_optimization_v4.0.30319_32 - ok
15:48:30.0392 4456 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:48:30.0408 4456 clr_optimization_v4.0.30319_64 - ok
15:48:30.0735 4456 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:48:30.0735 4456 clwvd - ok
15:48:31.0047 4456 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:48:31.0078 4456 CmBatt - ok
15:48:31.0453 4456 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:48:31.0468 4456 cmdide - ok
15:48:31.0812 4456 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:48:31.0827 4456 CNG - ok
15:48:32.0186 4456 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:48:32.0202 4456 Compbatt - ok
15:48:32.0529 4456 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:48:32.0545 4456 CompositeBus - ok
15:48:32.0748 4456 COMSysApp - ok
15:48:33.0075 4456 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:48:33.0091 4456 crcdisk - ok
15:48:33.0356 4456 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:48:33.0403 4456 CryptSvc - ok
15:48:33.0668 4456 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:48:33.0715 4456 DcomLaunch - ok
15:48:33.0949 4456 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:48:33.0996 4456 defragsvc - ok
15:48:34.0339 4456 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:48:34.0386 4456 DfsC - ok
15:48:34.0620 4456 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:48:34.0682 4456 Dhcp - ok
15:48:34.0963 4456 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:48:35.0025 4456 discache - ok
15:48:35.0478 4456 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:48:35.0493 4456 Disk - ok
15:48:35.0727 4456 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:48:35.0743 4456 Dnscache - ok
15:48:35.0992 4456 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:48:36.0024 4456 dot3svc - ok
15:48:36.0304 4456 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:48:36.0351 4456 DPS - ok
15:48:36.0648 4456 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:48:36.0679 4456 drmkaud - ok
15:48:37.0006 4456 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:48:37.0038 4456 DXGKrnl - ok
15:48:37.0318 4456 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:48:37.0365 4456 EapHost - ok
15:48:37.0708 4456 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:48:37.0755 4456 ebdrv - ok
15:48:38.0005 4456 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:48:38.0036 4456 EFS - ok
15:48:38.0223 4456 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:48:38.0254 4456 ehRecvr - ok
15:48:38.0379 4456 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:48:38.0379 4456 ehSched - ok
15:48:38.0722 4456 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:48:38.0738 4456 elxstor - ok
15:48:39.0019 4456 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:48:39.0050 4456 ErrDev - ok
15:48:39.0440 4456 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:48:39.0502 4456 EventSystem - ok
15:48:39.0814 4456 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:48:39.0846 4456 exfat - ok
15:48:40.0048 4456 ezSharedSvc - ok
15:48:40.0360 4456 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:48:40.0407 4456 fastfat - ok
15:48:40.0641 4456 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:48:40.0657 4456 Fax - ok
15:48:40.0969 4456 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:48:41.0000 4456 fdc - ok
15:48:41.0250 4456 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:48:41.0281 4456 fdPHost - ok
15:48:41.0499 4456 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:48:41.0530 4456 FDResPub - ok
15:48:41.0858 4456 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:48:41.0874 4456 FileInfo - ok
15:48:42.0186 4456 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:48:42.0232 4456 Filetrace - ok
15:48:42.0544 4456 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:48:42.0560 4456 flpydisk - ok
15:48:42.0872 4456 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:48:42.0888 4456 FltMgr - ok
15:48:43.0137 4456 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:48:43.0168 4456 FontCache - ok
15:48:43.0324 4456 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:43.0340 4456 FontCache3.0.0.0 - ok
15:48:43.0449 4456 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
15:48:43.0449 4456 FPLService - ok
15:48:43.0839 4456 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:48:43.0839 4456 FsDepends - ok
15:48:44.0136 4456 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:48:44.0151 4456 Fs_Rec - ok
15:48:44.0479 4456 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:48:44.0479 4456 fvevol - ok
15:48:44.0806 4456 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:48:44.0806 4456 gagp30kx - ok
15:48:44.0900 4456 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
15:48:44.0916 4456 GamesAppService - ok
15:48:45.0212 4456 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:48:45.0259 4456 gpsvc - ok
15:48:45.0571 4456 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:48:45.0602 4456 hcw85cir - ok
15:48:45.0945 4456 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:48:45.0976 4456 HdAudAddService - ok
15:48:46.0304 4456 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:48:46.0335 4456 HDAudBus - ok
15:48:46.0647 4456 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:48:46.0678 4456 HidBatt - ok
15:48:46.0990 4456 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:48:47.0022 4456 HidBth - ok
15:48:47.0380 4456 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:48:47.0396 4456 HidIr - ok
15:48:47.0630 4456 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:48:47.0677 4456 hidserv - ok
15:48:48.0004 4456 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:48:48.0020 4456 HidUsb - ok
15:48:48.0270 4456 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:48:48.0316 4456 hkmsvc - ok
15:48:48.0535 4456 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:48:48.0550 4456 HomeGroupListener - ok
15:48:48.0769 4456 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:48:48.0800 4456 HomeGroupProvider - ok
15:48:48.0878 4456 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:48:48.0894 4456 HP Health Check Service - ok
15:48:48.0940 4456 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
15:48:48.0956 4456 HPAuto - ok
15:48:49.0018 4456 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:48:49.0034 4456 HPClientSvc - ok
15:48:49.0143 4456 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
15:48:49.0174 4456 hpCMSrv - ok
15:48:49.0268 4456 HPDrvMntSvc.exe (18062df0dceb4ed88e03a8b161935722) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:48:49.0284 4456 HPDrvMntSvc.exe - ok
15:48:49.0564 4456 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
15:48:49.0564 4456 hpdskflt - ok
15:48:49.0689 4456 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:48:49.0720 4456 hpqwmiex - ok
15:48:50.0017 4456 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:48:50.0017 4456 HpSAMD - ok
15:48:50.0235 4456 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
15:48:50.0235 4456 hpsrv - ok
15:48:50.0344 4456 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:48:50.0344 4456 HPWMISVC - ok
15:48:50.0656 4456 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:48:50.0719 4456 HTTP - ok
15:48:51.0000 4456 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:48:51.0015 4456 hwpolicy - ok
15:48:51.0312 4456 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:48:51.0327 4456 i8042prt - ok
15:48:51.0639 4456 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:48:51.0655 4456 iaStorV - ok
15:48:51.0780 4456 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:48:51.0811 4456 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
15:48:51.0811 4456 IconMan_R - detected UnsignedFile.Multi.Generic (1)
15:48:51.0982 4456 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:51.0998 4456 idsvc - ok
15:48:52.0294 4456 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:48:52.0310 4456 iirsp - ok
15:48:52.0513 4456 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:48:52.0560 4456 IKEEXT - ok
15:48:52.0856 4456 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:48:52.0872 4456 intelide - ok
15:48:53.0293 4456 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:48:53.0324 4456 intelppm - ok
15:48:53.0527 4456 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:48:53.0574 4456 IPBusEnum - ok
15:48:53.0854 4456 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:48:53.0886 4456 IpFilterDriver - ok
15:48:54.0120 4456 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:48:54.0166 4456 iphlpsvc - ok
15:48:54.0447 4456 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:48:54.0478 4456 IPMIDRV - ok
15:48:54.0744 4456 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:48:54.0806 4456 IPNAT - ok
15:48:55.0087 4456 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:48:55.0102 4456 IRENUM - ok
15:48:55.0524 4456 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:48:55.0524 4456 isapnp - ok
15:48:55.0804 4456 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:48:55.0820 4456 iScsiPrt - ok
15:48:56.0101 4456 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:48:56.0116 4456 kbdclass - ok
15:48:56.0397 4456 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:48:56.0413 4456 kbdhid - ok
15:48:56.0647 4456 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:56.0662 4456 KeyIso - ok
15:48:56.0928 4456 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:48:56.0943 4456 KSecDD - ok
15:48:57.0208 4456 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:48:57.0224 4456 KSecPkg - ok
15:48:57.0505 4456 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:48:57.0552 4456 ksthunk - ok
15:48:57.0770 4456 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:48:57.0817 4456 KtmRm - ok
15:48:58.0051 4456 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:48:58.0098 4456 LanmanServer - ok
15:48:58.0316 4456 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:48:58.0363 4456 LanmanWorkstation - ok
15:48:58.0659 4456 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:48:58.0690 4456 lltdio - ok
15:48:58.0909 4456 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:48:58.0956 4456 lltdsvc - ok
15:48:59.0174 4456 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:48:59.0221 4456 lmhosts - ok
15:48:59.0502 4456 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:48:59.0517 4456 LSI_FC - ok
15:48:59.0798 4456 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:48:59.0798 4456 LSI_SAS - ok
15:49:00.0126 4456 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:49:00.0141 4456 LSI_SAS2 - ok
15:49:00.0469 4456 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:49:00.0469 4456 LSI_SCSI - ok
15:49:00.0765 4456 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:49:00.0812 4456 luafv - ok
15:49:01.0030 4456 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:49:01.0046 4456 Mcx2Svc - ok
15:49:01.0358 4456 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:49:01.0374 4456 megasas - ok
15:49:01.0670 4456 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:49:01.0686 4456 MegaSR - ok
15:49:01.0888 4456 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:49:01.0951 4456 MMCSS - ok
15:49:02.0216 4456 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:49:02.0263 4456 Modem - ok
15:49:02.0559 4456 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:49:02.0590 4456 monitor - ok
15:49:02.0871 4456 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:49:02.0871 4456 mouclass - ok
15:49:03.0183 4456 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
15:49:03.0199 4456 mouhid - ok
15:49:03.0495 4456 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:49:03.0495 4456 mountmgr - ok
15:49:03.0776 4456 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:49:03.0776 4456 mpio - ok
15:49:04.0057 4456 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:49:04.0104 4456 mpsdrv - ok
15:49:04.0322 4456 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:49:04.0384 4456 MpsSvc - ok
15:49:04.0650 4456 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:49:04.0681 4456 MRxDAV - ok
15:49:04.0962 4456 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:49:04.0993 4456 mrxsmb - ok
15:49:05.0274 4456 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:49:05.0289 4456 mrxsmb10 - ok
15:49:05.0570 4456 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:49:05.0586 4456 mrxsmb20 - ok
15:49:05.0851 4456 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:49:05.0866 4456 msahci - ok
15:49:06.0132 4456 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:49:06.0147 4456 msdsm - ok
15:49:06.0350 4456 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:49:06.0381 4456 MSDTC - ok
15:49:06.0646 4456 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:49:06.0678 4456 Msfs - ok
15:49:06.0958 4456 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:49:07.0005 4456 mshidkmdf - ok
15:49:07.0255 4456 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:49:07.0270 4456 msisadrv - ok
15:49:07.0489 4456 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:49:07.0536 4456 MSiSCSI - ok
15:49:07.0723 4456 msiserver - ok
15:49:08.0004 4456 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:49:08.0050 4456 MSKSSRV - ok
15:49:08.0331 4456 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:49:08.0378 4456 MSPCLOCK - ok
15:49:08.0659 4456 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:49:08.0706 4456 MSPQM - ok
15:49:08.0986 4456 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:49:09.0002 4456 MsRPC - ok
15:49:09.0267 4456 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:49:09.0283 4456 mssmbios - ok
15:49:09.0564 4456 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:49:09.0610 4456 MSTEE - ok
15:49:09.0891 4456 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:49:09.0907 4456 MTConfig - ok
15:49:10.0188 4456 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:49:10.0188 4456 Mup - ok
15:49:10.0406 4456 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:49:10.0468 4456 napagent - ok
15:49:10.0765 4456 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:49:10.0796 4456 NativeWifiP - ok
15:49:11.0124 4456 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:49:11.0155 4456 NDIS - ok
15:49:11.0436 4456 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:49:11.0482 4456 NdisCap - ok
15:49:11.0763 4456 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:49:11.0794 4456 NdisTapi - ok
15:49:12.0075 4456 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:49:12.0122 4456 Ndisuio - ok
15:49:12.0403 4456 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:49:12.0481 4456 NdisWan - ok
15:49:12.0730 4456 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:49:12.0793 4456 NDProxy - ok
15:49:13.0089 4456 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:49:13.0152 4456 NetBIOS - ok
15:49:13.0432 4456 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:49:13.0495 4456 NetBT - ok
15:49:13.0713 4456 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:13.0744 4456 Netlogon - ok
15:49:13.0963 4456 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:49:14.0025 4456 Netman - ok
15:49:14.0290 4456 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:14.0322 4456 NetMsmqActivator - ok
15:49:14.0322 4456 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:14.0337 4456 NetPipeActivator - ok
15:49:14.0556 4456 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:49:14.0618 4456 netprofm - ok
15:49:14.0946 4456 netr28x (813b7c722ba97e703d375aba170e16cc) C:\Windows\system32\DRIVERS\netr28x.sys
15:49:14.0992 4456 netr28x - ok
15:49:15.0273 4456 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:15.0304 4456 NetTcpActivator - ok
15:49:15.0320 4456 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:49:15.0336 4456 NetTcpPortSharing - ok
15:49:15.0616 4456 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:49:15.0632 4456 nfrd960 - ok
15:49:15.0850 4456 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:49:15.0928 4456 NlaSvc - ok
15:49:16.0209 4456 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:49:16.0272 4456 Npfs - ok
15:49:16.0474 4456 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:49:16.0552 4456 nsi - ok
15:49:16.0833 4456 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:49:16.0911 4456 nsiproxy - ok
15:49:17.0239 4456 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:49:17.0270 4456 Ntfs - ok
15:49:17.0566 4456 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:49:17.0613 4456 Null - ok
15:49:17.0925 4456 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
15:49:17.0956 4456 NVENETFD - ok
15:49:18.0253 4456 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:49:18.0284 4456 nvraid - ok
15:49:18.0612 4456 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:49:18.0643 4456 nvstor - ok
15:49:18.0939 4456 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:49:18.0970 4456 nv_agp - ok
15:49:19.0251 4456 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:49:19.0282 4456 ohci1394 - ok
15:49:19.0501 4456 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:49:19.0548 4456 p2pimsvc - ok
15:49:19.0782 4456 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:49:19.0828 4456 p2psvc - ok
15:49:20.0094 4456 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:49:20.0140 4456 Parport - ok
15:49:20.0406 4456 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:49:20.0421 4456 partmgr - ok
15:49:20.0640 4456 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:49:20.0686 4456 PcaSvc - ok
15:49:20.0967 4456 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:49:20.0998 4456 pci - ok
15:49:21.0264 4456 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:49:21.0295 4456 pciide - ok
15:49:21.0576 4456 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:49:21.0607 4456 pcmcia - ok
15:49:21.0872 4456 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:49:21.0903 4456 pcw - ok
15:49:22.0184 4456 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:49:22.0278 4456 PEAUTH - ok
15:49:22.0496 4456 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:49:22.0543 4456 PerfHost - ok
15:49:22.0808 4456 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:49:22.0886 4456 pla - ok
15:49:23.0229 4456 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:49:23.0292 4456 PlugPlay - ok
15:49:23.0494 4456 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:49:23.0541 4456 PNRPAutoReg - ok
15:49:23.0760 4456 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:49:23.0791 4456 PNRPsvc - ok
15:49:24.0009 4456 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:49:24.0072 4456 PolicyAgent - ok
15:49:24.0290 4456 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:49:24.0368 4456 Power - ok
15:49:24.0664 4456 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:49:24.0727 4456 PptpMiniport - ok
15:49:25.0008 4456 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:49:25.0039 4456 Processor - ok
15:49:25.0257 4456 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:49:25.0335 4456 ProfSvc - ok
15:49:25.0538 4456 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:25.0569 4456 ProtectedStorage - ok
15:49:25.0866 4456 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:49:25.0944 4456 Psched - ok
15:49:26.0271 4456 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:49:26.0302 4456 ql2300 - ok
15:49:26.0599 4456 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:49:26.0614 4456 ql40xx - ok
15:49:26.0817 4456 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:49:26.0864 4456 QWAVE - ok
15:49:27.0145 4456 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:49:27.0207 4456 QWAVEdrv - ok
15:49:27.0488 4456 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:49:27.0535 4456 RasAcd - ok
15:49:27.0831 4456 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:49:27.0894 4456 RasAgileVpn - ok
15:49:28.0096 4456 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:49:28.0143 4456 RasAuto - ok
15:49:28.0440 4456 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:49:28.0502 4456 Rasl2tp - ok
15:49:28.0720 4456 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:49:28.0814 4456 RasMan - ok
15:49:29.0095 4456 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:49:29.0173 4456 RasPppoe - ok
15:49:29.0454 4456 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:49:29.0532 4456 RasSstp - ok
15:49:29.0828 4456 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:49:29.0906 4456 rdbss - ok
15:49:30.0187 4456 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:49:30.0234 4456 rdpbus - ok
15:49:30.0514 4456 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:49:30.0577 4456 RDPCDD - ok
15:49:30.0858 4456 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:49:30.0936 4456 RDPENCDD - ok
15:49:31.0201 4456 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:49:31.0279 4456 RDPREFMP - ok
15:49:31.0560 4456 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:49:31.0591 4456 RDPWD - ok
15:49:31.0856 4456 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:49:31.0887 4456 rdyboost - ok
15:49:32.0090 4456 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:49:32.0168 4456 RemoteAccess - ok
15:49:32.0386 4456 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:49:32.0480 4456 RemoteRegistry - ok
15:49:32.0574 4456 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
15:49:32.0589 4456 RoxioNow Service - ok
15:49:32.0808 4456 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:49:32.0886 4456 RpcEptMapper - ok
15:49:33.0104 4456 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:49:33.0135 4456 RpcLocator - ok
15:49:33.0354 4456 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:49:33.0400 4456 RpcSs - ok
15:49:33.0712 4456 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
15:49:33.0744 4456 RSPCIESTOR - ok
15:49:34.0025 4456 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:49:34.0071 4456 rspndr - ok
15:49:34.0399 4456 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:49:34.0415 4456 RTL8167 - ok
15:49:34.0633 4456 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:49:34.0664 4456 SamSs - ok
15:49:34.0929 4456 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:49:34.0961 4456 sbp2port - ok
15:49:35.0163 4456 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:49:35.0210 4456 SCardSvr - ok
15:49:35.0475 4456 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:49:35.0538 4456 scfilter - ok
15:49:35.0772 4456 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:49:35.0850 4456 Schedule - ok
15:49:36.0053 4456 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:49:36.0115 4456 SCPolicySvc - ok
15:49:36.0396 4456 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
15:49:36.0443 4456 sdbus - ok
15:49:36.0645 4456 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:49:36.0692 4456 SDRSVC - ok
15:49:36.0973 4456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:49:37.0035 4456 secdrv - ok
15:49:37.0254 4456 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:49:37.0316 4456 seclogon - ok
15:49:37.0535 4456 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:49:37.0581 4456 SENS - ok
15:49:37.0800 4456 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:49:37.0831 4456 SensrSvc - ok
15:49:38.0112 4456 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:49:38.0143 4456 Serenum - ok
15:49:38.0439 4456 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:49:38.0486 4456 Serial - ok
15:49:38.0783 4456 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:49:38.0829 4456 sermouse - ok
15:49:39.0032 4456 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:49:39.0110 4456 SessionEnv - ok
15:49:39.0391 4456 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:49:39.0422 4456 sffdisk - ok
15:49:39.0687 4456 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:49:39.0734 4456 sffp_mmc - ok
15:49:40.0015 4456 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:49:40.0062 4456 sffp_sd - ok
15:49:40.0343 4456 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:49:40.0389 4456 sfloppy - ok
15:49:41.0154 4456 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:49:41.0216 4456 SharedAccess - ok
15:49:41.0450 4456 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:49:41.0528 4456 ShellHWDetection - ok
15:49:41.0825 4456 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:49:41.0840 4456 SiSRaid2 - ok
15:49:42.0121 4456 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:49:42.0137 4456 SiSRaid4 - ok
15:49:42.0433 4456 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:49:42.0495 4456 Smb - ok
15:49:42.0854 4456 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:49:42.0885 4456 SNMPTRAP - ok
15:49:43.0166 4456 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:49:43.0182 4456 spldr - ok
15:49:43.0400 4456 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:49:43.0463 4456 Spooler - ok
15:49:43.0743 4456 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:49:43.0868 4456 sppsvc - ok
15:49:44.0071 4456 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:49:44.0102 4456 sppuinotify - ok
15:49:44.0399 4456 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:49:44.0445 4456 srv - ok
15:49:44.0757 4456 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:49:44.0804 4456 srv2 - ok
15:49:45.0101 4456 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:49:45.0132 4456 SrvHsfHDA - ok
15:49:45.0459 4456 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:49:45.0506 4456 SrvHsfV92 - ok
15:49:45.0803 4456 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:49:45.0849 4456 SrvHsfWinac - ok
15:49:46.0130 4456 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:49:46.0161 4456 srvnet - ok
15:49:46.0489 4456 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:49:46.0567 4456 SSDPSRV - ok
15:49:46.0785 4456 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:49:46.0832 4456 SstpSvc - ok
15:49:46.0973 4456 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
15:49:47.0019 4456 STacSV - ok
15:49:47.0285 4456 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:49:47.0316 4456 stexstor - ok
15:49:47.0612 4456 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
15:49:47.0675 4456 STHDA - ok
15:49:47.0909 4456 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:49:47.0971 4456 stisvc - ok
15:49:48.0267 4456 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:49:48.0283 4456 swenum - ok
15:49:48.0501 4456 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:49:48.0579 4456 swprv - ok
15:49:48.0923 4456 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
15:49:48.0954 4456 SynTP - ok
15:49:49.0437 4456 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:49:49.0515 4456 SysMain - ok
15:49:49.0718 4456 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:49:49.0781 4456 TabletInputService - ok
15:49:49.0983 4456 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:49:50.0077 4456 TapiSrv - ok
15:49:50.0295 4456 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:49:50.0358 4456 TBS - ok
15:49:50.0685 4456 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:49:50.0732 4456 Tcpip - ok
15:49:51.0060 4456 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:49:51.0107 4456 TCPIP6 - ok
15:49:51.0434 4456 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:49:51.0481 4456 tcpipreg - ok
15:49:51.0777 4456 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:49:51.0809 4456 TDPIPE - ok
15:49:52.0074 4456 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:49:52.0121 4456 TDTCP - ok
15:49:52.0401 4456 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:49:52.0464 4456 tdx - ok
15:49:52.0745 4456 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:49:52.0760 4456 TermDD - ok
15:49:53.0010 4456 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:49:53.0088 4456 TermService - ok
15:49:53.0291 4456 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:49:53.0337 4456 Themes - ok
15:49:53.0556 4456 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:49:53.0603 4456 THREADORDER - ok
15:49:53.0837 4456 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:49:53.0899 4456 TrkWks - ok
15:49:53.0993 4456 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:49:54.0055 4456 TrustedInstaller - ok
15:49:54.0258 4456 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:49:54.0320 4456 tssecsrv - ok
15:49:54.0601 4456 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:49:54.0632 4456 TsUsbFlt - ok
15:49:54.0882 4456 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:49:54.0929 4456 TsUsbGD - ok
15:49:55.0225 4456 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:49:55.0303 4456 tunnel - ok
15:49:55.0568 4456 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:49:55.0599 4456 uagp35 - ok
15:49:55.0880 4456 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:49:55.0943 4456 udfs - ok
15:49:56.0161 4456 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:49:56.0177 4456 UI0Detect - ok
15:49:56.0723 4456 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:49:56.0754 4456 uliagpkx - ok
15:49:57.0035 4456 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:49:57.0081 4456 umbus - ok
15:49:57.0362 4456 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:49:57.0409 4456 UmPass - ok
15:49:57.0643 4456 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:49:57.0705 4456 upnphost - ok
15:49:58.0002 4456 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:49:58.0033 4456 usbccgp - ok
15:49:58.0314 4456 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:49:58.0361 4456 usbcir - ok
15:49:58.0641 4456 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:49:58.0688 4456 usbehci - ok
15:49:58.0985 4456 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
15:49:59.0000 4456 usbfilter - ok
15:49:59.0328 4456 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:49:59.0375 4456 usbhub - ok
15:49:59.0671 4456 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:49:59.0702 4456 usbohci - ok
15:49:59.0967 4456 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:50:00.0014 4456 usbprint - ok
15:50:00.0295 4456 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
15:50:00.0342 4456 USBSTOR - ok
15:50:00.0623 4456 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:50:00.0654 4456 usbuhci - ok
15:50:00.0950 4456 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:50:00.0981 4456 usbvideo - ok
15:50:01.0215 4456 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:50:01.0278 4456 UxSms - ok
15:50:01.0496 4456 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:01.0527 4456 VaultSvc - ok
15:50:01.0980 4456 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:02.0011 4456 vdrvroot - ok
15:50:02.0214 4456 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:50:02.0292 4456 vds - ok
15:50:02.0573 4456 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:02.0604 4456 vga - ok
15:50:02.0885 4456 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:02.0947 4456 VgaSave - ok
15:50:03.0228 4456 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:03.0259 4456 vhdmp - ok
15:50:03.0524 4456 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:03.0555 4456 viaide - ok
15:50:03.0852 4456 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:03.0883 4456 volmgr - ok
15:50:04.0179 4456 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:04.0211 4456 volmgrx - ok
15:50:04.0491 4456 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:04.0538 4456 volsnap - ok
15:50:04.0819 4456 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:50:04.0850 4456 vsmraid - ok
15:50:05.0100 4456 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:50:05.0178 4456 VSS - ok
15:50:05.0459 4456 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:50:05.0505 4456 vwifibus - ok
15:50:05.0771 4456 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:50:05.0817 4456 vwififlt - ok
15:50:06.0051 4456 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:50:06.0114 4456 W32Time - ok
15:50:06.0395 4456 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:50:06.0441 4456 WacomPen - ok
15:50:06.0831 4456 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:06.0909 4456 WANARP - ok
15:50:06.0941 4456 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:06.0972 4456 Wanarpv6 - ok
15:50:07.0253 4456 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:50:07.0284 4456 WatAdminSvc - ok
15:50:07.0549 4456 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:50:07.0596 4456 wbengine - ok
15:50:07.0799 4456 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:50:07.0845 4456 WbioSrvc - ok
15:50:08.0064 4456 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:50:08.0111 4456 wcncsvc - ok
15:50:08.0313 4456 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:50:08.0345 4456 WcsPlugInService - ok
15:50:08.0610 4456 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:50:08.0641 4456 Wd - ok
15:50:08.0922 4456 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:08.0953 4456 Wdf01000 - ok
15:50:09.0187 4456 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:09.0234 4456 WdiServiceHost - ok
15:50:09.0234 4456 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:09.0265 4456 WdiSystemHost - ok
15:50:09.0483 4456 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:50:09.0561 4456 WebClient - ok
15:50:09.0780 4456 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:50:09.0873 4456 Wecsvc - ok
15:50:10.0076 4456 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:50:10.0139 4456 wercplsupport - ok
15:50:10.0373 4456 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:50:10.0419 4456 WerSvc - ok
15:50:10.0700 4456 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:10.0763 4456 WfpLwf - ok
15:50:11.0028 4456 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:11.0059 4456 WIMMount - ok
15:50:11.0106 4456 WinDefend - ok
15:50:11.0121 4456 WinHttpAutoProxySvc - ok
15:50:11.0433 4456 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:50:11.0480 4456 Winmgmt - ok
15:50:11.0745 4456 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:50:11.0823 4456 WinRM - ok
15:50:12.0151 4456 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
15:50:12.0182 4456 WinUsb - ok
15:50:12.0401 4456 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:50:12.0463 4456 Wlansvc - ok
15:50:12.0541 4456 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:50:12.0541 4456 wlcrasvc - ok
15:50:12.0650 4456 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:50:12.0697 4456 wlidsvc - ok
15:50:12.0978 4456 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:50:13.0025 4456 WmiAcpi - ok
15:50:13.0337 4456 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:50:13.0383 4456 wmiApSrv - ok
15:50:13.0415 4456 WMPNetworkSvc - ok
15:50:13.0633 4456 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:50:13.0664 4456 WPCSvc - ok
15:50:13.0867 4456 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:50:13.0914 4456 WPDBusEnum - ok
15:50:14.0195 4456 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:14.0241 4456 ws2ifsl - ok
15:50:14.0460 4456 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:50:14.0491 4456 wscsvc - ok
15:50:14.0694 4456 WSearch - ok
15:50:14.0959 4456 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:50:15.0053 4456 wuauserv - ok
15:50:15.0333 4456 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:15.0396 4456 WudfPf - ok
15:50:15.0677 4456 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:15.0755 4456 WUDFRd - ok
15:50:15.0957 4456 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:50:16.0020 4456 wudfsvc - ok
15:50:16.0238 4456 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:50:16.0285 4456 WwanSvc - ok
15:50:16.0332 4456 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:16.0457 4456 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:50:16.0457 4456 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:50:16.0472 4456 Boot (0x1200) (2a56d3a441a04bd265febe6e85ed4a01) \Device\Harddisk0\DR0\Partition0
15:50:16.0472 4456 \Device\Harddisk0\DR0\Partition0 - ok
15:50:16.0503 4456 Boot (0x1200) (21a8adbd59a363c851a9057115c3bae3) \Device\Harddisk0\DR0\Partition1
15:50:16.0503 4456 \Device\Harddisk0\DR0\Partition1 - ok
15:50:16.0550 4456 Boot (0x1200) (252a36ebeff2e325d4ce13a22b87faaa) \Device\Harddisk0\DR0\Partition2
15:50:16.0550 4456 \Device\Harddisk0\DR0\Partition2 - ok
15:50:16.0566 4456 Boot (0x1200) (1c70bd21d3a948ffc847866312a63a81) \Device\Harddisk0\DR0\Partition3
15:50:16.0566 4456 \Device\Harddisk0\DR0\Partition3 - ok
15:50:16.0566 4456 ============================================================
15:50:16.0566 4456 Scan finished
15:50:16.0566 4456 ============================================================
15:50:16.0597 5668 Detected object count: 2
15:50:16.0597 5668 Actual detected object count: 2
16:02:42.0809 5668 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe - copied to quarantine
16:02:42.0824 5668 HKLM\SYSTEM\ControlSet001\services\IconMan_R - will be deleted on reboot
16:02:42.0840 5668 HKLM\SYSTEM\ControlSet002\services\IconMan_R - will be deleted on reboot
16:02:42.0871 5668 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe - will be deleted on reboot
16:02:42.0871 5668 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Delete
16:02:42.0902 5668 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
16:02:42.0918 5668 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
16:02:42.0918 5668 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:02:42.0918 5668 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:02:42.0949 5668 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
16:02:42.0949 5668 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
16:02:42.0996 5668 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
16:02:42.0996 5668 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
16:02:42.0996 5668 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
16:02:43.0011 5668 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
16:02:43.0011 5668 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
16:02:43.0011 5668 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
16:02:43.0011 5668 \Device\Harddisk0\DR0\TDLFS - deleted
16:02:43.0011 5668 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
16:02:48.0893 2416 Deinitialize success


MBAM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nik :: NIK-HP [administrator]

3/22/2012 4:05:27 PM
mbam-log-2012-03-22 (16-05-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199109
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


After running Malwarebytes again after the reboot, a quick scan revealed that there were no malicious items and the virus was removed. Ill run it again in full scan mode just to double check and post back on here!

#9 nikthequick

nikthequick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 22 March 2012 - 08:06 PM

Thanks for the quick help Nov!!

I ran a full scan of malwarebytes and no malware/viruses were found. I appreciate everything youve done here and gotta say your a lifesaver!! If I could rep you on the forums I would.

Thanks ALOT!
Nik

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 24 March 2012 - 02:22 PM

Good evening. :)

If I could rep you on the forums I would.

Just PM me your bank details and we'll call it quits! :whistle:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just to clarify, the MBAM log that you posted, you ran the scan prior to the reboot?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sun Java needs updating, but sometimes it doesn't go according to plan, so for this I like to use a free utility available here called Revo Uninstaller - you want the Freeware version.

Install it, run it and select the following and have it remove them, accepting the default options:

Java Auto Updater
Java™ 6 Update 24


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Go here and click on the Windows XP/Vista/2000/2003/2008 Offline link in the Windows section near the top and save it to your Desktop.
Run the installer as normal to install Java and then put the installer somewhere safe - that way if you ever need to uninstall/reinstall you'll save yourself some bandwidth.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.

So long, and thanks for all the fish.

 

 


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:30 AM

Posted 27 March 2012 - 03:09 PM

As this issue appears to have been resolved, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users