Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

TDSS I think

Started by jmapcdoc , May 01 2012 07:53 PM

This topic is locked

23 replies to this topic

#1 jmapcdoc

New Member

Members
12 posts

Posted 01 May 2012 - 07:53 PM

I have been trying to clean this computer for a week and usually do not have this much of a problem. I need your help!! I am using Windows 7 Pro 64!!! These are the attachements requested!

Attached Files

DDS.txt 13.31K 1 downloads
Attach.txt 17.25K 1 downloads

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 12:25 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

#3 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 08:54 AM

These are the copies you requested, thank you very very much for your help. Compared to how it was running about 7-10 days ago it's running good now but the reason I contacted you was because I kept running into different malware or virus notification problems from MSE every time I thought I was clean I would run TDSSKILLER one more time and it would tell me I still had problems. I will follow your directions as you give them exactly!!

Copy of checkup text!!!!

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````

Copy of Combofix log!!!!

ComboFix 12-05-02.02 - winston 05/02/2012 8:18.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3966.2714 [GMT -5:00]
Running from: c:\users\winston\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 13:24 . 2012-05-02 13:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-02 13:24 . 2012-05-02 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 15:17 . 2012-05-01 15:17 -------- d-----w- c:\users\winston\AppData\Roaming\Malwarebytes
2012-05-01 15:17 . 2012-05-01 15:17 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 15:17 . 2012-05-01 15:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 12:14 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-05-01 03:45 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4ED9F41D-AB8A-4DF8-8743-0128784C893C}\mpengine.dll
2012-05-01 03:41 . 2012-05-01 03:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-01 03:18 . 2012-05-01 03:18 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-05-01 03:03 . 2012-05-01 03:03 -------- d-----w- c:\programdata\NVIDIA
2012-05-01 02:52 . 2012-05-01 02:52 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-05-01 02:51 . 2012-05-01 02:53 -------- d-----w- c:\program files\NVIDIA Corporation
2012-05-01 02:51 . 2010-08-12 16:46 758272 ----a-w- c:\windows\system32\cohelper.dll
2012-05-01 02:51 . 2010-08-10 03:33 11164 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-05-01 02:51 . 2012-05-01 02:51 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-01 00:52 . 2012-05-01 00:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-01 00:51 . 2012-05-01 00:51 -------- d-----w- c:\users\winston\AppData\Roaming\SUPERAntiSpyware.com
2012-05-01 00:51 . 2012-05-01 00:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-30 21:02 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-30 21:02 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-30 21:02 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-27 20:21 . 2012-04-27 20:21 -------- d-----w- C:\Quarantine
2012-04-27 17:56 . 2012-04-27 17:56 -------- d-----w- c:\users\winston\AppData\Local\Norman Malware Cleaner
2012-04-27 17:21 . 2012-04-27 17:21 -------- d-----we c:\windows\system64
2012-04-27 16:56 . 2012-04-28 15:23 -------- d-----w- c:\programdata\B7E85B35000435DB00703F80B4EB2331
2012-04-27 16:56 . 2012-04-27 21:55 -------- d-----w- c:\program files (x86)\Common Files\Analog
2012-04-27 03:25 . 2012-04-27 03:25 -------- d-----w- c:\program files\iPod
2012-04-27 03:25 . 2012-04-27 03:26 -------- d-----w- c:\program files (x86)\iTunes
2012-04-27 03:25 . 2012-04-27 03:26 -------- d-----w- c:\program files\iTunes
2012-04-14 21:08 . 2012-04-14 21:08 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2012-04-14 21:08 . 2012-04-14 21:08 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2012-04-13 10:28 . 2012-04-13 10:28 -------- d-----w- C:\Cache
2012-04-12 08:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 08:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 08:46 . 2011-12-24 12:04 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 20:56 . 2011-12-22 01:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44 . 2011-04-27 21:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2011-04-18 19:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-14 17:00 . 2011-06-06 07:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-14 07:17 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 07:17 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 07:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 07:17 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 20:21 . 2012-02-10 20:21 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E62215B4-5ED9-425A-A300-6FB48BAE4959}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 07:17 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 07:17 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 07:18 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-30_23.22.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 10:38 . 2010-07-10 10:38 56936 c:\windows\SysWOW64\OpenCL.dll
+ 2009-11-05 18:29 . 2012-05-02 13:27 42958 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-02 13:27 30254 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-05 18:13 . 2012-05-02 13:27 14628 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662776635-4278041600-1742292764-1001_UserData.bin
+ 2010-07-10 10:38 . 2010-07-10 10:38 65128 c:\windows\system64\OpenCL.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 61032 c:\windows\system64\nvshext.dll
+ 2009-07-14 05:30 . 2012-05-01 02:52 86016 c:\windows\system64\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-27 03:22 86016 c:\windows\system64\DriverStore\infpub.dat
+ 2010-07-10 10:38 . 2010-07-10 10:38 65128 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\OpenCL64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 56936 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\OpenCL.dll
+ 2012-05-01 02:51 . 2010-08-10 03:33 11164 c:\windows\system64\drivers\nvphy.bin
+ 2011-04-27 21:25 . 2012-03-21 01:44 98688 c:\windows\system64\drivers\NisDrvWFP.sys
+ 2011-12-22 01:51 . 2012-04-04 20:56 24904 c:\windows\system64\drivers\mbam.sys
+ 2009-11-05 17:19 . 2012-05-02 02:37 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-05 17:19 . 2012-04-30 21:06 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-05 17:19 . 2012-04-30 21:06 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-05 17:19 . 2012-05-02 02:37 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 21:06 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-02 02:37 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-05 18:29 . 2012-05-02 13:27 42958 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-02 13:27 30254 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-05 18:13 . 2012-05-02 13:27 14628 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662776635-4278041600-1742292764-1001_UserData.bin
+ 2010-07-10 10:38 . 2010-07-10 10:38 65128 c:\windows\system32\OpenCL.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 61032 c:\windows\system32\nvshext.dll
- 2009-07-14 05:30 . 2012-04-27 03:22 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-05-01 02:52 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-07-10 10:38 . 2010-07-10 10:38 65128 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\OpenCL64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 56936 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\OpenCL.dll
- 2009-11-05 17:19 . 2012-04-30 21:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-05 17:19 . 2012-05-02 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-05 17:19 . 2012-04-30 21:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-05 17:19 . 2012-05-02 02:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-02 02:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-30 21:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-01 02:53 . 2012-05-01 02:53 10134 c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe
+ 2012-05-01 02:52 . 2012-05-01 02:52 10134 c:\windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\wow_helper.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-05-02 13:25 . 2012-05-02 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-30 23:21 . 2012-04-30 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-30 23:21 . 2012-04-30 23:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-02 13:25 . 2012-05-02 13:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-05-01 02:51 634574 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-01 02:51 111454 c:\windows\system64\perfc009.dat
+ 2010-07-09 21:27 . 2010-07-09 21:27 159336 c:\windows\system64\nvvsvc.exe
+ 2010-07-09 21:27 . 2010-07-09 21:27 116328 c:\windows\system64\nvmctray.dll
+ 2010-08-12 15:14 . 2010-08-12 15:14 263784 c:\windows\system64\nvconrm.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system64\nvcod1922.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system64\nvcod.dll
+ 2010-08-12 16:46 . 2010-08-12 16:46 953344 c:\windows\system64\fdco2.dll
- 2009-07-14 05:30 . 2012-04-27 03:22 143360 c:\windows\system64\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-01 02:52 143360 c:\windows\system64\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-01 02:52 143360 c:\windows\system64\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-04-27 03:22 143360 c:\windows\system64\DriverStore\infstor.dat
+ 2010-08-12 15:14 . 2010-08-12 15:14 660072 c:\windows\system64\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvunrm.exe
+ 2010-08-12 17:07 . 2010-08-12 17:07 344680 c:\windows\system64\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvmfdx64.sys
+ 2010-08-12 17:07 . 2010-08-12 17:07 350952 c:\windows\system64\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvm62x64.sys
+ 2010-08-12 15:14 . 2010-08-12 15:14 263784 c:\windows\system64\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvconrm.dll
+ 2010-08-12 16:46 . 2010-08-12 16:46 953344 c:\windows\system64\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\fdco1.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 660072 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvudisp.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 261268 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvdrsdb.bin
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcod.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 930272 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\dpinst.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 189032 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\dbInstaller.exe
+ 2010-08-12 17:07 . 2010-08-12 17:07 350952 c:\windows\system64\drivers\nvmf6264.sys
+ 2011-04-18 19:18 . 2012-03-21 01:44 203888 c:\windows\system64\drivers\MpFilter.sys
+ 2010-07-10 10:38 . 2010-07-10 10:38 930272 c:\windows\system64\dpinst.exe
+ 2012-05-01 02:51 . 2010-08-12 16:46 758272 c:\windows\system64\cohelper.dll
+ 2009-07-14 02:36 . 2012-05-01 02:51 634574 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-01 02:51 111454 c:\windows\system32\perfc009.dat
+ 2010-07-09 21:27 . 2010-07-09 21:27 159336 c:\windows\system32\nvvsvc.exe
+ 2010-07-09 21:27 . 2010-07-09 21:27 116328 c:\windows\system32\nvmctray.dll
+ 2010-08-12 15:14 . 2010-08-12 15:14 263784 c:\windows\system32\nvconrm.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system32\nvcod1922.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system32\nvcod.dll
+ 2010-08-12 16:46 . 2010-08-12 16:46 953344 c:\windows\system32\fdco2.dll
- 2009-07-14 05:30 . 2012-04-27 03:22 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-05-01 02:52 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-04-27 03:22 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-05-01 02:52 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-08-12 15:14 . 2010-08-12 15:14 660072 c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvunrm.exe
+ 2010-08-12 17:07 . 2010-08-12 17:07 344680 c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvmfdx64.sys
+ 2010-08-12 17:07 . 2010-08-12 17:07 350952 c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvm62x64.sys
+ 2010-08-12 15:14 . 2010-08-12 15:14 263784 c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\nvconrm.dll
+ 2010-08-12 16:46 . 2010-08-12 16:46 953344 c:\windows\system32\DriverStore\FileRepository\nvfd6x64.inf_amd64_neutral_6548e16d80c85b6f\fdco1.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 660072 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvudisp.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 261268 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvdrsdb.bin
+ 2010-07-10 10:38 . 2010-07-10 10:38 260712 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcod.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 930272 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\dpinst.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 189032 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\dbInstaller.exe
+ 2010-08-12 17:07 . 2010-08-12 17:07 350952 c:\windows\system32\drivers\nvmf6264.sys
+ 2010-07-10 10:38 . 2010-07-10 10:38 930272 c:\windows\system32\dpinst.exe
+ 2009-07-14 04:46 . 2012-04-30 23:31 108208 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-04-30 21:59 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-02 13:25 261556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-01 02:51 . 2012-05-01 02:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-05-01 02:51 . 2012-05-01 02:51 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-05-01 02:51 . 2012-05-01 02:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-05-01 02:51 . 2012-05-01 02:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-05-01 02:51 . 2012-05-01 02:51 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2008-10-31 15:51 . 2008-10-31 15:51 1314816 c:\windows\SysWOW64\PVSonyDll.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 9818728 c:\windows\SysWOW64\nvd3dum.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2892904 c:\windows\SysWOW64\nvcuvid.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2506344 c:\windows\SysWOW64\nvcuvenc.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 4553832 c:\windows\SysWOW64\nvcuda.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 1625192 c:\windows\SysWOW64\nvapi.dll
+ 2008-10-31 15:51 . 2008-10-31 15:51 1319424 c:\windows\system64\PVSonyDll.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 1585256 c:\windows\system64\nvsvc64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 3089512 c:\windows\system64\nvcuvid.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2761832 c:\windows\system64\nvcuvenc.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 6116968 c:\windows\system64\nvcuda.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2037864 c:\windows\system64\nvapi64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 9818728 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvd3dum.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2892904 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvid32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 3089512 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvid.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2761832 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvenc64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2506344 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvenc.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 4553832 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuda32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 6116968 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuda.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2037864 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvapi64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 1625192 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvapi.dll
+ 2008-10-31 15:51 . 2008-10-31 15:51 1319424 c:\windows\system32\PVSonyDll.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 1585256 c:\windows\system32\nvsvc64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 3089512 c:\windows\system32\nvcuvid.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2761832 c:\windows\system32\nvcuvenc.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 6116968 c:\windows\system32\nvcuda.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2037864 c:\windows\system32\nvapi64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 9818728 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvd3dum.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2892904 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvid32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 3089512 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvid.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2761832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvenc64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2506344 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuvenc.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 4553832 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuda32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 6116968 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcuda.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 2037864 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvapi64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 1625192 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvapi.dll
+ 2012-05-01 02:52 . 2012-05-01 02:52 1796096 c:\windows\Installer\bfbe5c.msi
+ 2012-03-27 00:21 . 2012-03-27 00:21 7622656 c:\windows\Installer\bfbe55.msi
+ 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\22df1d.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 14092904 c:\windows\SysWOW64\nvoglv32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 10267240 c:\windows\SysWOW64\nvcompiler.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 19114088 c:\windows\system64\nvoglv64.dll
+ 2009-07-13 21:59 . 2010-07-10 10:38 12471400 c:\windows\system64\nvd3dumx.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 15314024 c:\windows\system64\nvcpl.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14513768 c:\windows\system64\nvcompiler.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 19114088 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvoglv64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14092904 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvoglv32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 13187176 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvlddmkm.sys
+ 2010-07-10 10:38 . 2010-07-10 10:38 12471400 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvd3dumx.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 51549944 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\NvCplSetupInt.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 10267240 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcompiler32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14513768 c:\windows\system64\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcompiler.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 13187176 c:\windows\system64\drivers\nvlddmkm.sys
+ 2010-07-10 10:38 . 2010-07-10 10:38 19114088 c:\windows\system32\nvoglv64.dll
+ 2009-07-13 21:59 . 2010-07-10 10:38 12471400 c:\windows\system32\nvd3dumx.dll
+ 2010-07-09 21:27 . 2010-07-09 21:27 15314024 c:\windows\system32\nvcpl.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14513768 c:\windows\system32\nvcompiler.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 19114088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvoglv64.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14092904 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvoglv32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 13187176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvlddmkm.sys
+ 2010-07-10 10:38 . 2010-07-10 10:38 12471400 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvd3dumx.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 51549944 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\NvCplSetupInt.exe
+ 2010-07-10 10:38 . 2010-07-10 10:38 10267240 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcompiler32.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 14513768 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_d2b638a3a492a5e9\nvcompiler.dll
+ 2010-07-10 10:38 . 2010-07-10 10:38 13187176 c:\windows\system32\drivers\nvlddmkm.sys
+ 2011-04-07 14:51 . 2012-05-02 13:25 31516240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-662776635-4278041600-1742292764-1001-12288.dat
+ 2012-04-04 11:17 . 2012-04-04 11:17 16613376 c:\windows\Installer\22df1e.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-11 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-30 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Easy Dock"="" [BU]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 135664]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 135664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 18:25]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-19 18:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Apple Computer - c:\windows\system32\config\systemprofile\AppData\Local\Sunbelt Software\Apple Computer\rjfiya.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:80,3f,e1,ab,b7,18,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,ba,39,62,56,4d,72,4c,9f,8f,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,ba,39,62,56,4d,72,4c,9f,8f,d8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Completion time: 2012-05-02 08:31:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 13:31
ComboFix2.txt 2012-04-30 23:28
ComboFix3.txt 2011-12-22 21:52
.
Pre-Run: 15,804,080,128 bytes free
Post-Run: 16,074,690,560 bytes free
.
- - End Of File - - B79BBE663CBE6ECAC55B93726635CCB9

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 12:59 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#5 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 02:51 PM

Here is the TDSS Log, the awsMBR log will follow in the next, there was not enough room in this reply!!!

14:15:11.0611 3252 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:15:11.0970 3252 ============================================================
14:15:11.0970 3252 Current date / time: 2012/05/02 14:15:11.0970
14:15:11.0970 3252 SystemInfo:
14:15:11.0970 3252
14:15:11.0970 3252 OS Version: 6.1.7601 ServicePack: 1.0
14:15:11.0970 3252 Product type: Workstation
14:15:11.0970 3252 ComputerName: WINSTON-PC
14:15:11.0970 3252 UserName: winston
14:15:11.0970 3252 Windows directory: C:\Windows
14:15:11.0970 3252 System windows directory: C:\Windows
14:15:11.0970 3252 Running under WOW64
14:15:11.0970 3252 Processor architecture: Intel x64
14:15:11.0970 3252 Number of processors: 4
14:15:11.0970 3252 Page size: 0x1000
14:15:11.0970 3252 Boot type: Normal boot
14:15:11.0970 3252 ============================================================
14:15:13.0000 3252 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:15:13.0000 3252 ============================================================
14:15:13.0000 3252 \Device\Harddisk0\DR0:
14:15:13.0000 3252 MBR partitions:
14:15:13.0000 3252 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
14:15:13.0000 3252 ============================================================
14:15:13.0031 3252 C: <-> \Device\Harddisk0\DR0\Partition0
14:15:13.0031 3252 ============================================================
14:15:13.0031 3252 Initialize success
14:15:13.0031 3252 ============================================================
14:15:32.0344 0624 ============================================================
14:15:32.0344 0624 Scan started
14:15:32.0344 0624 Mode: Manual; SigCheck; TDLFS;
14:15:32.0344 0624 ============================================================
14:15:32.0843 0624 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:15:32.0874 0624 !SASCORE - ok
14:15:33.0015 0624 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:15:33.0061 0624 1394ohci - ok
14:15:33.0139 0624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:15:33.0171 0624 ACPI - ok
14:15:33.0202 0624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:15:33.0217 0624 AcpiPmi - ok
14:15:33.0327 0624 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:33.0342 0624 AdobeARMservice - ok
14:15:33.0373 0624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:15:33.0389 0624 adp94xx - ok
14:15:33.0420 0624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:15:33.0467 0624 adpahci - ok
14:15:33.0498 0624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:15:33.0514 0624 adpu320 - ok
14:15:33.0545 0624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:15:33.0576 0624 AeLookupSvc - ok
14:15:33.0654 0624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:15:33.0732 0624 AFD - ok
14:15:33.0763 0624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:15:33.0779 0624 agp440 - ok
14:15:33.0795 0624 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:15:33.0810 0624 ALG - ok
14:15:33.0810 0624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:15:33.0826 0624 aliide - ok
14:15:33.0873 0624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:15:33.0873 0624 amdide - ok
14:15:33.0888 0624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:15:33.0919 0624 AmdK8 - ok
14:15:33.0951 0624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:15:33.0997 0624 AmdPPM - ok
14:15:34.0029 0624 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:15:34.0044 0624 amdsata - ok
14:15:34.0060 0624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:15:34.0075 0624 amdsbs - ok
14:15:34.0091 0624 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:15:34.0091 0624 amdxata - ok
14:15:34.0122 0624 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:15:34.0153 0624 AppID - ok
14:15:34.0185 0624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:15:34.0247 0624 AppIDSvc - ok
14:15:34.0309 0624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:15:34.0372 0624 Appinfo - ok
14:15:34.0465 0624 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:15:34.0481 0624 Apple Mobile Device - ok
14:15:34.0512 0624 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
14:15:34.0528 0624 AppMgmt - ok
14:15:34.0559 0624 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:15:34.0575 0624 arc - ok
14:15:34.0575 0624 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:15:34.0590 0624 arcsas - ok
14:15:34.0606 0624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:15:34.0668 0624 AsyncMac - ok
14:15:34.0699 0624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:15:34.0715 0624 atapi - ok
14:15:34.0777 0624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:15:34.0840 0624 AudioEndpointBuilder - ok
14:15:34.0840 0624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:15:34.0887 0624 AudioSrv - ok
14:15:34.0933 0624 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:15:34.0965 0624 AxInstSV - ok
14:15:35.0011 0624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:15:35.0074 0624 b06bdrv - ok
14:15:35.0089 0624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:15:35.0152 0624 b57nd60a - ok
14:15:35.0167 0624 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:15:35.0230 0624 BDESVC - ok
14:15:35.0261 0624 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:15:35.0292 0624 Beep - ok
14:15:35.0386 0624 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:15:35.0464 0624 BFE - ok
14:15:35.0557 0624 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:15:35.0635 0624 BITS - ok
14:15:35.0667 0624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:15:35.0713 0624 blbdrive - ok
14:15:35.0791 0624 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:15:35.0807 0624 Bonjour Service - ok
14:15:35.0869 0624 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:15:35.0885 0624 bowser - ok
14:15:35.0901 0624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:15:35.0947 0624 BrFiltLo - ok
14:15:35.0947 0624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:15:35.0963 0624 BrFiltUp - ok
14:15:35.0994 0624 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:15:36.0025 0624 BridgeMP - ok
14:15:36.0072 0624 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:15:36.0103 0624 Browser - ok
14:15:36.0119 0624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:15:36.0181 0624 Brserid - ok
14:15:36.0197 0624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:15:36.0228 0624 BrSerWdm - ok
14:15:36.0244 0624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:15:36.0275 0624 BrUsbMdm - ok
14:15:36.0306 0624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:15:36.0322 0624 BrUsbSer - ok
14:15:36.0337 0624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:15:36.0369 0624 BTHMODEM - ok
14:15:36.0415 0624 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:15:36.0478 0624 bthserv - ok
14:15:36.0540 0624 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
14:15:36.0556 0624 BVRPMPR5a64 - ok
14:15:36.0587 0624 catchme - ok
14:15:36.0681 0624 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:15:36.0743 0624 cdfs - ok
14:15:36.0805 0624 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:15:36.0821 0624 cdrom - ok
14:15:36.0852 0624 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:15:36.0915 0624 CertPropSvc - ok
14:15:36.0930 0624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:15:36.0977 0624 circlass - ok
14:15:37.0024 0624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:15:37.0071 0624 CLFS - ok
14:15:37.0133 0624 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:15:37.0149 0624 clr_optimization_v2.0.50727_32 - ok
14:15:37.0211 0624 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:15:37.0227 0624 clr_optimization_v2.0.50727_64 - ok
14:15:37.0336 0624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:15:37.0336 0624 clr_optimization_v4.0.30319_32 - ok
14:15:37.0398 0624 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:15:37.0414 0624 clr_optimization_v4.0.30319_64 - ok
14:15:37.0429 0624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:15:37.0461 0624 CmBatt - ok
14:15:37.0492 0624 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:15:37.0507 0624 cmdide - ok
14:15:37.0554 0624 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:15:37.0585 0624 CNG - ok
14:15:37.0617 0624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:15:37.0632 0624 Compbatt - ok
14:15:37.0679 0624 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:15:37.0710 0624 CompositeBus - ok
14:15:37.0710 0624 COMSysApp - ok
14:15:37.0741 0624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:15:37.0741 0624 crcdisk - ok
14:15:37.0788 0624 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
14:15:37.0819 0624 CryptSvc - ok
14:15:37.0913 0624 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
14:15:37.0991 0624 CSC - ok
14:15:38.0038 0624 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
14:15:38.0100 0624 CscService - ok
14:15:38.0147 0624 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:15:38.0209 0624 DcomLaunch - ok
14:15:38.0256 0624 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:15:38.0350 0624 defragsvc - ok
14:15:38.0443 0624 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:15:38.0506 0624 DfsC - ok
14:15:38.0537 0624 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:15:38.0615 0624 Dhcp - ok
14:15:38.0662 0624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:15:38.0724 0624 discache - ok
14:15:38.0755 0624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:15:38.0771 0624 Disk - ok
14:15:38.0818 0624 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:15:38.0833 0624 Dnscache - ok
14:15:38.0880 0624 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:15:38.0974 0624 dot3svc - ok
14:15:39.0005 0624 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:15:39.0067 0624 DPS - ok
14:15:39.0099 0624 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:15:39.0130 0624 drmkaud - ok
14:15:39.0223 0624 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:15:39.0255 0624 DXGKrnl - ok
14:15:39.0286 0624 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:15:39.0348 0624 EapHost - ok
14:15:39.0504 0624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:15:39.0645 0624 ebdrv - ok
14:15:39.0723 0624 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:15:39.0754 0624 EFS - ok
14:15:39.0832 0624 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:15:39.0941 0624 ehRecvr - ok
14:15:39.0972 0624 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:15:39.0988 0624 ehSched - ok
14:15:40.0050 0624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:15:40.0097 0624 elxstor - ok
14:15:40.0144 0624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:15:40.0175 0624 ErrDev - ok
14:15:40.0237 0624 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:15:40.0284 0624 EventSystem - ok
14:15:40.0300 0624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:15:40.0362 0624 exfat - ok
14:15:40.0393 0624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:15:40.0440 0624 fastfat - ok
14:15:40.0503 0624 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:15:40.0581 0624 Fax - ok
14:15:40.0612 0624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:15:40.0643 0624 fdc - ok
14:15:40.0674 0624 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:15:40.0737 0624 fdPHost - ok
14:15:40.0752 0624 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:15:40.0799 0624 FDResPub - ok
14:15:40.0830 0624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:15:40.0830 0624 FileInfo - ok
14:15:40.0846 0624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:15:40.0877 0624 Filetrace - ok
14:15:40.0893 0624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:15:40.0893 0624 flpydisk - ok
14:15:40.0955 0624 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:15:40.0971 0624 FltMgr - ok
14:15:41.0064 0624 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:15:41.0142 0624 FontCache - ok
14:15:41.0236 0624 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:15:41.0251 0624 FontCache3.0.0.0 - ok
14:15:41.0283 0624 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:15:41.0298 0624 FsDepends - ok
14:15:41.0345 0624 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:15:41.0361 0624 Fs_Rec - ok
14:15:41.0376 0624 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:15:41.0407 0624 fvevol - ok
14:15:41.0423 0624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:15:41.0439 0624 gagp30kx - ok
14:15:41.0485 0624 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:15:41.0485 0624 GEARAspiWDM - ok
14:15:41.0563 0624 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:15:41.0626 0624 gpsvc - ok
14:15:41.0751 0624 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:41.0751 0624 gupdate - ok
14:15:41.0782 0624 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:15:41.0782 0624 gupdatem - ok
14:15:41.0829 0624 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:15:41.0844 0624 gusvc - ok
14:15:41.0860 0624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:15:41.0907 0624 hcw85cir - ok
14:15:41.0953 0624 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:15:42.0016 0624 HdAudAddService - ok
14:15:42.0047 0624 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:15:42.0078 0624 HDAudBus - ok
14:15:42.0109 0624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:15:42.0141 0624 HidBatt - ok
14:15:42.0172 0624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:15:42.0187 0624 HidBth - ok
14:15:42.0187 0624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:15:42.0203 0624 HidIr - ok
14:15:42.0234 0624 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:15:42.0281 0624 hidserv - ok
14:15:42.0297 0624 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:15:42.0312 0624 HidUsb - ok
14:15:42.0328 0624 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:15:42.0390 0624 hkmsvc - ok
14:15:42.0453 0624 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:15:42.0546 0624 HomeGroupListener - ok
14:15:42.0593 0624 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:15:42.0671 0624 HomeGroupProvider - ok
14:15:42.0733 0624 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:15:42.0733 0624 HpSAMD - ok
14:15:42.0796 0624 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:15:42.0905 0624 HTTP - ok
14:15:42.0952 0624 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:15:42.0967 0624 hwpolicy - ok
14:15:42.0983 0624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:15:42.0999 0624 i8042prt - ok
14:15:43.0030 0624 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:15:43.0092 0624 iaStorV - ok
14:15:43.0170 0624 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:15:43.0233 0624 idsvc - ok
14:15:43.0264 0624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:15:43.0279 0624 iirsp - ok
14:15:43.0342 0624 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:15:43.0404 0624 IKEEXT - ok
14:15:43.0435 0624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:15:43.0451 0624 intelide - ok
14:15:43.0451 0624 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:15:43.0498 0624 intelppm - ok
14:15:43.0529 0624 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:15:43.0591 0624 IPBusEnum - ok
14:15:43.0623 0624 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:15:43.0685 0624 IpFilterDriver - ok
14:15:43.0763 0624 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:15:43.0888 0624 iphlpsvc - ok
14:15:43.0919 0624 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:15:43.0919 0624 IPMIDRV - ok
14:15:43.0950 0624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:15:44.0013 0624 IPNAT - ok
14:15:44.0122 0624 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:15:44.0153 0624 iPod Service - ok
14:15:44.0153 0624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:15:44.0231 0624 IRENUM - ok
14:15:44.0278 0624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:15:44.0293 0624 isapnp - ok
14:15:44.0325 0624 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:15:44.0387 0624 iScsiPrt - ok
14:15:44.0387 0624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:15:44.0403 0624 kbdclass - ok
14:15:44.0434 0624 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
14:15:44.0465 0624 kbdhid - ok
14:15:44.0496 0624 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:44.0512 0624 KeyIso - ok
14:15:44.0543 0624 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:15:44.0559 0624 KSecDD - ok
14:15:44.0574 0624 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:15:44.0590 0624 KSecPkg - ok
14:15:44.0621 0624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:15:44.0683 0624 ksthunk - ok
14:15:44.0730 0624 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:15:44.0808 0624 KtmRm - ok
14:15:44.0871 0624 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:15:44.0949 0624 LanmanServer - ok
14:15:44.0995 0624 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:15:45.0058 0624 LanmanWorkstation - ok
14:15:45.0089 0624 Lbd - ok
14:15:45.0105 0624 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:15:45.0151 0624 lltdio - ok
14:15:45.0214 0624 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:15:45.0307 0624 lltdsvc - ok
14:15:45.0323 0624 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:15:45.0354 0624 lmhosts - ok
14:15:45.0370 0624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:15:45.0385 0624 LSI_FC - ok
14:15:45.0401 0624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:15:45.0417 0624 LSI_SAS - ok
14:15:45.0432 0624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:15:45.0432 0624 LSI_SAS2 - ok
14:15:45.0463 0624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:15:45.0479 0624 LSI_SCSI - ok
14:15:45.0495 0624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:15:45.0526 0624 luafv - ok
14:15:45.0573 0624 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:15:45.0604 0624 Mcx2Svc - ok
14:15:45.0635 0624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:15:45.0651 0624 megasas - ok
14:15:45.0651 0624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:15:45.0713 0624 MegaSR - ok
14:15:45.0744 0624 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:15:45.0807 0624 MMCSS - ok
14:15:45.0822 0624 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:15:45.0885 0624 Modem - ok
14:15:45.0963 0624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:15:45.0994 0624 monitor - ok
14:15:46.0041 0624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:15:46.0056 0624 mouclass - ok
14:15:46.0072 0624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:15:46.0103 0624 mouhid - ok
14:15:46.0150 0624 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:15:46.0150 0624 mountmgr - ok
14:15:46.0197 0624 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
14:15:46.0197 0624 MpFilter - ok
14:15:46.0259 0624 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:15:46.0275 0624 mpio - ok
14:15:46.0275 0624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:15:46.0321 0624 mpsdrv - ok
14:15:46.0399 0624 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:15:46.0493 0624 MpsSvc - ok
14:15:46.0540 0624 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:15:46.0571 0624 MRxDAV - ok
14:15:46.0649 0624 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:15:46.0696 0624 mrxsmb - ok
14:15:46.0743 0624 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:15:46.0789 0624 mrxsmb10 - ok
14:15:46.0821 0624 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:15:46.0836 0624 mrxsmb20 - ok
14:15:46.0883 0624 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:15:46.0883 0624 msahci - ok
14:15:46.0899 0624 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:15:46.0914 0624 msdsm - ok
14:15:46.0945 0624 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:15:46.0992 0624 MSDTC - ok
14:15:47.0039 0624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:15:47.0070 0624 Msfs - ok
14:15:47.0086 0624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:15:47.0117 0624 mshidkmdf - ok
14:15:47.0164 0624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:15:47.0164 0624 msisadrv - ok
14:15:47.0195 0624 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:15:47.0257 0624 MSiSCSI - ok
14:15:47.0257 0624 msiserver - ok
14:15:47.0289 0624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:15:47.0351 0624 MSKSSRV - ok
14:15:47.0445 0624 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:15:47.0460 0624 MsMpSvc - ok
14:15:47.0476 0624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:15:47.0523 0624 MSPCLOCK - ok
14:15:47.0523 0624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:15:47.0569 0624 MSPQM - ok
14:15:47.0616 0624 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:15:47.0663 0624 MsRPC - ok
14:15:47.0694 0624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:15:47.0710 0624 mssmbios - ok
14:15:47.0710 0624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:15:47.0772 0624 MSTEE - ok
14:15:47.0788 0624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:15:47.0819 0624 MTConfig - ok
14:15:47.0850 0624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:15:47.0866 0624 Mup - ok
14:15:47.0913 0624 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:15:48.0022 0624 napagent - ok
14:15:48.0053 0624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:15:48.0100 0624 NativeWifiP - ok
14:15:48.0178 0624 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:15:48.0240 0624 NDIS - ok
14:15:48.0271 0624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:15:48.0334 0624 NdisCap - ok
14:15:48.0365 0624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:15:48.0396 0624 NdisTapi - ok
14:15:48.0443 0624 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:15:48.0490 0624 Ndisuio - ok
14:15:48.0537 0624 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:15:48.0599 0624 NdisWan - ok
14:15:48.0646 0624 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:15:48.0693 0624 NDProxy - ok
14:15:48.0693 0624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:15:48.0755 0624 NetBIOS - ok
14:15:48.0802 0624 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:15:48.0849 0624 NetBT - ok
14:15:48.0864 0624 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:48.0880 0624 Netlogon - ok
14:15:48.0911 0624 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:15:48.0973 0624 Netman - ok
14:15:49.0020 0624 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:15:49.0129 0624 netprofm - ok
14:15:49.0223 0624 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:15:49.0223 0624 NetTcpPortSharing - ok
14:15:49.0254 0624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:15:49.0270 0624 nfrd960 - ok
14:15:49.0301 0624 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:15:49.0317 0624 NisDrv - ok
14:15:49.0395 0624 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
14:15:49.0457 0624 NisSrv - ok
14:15:49.0504 0624 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:15:49.0597 0624 NlaSvc - ok
14:15:49.0644 0624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:15:49.0675 0624 Npfs - ok
14:15:49.0691 0624 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:15:49.0738 0624 nsi - ok
14:15:49.0753 0624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:15:49.0785 0624 nsiproxy - ok
14:15:49.0894 0624 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:15:49.0925 0624 Ntfs - ok
14:15:50.0019 0624 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:15:50.0065 0624 Null - ok
14:15:50.0112 0624 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
14:15:50.0175 0624 NVENETFD - ok
14:15:50.0736 0624 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:15:50.0939 0624 nvlddmkm - ok
14:15:51.0017 0624 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
14:15:51.0033 0624 NVNET - ok
14:15:51.0079 0624 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:15:51.0095 0624 nvraid - ok
14:15:51.0142 0624 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:15:51.0157 0624 nvstor - ok
14:15:51.0204 0624 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
14:15:51.0204 0624 nvsvc - ok
14:15:51.0251 0624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:15:51.0267 0624 nv_agp - ok
14:15:51.0298 0624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:15:51.0329 0624 ohci1394 - ok
14:15:51.0376 0624 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:15:51.0454 0624 p2pimsvc - ok
14:15:51.0469 0624 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:15:51.0547 0624 p2psvc - ok
14:15:51.0579 0624 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:15:51.0594 0624 Parport - ok
14:15:51.0641 0624 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
14:15:51.0657 0624 partmgr - ok
14:15:51.0657 0624 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:15:51.0703 0624 PcaSvc - ok
14:15:51.0766 0624 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:15:51.0781 0624 pci - ok
14:15:51.0797 0624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:15:51.0813 0624 pciide - ok
14:15:51.0828 0624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:15:51.0844 0624 pcmcia - ok
14:15:51.0875 0624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:15:51.0891 0624 pcw - ok
14:15:51.0922 0624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:15:52.0000 0624 PEAUTH - ok
14:15:52.0093 0624 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
14:15:52.0187 0624 PeerDistSvc - ok
14:15:52.0249 0624 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:15:52.0249 0624 PerfHost - ok
14:15:52.0390 0624 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:15:52.0483 0624 pla - ok
14:15:52.0546 0624 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:15:52.0639 0624 PlugPlay - ok
14:15:52.0671 0624 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:15:52.0686 0624 PNRPAutoReg - ok
14:15:52.0702 0624 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:15:52.0717 0624 PNRPsvc - ok
14:15:52.0764 0624 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:15:52.0858 0624 PolicyAgent - ok
14:15:52.0873 0624 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:15:52.0920 0624 Power - ok
14:15:52.0983 0624 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:15:53.0045 0624 PptpMiniport - ok
14:15:53.0076 0624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:15:53.0107 0624 Processor - ok
14:15:53.0139 0624 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
14:15:53.0217 0624 ProfSvc - ok
14:15:53.0232 0624 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:53.0248 0624 ProtectedStorage - ok
14:15:53.0310 0624 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:15:53.0373 0624 Psched - ok
14:15:53.0435 0624 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
14:15:53.0435 0624 PxHlpa64 - ok
14:15:53.0497 0624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:15:53.0529 0624 ql2300 - ok
14:15:53.0591 0624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:53.0607 0624 ql40xx - ok
14:15:53.0638 0624 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:15:53.0669 0624 QWAVE - ok
14:15:53.0685 0624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:15:53.0700 0624 QWAVEdrv - ok
14:15:53.0716 0624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:15:53.0763 0624 RasAcd - ok
14:15:53.0809 0624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:53.0841 0624 RasAgileVpn - ok
14:15:53.0856 0624 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:15:53.0903 0624 RasAuto - ok
14:15:53.0950 0624 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:54.0012 0624 Rasl2tp - ok
14:15:54.0059 0624 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:15:54.0106 0624 RasMan - ok
14:15:54.0137 0624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:54.0199 0624 RasPppoe - ok
14:15:54.0215 0624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:15:54.0277 0624 RasSstp - ok
14:15:54.0340 0624 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:15:54.0433 0624 rdbss - ok
14:15:54.0480 0624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:54.0511 0624 rdpbus - ok
14:15:54.0527 0624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:54.0589 0624 RDPCDD - ok
14:15:54.0636 0624 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
14:15:54.0667 0624 RDPDR - ok
14:15:54.0667 0624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:15:54.0714 0624 RDPENCDD - ok
14:15:54.0714 0624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:15:54.0761 0624 RDPREFMP - ok
14:15:54.0808 0624 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
14:15:54.0823 0624 RDPWD - ok
14:15:54.0855 0624 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:15:54.0886 0624 rdyboost - ok
14:15:54.0901 0624 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:15:54.0948 0624 RemoteAccess - ok
14:15:54.0979 0624 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:15:55.0042 0624 RemoteRegistry - ok
14:15:55.0057 0624 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:15:55.0120 0624 RpcEptMapper - ok
14:15:55.0151 0624 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:15:55.0198 0624 RpcLocator - ok
14:15:55.0245 0624 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:15:55.0291 0624 RpcSs - ok
14:15:55.0338 0624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:15:55.0369 0624 rspndr - ok
14:15:55.0401 0624 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
14:15:55.0416 0624 s3cap - ok
14:15:55.0447 0624 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:15:55.0447 0624 SamSs - ok
14:15:55.0572 0624 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:15:55.0572 0624 SASDIFSV - ok
14:15:55.0588 0624 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:15:55.0603 0624 SASKUTIL - ok
14:15:55.0650 0624 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:15:55.0666 0624 sbp2port - ok
14:15:55.0697 0624 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:15:55.0775 0624 SCardSvr - ok
14:15:55.0806 0624 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:15:55.0869 0624 scfilter - ok
14:15:55.0962 0624 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:15:56.0040 0624 Schedule - ok
14:15:56.0087 0624 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:15:56.0118 0624 SCPolicySvc - ok
14:15:56.0165 0624 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:15:56.0227 0624 SDRSVC - ok
14:15:56.0259 0624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:15:56.0290 0624 secdrv - ok
14:15:56.0337 0624 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:15:56.0399 0624 seclogon - ok
14:15:56.0430 0624 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:15:56.0493 0624 SENS - ok
14:15:56.0508 0624 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:15:56.0539 0624 SensrSvc - ok
14:15:56.0555 0624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:15:56.0586 0624 Serenum - ok
14:15:56.0617 0624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:15:56.0649 0624 Serial - ok
14:15:56.0680 0624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:15:56.0711 0624 sermouse - ok
14:15:56.0758 0624 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:15:56.0820 0624 SessionEnv - ok
14:15:56.0851 0624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:15:56.0898 0624 sffdisk - ok
14:15:56.0914 0624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:15:56.0929 0624 sffp_mmc - ok
14:15:56.0945 0624 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:15:56.0976 0624 sffp_sd - ok
14:15:57.0007 0624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:57.0007 0624 sfloppy - ok
14:15:57.0054 0624 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:15:57.0148 0624 SharedAccess - ok
14:15:57.0226 0624 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:15:57.0288 0624 ShellHWDetection - ok
14:15:57.0304 0624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:57.0319 0624 SiSRaid2 - ok
14:15:57.0319 0624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:57.0335 0624 SiSRaid4 - ok
14:15:57.0351 0624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:15:57.0397 0624 Smb - ok
14:15:57.0429 0624 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:15:57.0460 0624 SNMPTRAP - ok
14:15:57.0491 0624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:15:57.0507 0624 spldr - ok
14:15:57.0553 0624 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:15:57.0600 0624 Spooler - ok
14:15:57.0756 0624 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:15:57.0834 0624 sppsvc - ok
14:15:57.0912 0624 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:15:57.0959 0624 sppuinotify - ok
14:15:58.0037 0624 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:15:58.0115 0624 srv - ok
14:15:58.0177 0624 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:15:58.0271 0624 srv2 - ok
14:15:58.0287 0624 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:15:58.0318 0624 srvnet - ok
14:15:58.0333 0624 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:15:58.0396 0624 SSDPSRV - ok
14:15:58.0427 0624 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:15:58.0458 0624 SstpSvc - ok
14:15:58.0474 0624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:15:58.0489 0624 stexstor - ok
14:15:58.0552 0624 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:15:58.0614 0624 stisvc - ok
14:15:58.0661 0624 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
14:15:58.0661 0624 storflt - ok
14:15:58.0708 0624 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
14:15:58.0723 0624 StorSvc - ok
14:15:58.0770 0624 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
14:15:58.0786 0624 storvsc - ok
14:15:58.0817 0624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:15:58.0833 0624 swenum - ok
14:15:58.0864 0624 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:15:58.0973 0624 swprv - ok
14:15:59.0082 0624 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:15:59.0145 0624 SysMain - ok
14:15:59.0238 0624 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:15:59.0269 0624 TabletInputService - ok
14:15:59.0316 0624 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:15:59.0363 0624 TapiSrv - ok
14:15:59.0394 0624 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:15:59.0441 0624 TBS - ok
14:15:59.0550 0624 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
14:15:59.0659 0624 Tcpip - ok
14:15:59.0753 0624 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
14:15:59.0800 0624 TCPIP6 - ok
14:15:59.0862 0624 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:15:59.0925 0624 tcpipreg - ok
14:15:59.0971 0624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:16:00.0003 0624 TDPIPE - ok
14:16:00.0034 0624 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:16:00.0065 0624 TDTCP - ok
14:16:00.0127 0624 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:16:00.0174 0624 tdx - ok
14:16:00.0221 0624 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:16:00.0237 0624 TermDD - ok
14:16:00.0299 0624 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:16:00.0330 0624 TermService - ok
14:16:00.0346 0624 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:16:00.0393 0624 Themes - ok
14:16:00.0424 0624 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:16:00.0455 0624 THREADORDER - ok
14:16:00.0502 0624 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:16:00.0533 0624 TrkWks - ok
14:16:00.0611 0624 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:16:00.0658 0624 TrustedInstaller - ok
14:16:00.0705 0624 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:16:00.0736 0624 tssecsrv - ok
14:16:00.0783 0624 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:16:00.0829 0624 TsUsbFlt - ok
14:16:00.0876 0624 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:16:00.0939 0624 tunnel - ok
14:16:00.0970 0624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:16:00.0985 0624 uagp35 - ok
14:16:01.0032 0624 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:16:01.0126 0624 udfs - ok
14:16:01.0157 0624 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:16:01.0173 0624 UI0Detect - ok
14:16:01.0188 0624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:16:01.0188 0624 uliagpkx - ok
14:16:01.0219 0624 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:16:01.0251 0624 umbus - ok
14:16:01.0282 0624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:16:01.0297 0624 UmPass - ok
14:16:01.0329 0624 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
14:16:01.0407 0624 UmRdpService - ok
14:16:01.0438 0624 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:16:01.0531 0624 upnphost - ok
14:16:01.0594 0624 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
14:16:01.0625 0624 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
14:16:01.0625 0624 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
14:16:01.0687 0624 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:16:01.0703 0624 usbccgp - ok
14:16:01.0750 0624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:16:01.0765 0624 usbcir - ok
14:16:01.0797 0624 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:16:01.0812 0624 usbehci - ok
14:16:01.0859 0624 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:16:01.0906 0624 usbhub - ok
14:16:01.0937 0624 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:16:01.0953 0624 usbohci - ok
14:16:01.0968 0624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:16:01.0999 0624 usbprint - ok
14:16:02.0046 0624 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:16:02.0077 0624 usbscan - ok
14:16:02.0109 0624 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:16:02.0140 0624 USBSTOR - ok
14:16:02.0171 0624 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:16:02.0187 0624 usbuhci - ok
14:16:02.0218 0624 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:16:02.0280 0624 UxSms - ok
14:16:02.0311 0624 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:16:02.0327 0624 VaultSvc - ok
14:16:02.0358 0624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:16:02.0374 0624 vdrvroot - ok
14:16:02.0421 0624 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:16:02.0514 0624 vds - ok
14:16:02.0545 0624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:16:02.0545 0624 vga - ok
14:16:02.0561 0624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:16:02.0623 0624 VgaSave - ok
14:16:02.0670 0624 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:16:02.0717 0624 vhdmp - ok
14:16:02.0764 0624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:16:02.0764 0624 viaide - ok
14:16:02.0811 0624 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
14:16:02.0826 0624 vmbus - ok
14:16:02.0904 0624 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
14:16:02.0935 0624 VMBusHID - ok
14:16:02.0967 0624 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:16:02.0982 0624 volmgr - ok
14:16:03.0029 0624 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:16:03.0076 0624 volmgrx - ok
14:16:03.0107 0624 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:16:03.0123 0624 volsnap - ok
14:16:03.0138 0624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:16:03.0154 0624 vsmraid - ok
14:16:03.0232 0624 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:16:03.0357 0624 VSS - ok
14:16:03.0450 0624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:16:03.0481 0624 vwifibus - ok
14:16:03.0528 0624 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:16:03.0575 0624 W32Time - ok
14:16:03.0606 0624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:16:03.0606 0624 WacomPen - ok
14:16:03.0622 0624 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:03.0684 0624 WANARP - ok
14:16:03.0700 0624 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:16:03.0731 0624 Wanarpv6 - ok
14:16:03.0825 0624 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:16:03.0903 0624 WatAdminSvc - ok
14:16:03.0996 0624 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:16:04.0074 0624 wbengine - ok
14:16:04.0121 0624 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:16:04.0152 0624 WbioSrvc - ok
14:16:04.0199 0624 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:16:04.0246 0624 wcncsvc - ok
14:16:04.0277 0624 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:16:04.0324 0624 WcsPlugInService - ok
14:16:04.0355 0624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:16:04.0355 0624 Wd - ok
14:16:04.0386 0624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:16:04.0464 0624 Wdf01000 - ok
14:16:04.0464 0624 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:04.0511 0624 WdiServiceHost - ok
14:16:04.0527 0624 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:16:04.0542 0624 WdiSystemHost - ok
14:16:04.0573 0624 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:16:04.0667 0624 WebClient - ok
14:16:04.0698 0624 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:16:04.0776 0624 Wecsvc - ok
14:16:04.0792 0624 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:16:04.0854 0624 wercplsupport - ok
14:16:04.0870 0624 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:16:04.0932 0624 WerSvc - ok
14:16:04.0995 0624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:16:05.0026 0624 WfpLwf - ok
14:16:05.0026 0624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:16:05.0041 0624 WIMMount - ok
14:16:05.0073 0624 WinDefend - ok
14:16:05.0088 0624 WinHttpAutoProxySvc - ok
14:16:05.0151 0624 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:16:05.0229 0624 Winmgmt - ok
14:16:05.0338 0624 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:16:05.0478 0624 WinRM - ok
14:16:05.0619 0624 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:16:05.0634 0624 WinUsb - ok
14:16:05.0681 0624 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:16:05.0759 0624 Wlansvc - ok
14:16:05.0790 0624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:16:05.0806 0624 WmiAcpi - ok
14:16:05.0837 0624 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:16:05.0853 0624 wmiApSrv - ok
14:16:05.0853 0624 WMPNetworkSvc - ok
14:16:05.0868 0624 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:16:05.0884 0624 WPCSvc - ok
14:16:05.0931 0624 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:16:05.0946 0624 WPDBusEnum - ok
14:16:05.0977 0624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:16:06.0009 0624 ws2ifsl - ok
14:16:06.0040 0624 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:16:06.0087 0624 wscsvc - ok
14:16:06.0102 0624 WSearch - ok
14:16:06.0227 0624 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
14:16:06.0336 0624 wuauserv - ok
14:16:06.0414 0624 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:16:06.0461 0624 WudfPf - ok
14:16:06.0492 0624 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:16:06.0539 0624 WUDFRd - ok
14:16:06.0570 0624 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:16:06.0617 0624 wudfsvc - ok
14:16:06.0648 0624 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:16:06.0679 0624 WwanSvc - ok
14:16:06.0679 0624 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:16:06.0742 0624 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:16:06.0742 0624 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:16:06.0742 0624 Boot (0x1200) (8302744272a22a17ded8a6994d7c8c6b) \Device\Harddisk0\DR0\Partition0
14:16:06.0742 0624 \Device\Harddisk0\DR0\Partition0 - ok
14:16:06.0742 0624 ============================================================
14:16:06.0742 0624 Scan finished
14:16:06.0742 0624 ============================================================
14:16:06.0757 2704 Detected object count: 2
14:16:06.0757 2704 Actual detected object count: 2
14:16:45.0851 2704 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:16:45.0851 2704 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:16:45.0851 2704 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
14:16:45.0851 2704 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#6 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 02:54 PM

This is the awsMBR.txt!!!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 14:24:20
-----------------------------
14:24:20.387 OS Version: Windows x64 6.1.7601 Service Pack 1
14:24:20.387 Number of processors: 4 586 0x203
14:24:20.387 ComputerName: WINSTON-PC UserName: winston
14:24:20.746 Initialize success
14:24:51.532 AVAST engine defs: 12050200
14:25:22.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
14:25:22.483 Disk 0 Vendor: WDC_WD80 06.0 Size: 76319MB BusType: 3
14:25:22.514 Disk 0 MBR read successfully
14:25:22.514 Disk 0 MBR scan
14:25:22.514 Disk 0 Windows VISTA default MBR code
14:25:22.514 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
14:25:22.545 Disk 0 scanning C:\Windows\system32\drivers
14:25:32.373 Service scanning
14:25:54.244 Modules scanning
14:25:54.244 Disk 0 trace - called modules:
14:25:54.260 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
14:25:54.260 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800438f060]
14:25:54.260 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80037ddd80]
14:25:54.275 5 ACPI.sys[fffff88000eed7a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80037de9c0]
14:25:54.619 AVAST engine scan C:\Windows
14:25:56.444 AVAST engine scan C:\Windows\system32
14:29:02.895 AVAST engine scan C:\Windows\system32\drivers
14:29:14.096 AVAST engine scan C:\Users\winston
14:31:07.492 AVAST engine scan C:\ProgramData
14:32:01.811 Scan finished successfully
14:42:07.154 Disk 0 MBR has been saved successfully to "C:\Users\winston\Desktop\MBR.dat"
14:42:07.154 The log file has been saved successfully to "C:\Users\winston\Desktop\aswMBR.txt"

#7 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 03:16 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]

#8 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 06:49 PM

This is the log you requested!!!

Scan result of Farbar Recovery Scan Tool Version: 02-05-2012 01
Ran by SYSTEM at 02-05-2012 18:35:43
Running from E:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Easy Dock] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKU\winston\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-03-11] (Google Inc.)
HKU\winston\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\winston\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-04-30] (SUPERAntiSpyware.com)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 BVRPMPR5a64; C:\Windows\System32\Drivers\BVRPMPR5a64.sys [35840 2010-06-06] (Avanquest Software)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [350952 2010-08-12] (NVIDIA Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-02 11:42 - 2012-05-02 11:13 - 0001806 ____A C:\Users\winston\Desktop\aswMBR.txt
2012-05-02 11:42 - 2011-12-16 07:54 - 0000512 ____A C:\Users\winston\Desktop\MBR.dat
2012-05-02 11:22 - 2010-10-03 07:01 - 0120788 ____A C:\Users\winston\Desktop\TDSSKiller.2.7.34.0_02.05.2012_14.15.11_log.txt
2012-05-02 11:15 - 2012-04-30 13:49 - 0120870 ____A C:\TDSSKiller.2.7.34.0_02.05.2012_14.15.11_log.txt
2012-05-02 11:14 - 2012-05-02 11:16 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\winston\Desktop\TDSSKiller.exe
2012-05-02 11:13 - 2012-05-01 07:02 - 0000348 ____A C:\TDSSKiller.2.7.33.0_02.05.2012_14.13.25_log.txt
2012-05-02 11:13 - - 4731392 ____A (AVAST Software) C:\Users\winston\Desktop\aswMBR.exe
2012-05-02 05:38 - 2012-05-02 05:14 - 0038045 ____A C:\Users\winston\Desktop\combofix05022012.txt
2012-05-02 05:31 - 2012-04-13 02:28 - 0038045 ____A C:\ComboFix.txt
2012-05-02 05:26 - - 0000000 ____D C:\$RECYCLE.BIN
2012-05-02 05:17 - 2012-05-01 16:55 - 0000741 ____A C:\Users\winston\Desktop\checkup.txt
2012-05-02 05:14 - 2012-05-02 05:17 - 4481533 ____R (Swearware) C:\Users\winston\Desktop\ComboFix.exe
2012-05-02 05:13 - 2011-10-25 16:49 - 0879714 ____A C:\Users\winston\Desktop\SecurityCheck.exe
2012-05-01 18:04 - 2012-05-02 11:42 - 0015244 ____A C:\Users\winston\Desktop\Nmc_2012-05-01_21-04-31.log
2012-05-01 16:55 - 2012-05-01 16:39 - 0000017 ____A C:\Users\winston\Desktop\bleepingcomputerpassword.txt
2012-05-01 16:39 - 2012-05-02 11:42 - 0017662 ____A C:\Users\winston\Desktop\Attach.txt
2012-05-01 16:39 - 2012-05-01 16:33 - 0013631 ____A C:\Users\winston\Desktop\DDS.txt
2012-05-01 16:34 - 2012-02-18 04:02 - 0607260 ____A (Swearware) C:\Users\winston\Downloads\dds.scr
2012-05-01 16:33 - 2011-12-23 09:55 - 0607260 ____R (Swearware) C:\Users\winston\Desktop\dds.scr
2012-05-01 16:31 - 2012-05-01 16:30 - 0000476 ____A C:\Users\winston\Desktop\defogger_disable.log
2012-05-01 16:31 - 2009-11-05 09:31 - 0000000 ____A C:\Users\winston\defogger_reenable
2012-05-01 16:30 - 2012-05-01 16:39 - 0050477 ____A C:\Users\winston\Desktop\Defogger.exe
2012-05-01 07:17 - 2012-04-26 19:26 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-01 07:17 - 2011-12-21 17:44 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-01 07:17 - 2011-12-21 17:44 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-01 07:17 - 2009-11-05 11:01 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-01 07:17 - 2009-11-05 01:11 - 0000000 ____D C:\Users\winston\AppData\Roaming\Malwarebytes
2012-05-01 06:54 - 2009-07-13 20:49 - 0000246 ____A C:\Users\winston\Desktop\[In Progress] Redirect Issue..url
2012-05-01 06:49 - 2012-04-30 13:40 - 0120870 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_09.49.09_log.txt
2012-05-01 04:18 - 2012-05-01 04:18 - 0106867 ____A C:\Users\winston\AppData\Local\census.cache
2012-05-01 04:18 - 2011-04-07 08:17 - 0072849 ____A C:\Users\winston\AppData\Local\ars.cache
2012-05-01 04:14 - 2009-06-10 13:14 - 0200976 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
2012-05-01 04:13 - 2009-11-05 09:31 - 0000036 ____A C:\Users\winston\AppData\Local\housecall.guid.cache
2012-04-30 19:44 - 2012-05-02 15:23 - 0000000 ____A C:\Windows\setuperr.log
2012-04-30 19:44 - 2011-06-25 22:45 - 0001600 ____A C:\Windows\PFRO.log
2012-04-30 19:44 - 2009-07-13 20:45 - 0001074 ____A C:\Windows\setupact.log
2012-04-30 19:41 - 2010-03-11 07:41 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-30 19:18 - 2011-03-04 02:28 - 0001264 ____A C:\Users\winston\Desktop\Revo Uninstaller.lnk
2012-04-30 19:18 - 2009-11-19 10:39 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-04-30 19:03 - 2011-12-22 13:55 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 19:03 - 2011-12-22 13:55 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-30 18:52 - 2012-04-30 19:03 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 18:52 - 2012-04-30 19:03 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2012-04-30 18:51 - 2012-05-01 07:17 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-30 18:51 - 2010-08-12 09:07 - 0011164 ____A C:\Windows\System32\Drivers\nvphy.bin
2012-04-30 18:51 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 18:51 - 2009-07-13 17:40 - 0758272 ____A (NVIDIA Corporation) C:\Windows\System32\cohelper.dll
2012-04-30 18:48 - 2009-07-13 20:49 - 0001266 ____A C:\Users\winston\Desktop\Windows Update.lnk
2012-04-30 16:52 - 2012-01-11 00:19 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-30 16:52 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-30 16:51 - 2010-11-12 08:25 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-30 16:51 - 2010-11-12 08:25 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-30 16:51 - 2009-12-23 04:26 - 0000000 ____D C:\Users\winston\AppData\Roaming\SUPERAntiSpyware.com
2012-04-30 15:35 - 2009-11-05 09:30 - 0000395 ____A C:\rkill.log
2012-04-30 13:59 - - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-30 13:41 - 2012-05-02 11:13 - 0118240 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_16.41.24_log.txt
2012-04-30 13:41 - 2011-12-23 09:35 - 0000000 ____D C:\Users\winston\Documents\tdsskiller
2012-04-30 13:40 - 2012-04-30 19:27 - 0000348 ____A C:\TDSSKiller.2.6.21.0_30.04.2012_16.40.47_log.txt
2012-04-30 13:02 - 2009-07-13 17:41 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-30 13:02 - 2009-07-13 17:16 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-30 13:02 - 2009-07-13 17:16 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-27 12:21 - 2012-05-02 05:31 - 0000000 ____D C:\Quarantine
2012-04-27 09:56 - 2010-03-23 11:47 - 0000000 ____D C:\Users\winston\AppData\Local\Norman Malware Cleaner
2012-04-27 09:21 - 2012-05-02 15:24 - 0000000 ____D C:\Windows\system64
2012-04-27 08:56 - 2009-07-13 21:08 - 0000000 ____D C:\Users\All Users\B7E85B35000435DB00703F80B4EB2331
2012-04-27 08:56 - 2009-07-13 21:08 - 0000000 ____D C:\ProgramData\B7E85B35000435DB00703F80B4EB2331
2012-04-26 19:26 - 2011-11-16 12:57 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-26 19:25 - 2012-04-29 02:58 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-26 19:25 - 2012-04-26 19:25 - 0000000 ____D C:\Program Files\iTunes
2012-04-26 19:25 - 2012-04-12 00:22 - 0000000 ____D C:\Program Files\iPod
2012-04-26 19:21 - 2010-11-20 05:26 - 0000628 ____A C:\Windows\System32\mapisvc.inf
2012-04-26 07:26 - 2009-11-05 01:08 - 0001228 ____A C:\Users\winston\Desktop\Windows Explorer.lnk
2012-04-18 12:27 - 2012-04-18 12:27 - 0000176 ____A C:\Users\All Users\-FfCnNQ74GEcl6sr
2012-04-18 12:27 - 2012-04-18 12:27 - 0000176 ____A C:\ProgramData\-FfCnNQ74GEcl6sr
2012-04-18 12:27 - - 0000000 ____A C:\Users\All Users\-FfCnNQ74GEcl6s
2012-04-18 12:27 - - 0000000 ____A C:\ProgramData\-FfCnNQ74GEcl6s
2012-04-14 13:08 - - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2012-04-14 13:08 - - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2012-04-14 13:08 - - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2012-04-14 13:08 - - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2012-04-13 02:28 - 2009-11-05 09:06 - 0000000 ____D C:\Cache
2012-04-13 00:00 - 2012-04-13 00:00 - 0065536 __ASH C:\Windows\System32\config\components{4a6b6411-9dcc-11e0-9c6a-00251133d842}.TxR.blf
2012-04-12 00:02 - 2012-04-12 00:00 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-12 00:02 - 2012-02-27 23:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-12 00:02 - 2012-02-27 22:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-12 00:02 - 2012-02-27 22:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-12 00:02 - 2012-02-27 22:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-12 00:02 - 2012-02-27 22:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-12 00:02 - 2012-02-27 17:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-12 00:02 - 2012-02-27 17:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-12 00:02 - 2012-02-27 17:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-12 00:02 - 2012-02-27 17:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-12 00:02 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-12 00:02 - 2011-06-11 23:52 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-12 00:02 - 2011-05-02 21:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-12 00:02 - 2011-05-02 20:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-12 00:02 - 2010-11-20 05:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-12 00:02 - 2010-11-20 04:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-12 00:02 - 2009-07-13 17:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-12 00:02 - 2009-07-13 17:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-12 00:02 - 2009-07-13 17:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-12 00:02 - 2009-07-13 17:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-12 00:00 - 2009-07-13 17:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-12 00:00 - 2009-07-13 17:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-12 00:00 - 2009-07-13 17:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-12 00:00 - 2009-07-13 17:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-12 00:00 - 2009-07-13 17:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-12 00:00 - 2009-07-13 17:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-12 00:00 - 2009-07-13 17:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll

============ 3 Months Modified Files and Folders =============

2012-05-02 18:36 - 2012-05-02 18:35 - 0000000 ____D C:\FRST
2012-05-02 15:30 - 2009-11-05 09:11 - 1257228 ____A C:\Windows\WindowsUpdate.log
2012-05-02 15:24 - 2009-07-13 21:13 - 0742268 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-02 15:23 - 2012-04-30 19:44 - 0001074 ____A C:\Windows\setupact.log
2012-05-02 14:39 - 2009-11-19 10:25 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-02 11:42 - 2012-05-02 11:42 - 0001806 ____A C:\Users\winston\Desktop\aswMBR.txt
2012-05-02 11:42 - 2012-05-02 11:42 - 0000512 ____A C:\Users\winston\Desktop\MBR.dat
2012-05-02 11:23 - 2012-05-02 11:15 - 0120870 ____A C:\TDSSKiller.2.7.34.0_02.05.2012_14.15.11_log.txt
2012-05-02 11:16 - 2012-05-02 11:22 - 0120788 ____A C:\Users\winston\Desktop\TDSSKiller.2.7.34.0_02.05.2012_14.15.11_log.txt
2012-05-02 11:14 - 2012-05-02 11:14 - 2075184 ____A (Kaspersky Lab ZAO) C:\Users\winston\Desktop\TDSSKiller.exe
2012-05-02 11:14 - 2011-12-22 13:40 - 0000000 ____D C:\computer doctor
2012-05-02 11:13 - 2012-05-02 11:13 - 4731392 ____A (AVAST Software) C:\Users\winston\Desktop\aswMBR.exe
2012-05-02 11:13 - 2012-05-02 11:13 - 0000348 ____A C:\TDSSKiller.2.7.33.0_02.05.2012_14.13.25_log.txt
2012-05-02 08:39 - 2009-11-19 10:25 - 0000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-02 05:38 - 2012-05-02 05:38 - 0038045 ____A C:\Users\winston\Desktop\combofix05022012.txt
2012-05-02 05:35 - 2009-07-13 20:45 - 0015168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-02 05:35 - 2009-07-13 20:45 - 0015168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-02 05:31 - 2012-05-02 05:31 - 0038045 ____A C:\ComboFix.txt
2012-05-02 05:31 - 2011-12-22 13:41 - 0000000 ____D C:\Qoobox
2012-05-02 05:26 - 2012-05-02 05:26 - 0000000 ____D C:\$RECYCLE.BIN
2012-05-02 05:26 - 2012-04-30 13:59 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-02 05:26 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-02 05:25 - 2012-04-30 19:44 - 0001600 ____A C:\Windows\PFRO.log
2012-05-02 05:25 - 2009-11-05 09:07 - 3119374336 __ASH C:\hiberfil.sys
2012-05-02 05:25 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-02 05:17 - 2012-05-02 05:17 - 0000741 ____A C:\Users\winston\Desktop\checkup.txt
2012-05-02 05:14 - 2012-05-02 05:14 - 4481533 ____R (Swearware) C:\Users\winston\Desktop\ComboFix.exe
2012-05-02 05:13 - 2012-05-02 05:13 - 0879714 ____A C:\Users\winston\Desktop\SecurityCheck.exe
2012-05-01 19:55 - 2012-05-01 18:04 - 0015244 ____A C:\Users\winston\Desktop\Nmc_2012-05-01_21-04-31.log
2012-05-01 16:55 - 2012-05-01 16:55 - 0000017 ____A C:\Users\winston\Desktop\bleepingcomputerpassword.txt
2012-05-01 16:39 - 2012-05-01 16:39 - 0017662 ____A C:\Users\winston\Desktop\Attach.txt
2012-05-01 16:39 - 2012-05-01 16:39 - 0013631 ____A C:\Users\winston\Desktop\DDS.txt
2012-05-01 16:34 - 2012-05-01 16:34 - 0607260 ____A (Swearware) C:\Users\winston\Downloads\dds.scr
2012-05-01 16:33 - 2012-05-01 16:33 - 0607260 ____R (Swearware) C:\Users\winston\Desktop\dds.scr
2012-05-01 16:31 - 2012-05-01 16:31 - 0000476 ____A C:\Users\winston\Desktop\defogger_disable.log
2012-05-01 16:31 - 2012-05-01 16:31 - 0000000 ____A C:\Users\winston\defogger_reenable
2012-05-01 16:31 - 2009-11-05 09:31 - 0000000 ____D C:\users\winston
2012-05-01 16:30 - 2012-05-01 16:30 - 0050477 ____A C:\Users\winston\Desktop\Defogger.exe
2012-05-01 11:41 - 2009-11-19 10:26 - 0002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-05-01 07:17 - 2012-05-01 07:17 - 0001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-05-01 07:17 - 2012-05-01 07:17 - 0000000 ____D C:\Users\winston\AppData\Roaming\Malwarebytes
2012-05-01 07:17 - 2012-05-01 07:17 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-01 07:17 - 2012-05-01 07:17 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-01 07:17 - 2012-05-01 07:17 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-01 07:02 - 2012-05-01 06:49 - 0120870 ____A C:\TDSSKiller.2.7.33.0_01.05.2012_09.49.09_log.txt
2012-05-01 06:54 - 2012-05-01 06:54 - 0000246 ____A C:\Users\winston\Desktop\[In Progress] Redirect Issue..url
2012-05-01 06:38 - 2012-04-30 15:35 - 0000395 ____A C:\rkill.log
2012-05-01 04:18 - 2012-05-01 04:18 - 0106867 ____A C:\Users\winston\AppData\Local\census.cache
2012-05-01 04:18 - 2012-05-01 04:18 - 0072849 ____A C:\Users\winston\AppData\Local\ars.cache
2012-05-01 04:13 - 2012-05-01 04:13 - 0000036 ____A C:\Users\winston\AppData\Local\housecall.guid.cache
2012-04-30 19:44 - 2012-04-30 19:44 - 0000000 ____A C:\Windows\setuperr.log
2012-04-30 19:42 - 2009-11-05 01:11 - 0000000 ____D C:\Users\winston\AppData\Roaming\Adobe
2012-04-30 19:41 - 2012-04-30 19:41 - 0002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-04-30 19:41 - 2010-03-11 07:41 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-30 19:41 - 2010-03-11 07:40 - 0000000 ____D C:\Users\All Users\Adobe
2012-04-30 19:41 - 2010-03-11 07:40 - 0000000 ____D C:\ProgramData\Adobe
2012-04-30 19:40 - 2010-03-11 07:40 - 0000000 ____D C:\Users\winston\AppData\Local\Adobe
2012-04-30 19:38 - 2010-07-06 14:10 - 0000000 ____D C:\Windows\Minidump
2012-04-30 19:18 - 2012-04-30 19:18 - 0001264 ____A C:\Users\winston\Desktop\Revo Uninstaller.lnk
2012-04-30 19:18 - 2012-04-30 19:18 - 0000000 ____D C:\Program Files (x86)\VS Revo Group
2012-04-30 19:03 - 2012-04-30 19:03 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-30 19:03 - 2012-04-30 19:03 - 0000000 ____D C:\ProgramData\NVIDIA
2012-04-30 18:53 - 2012-04-30 18:51 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-30 18:53 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-30 18:52 - 2012-04-30 18:52 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-30 18:52 - 2012-04-30 18:52 - 0000000 ____D C:\ProgramData\NVIDIA Corporation
2012-04-30 18:51 - 2012-04-30 18:51 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-30 18:51 - 2011-12-22 13:55 - 0755926 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-30 18:51 - 2011-12-22 13:55 - 0001945 ____A C:\Windows\epplauncher.mif
2012-04-30 18:51 - 2011-12-22 13:55 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-30 16:52 - 2012-04-30 16:52 - 0001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-04-30 16:52 - 2012-04-30 16:52 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-30 16:51 - 2012-04-30 16:51 - 0000000 ____D C:\Users\winston\AppData\Roaming\SUPERAntiSpyware.com
2012-04-30 16:51 - 2012-04-30 16:51 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-30 16:51 - 2012-04-30 16:51 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-30 13:49 - 2012-04-30 13:41 - 0118240 ____A C:\TDSSKiller.2.7.33.0_30.04.2012_16.41.24_log.txt
2012-04-30 13:41 - 2012-04-30 13:41 - 0000000 ____D C:\Users\winston\Documents\tdsskiller
2012-04-30 13:40 - 2012-04-30 13:40 - 0000348 ____A C:\TDSSKiller.2.6.21.0_30.04.2012_16.40.47_log.txt
2012-04-28 07:23 - 2012-04-27 08:56 - 0000000 ____D C:\Users\All Users\B7E85B35000435DB00703F80B4EB2331
2012-04-28 07:23 - 2012-04-27 08:56 - 0000000 ____D C:\ProgramData\B7E85B35000435DB00703F80B4EB2331
2012-04-27 12:21 - 2012-04-27 12:21 - 0000000 ____D C:\Quarantine
2012-04-27 09:56 - 2012-04-27 09:56 - 0000000 ____D C:\Users\winston\AppData\Local\Norman Malware Cleaner
2012-04-27 09:21 - 2012-04-27 09:21 - 0000000 ____D C:\Windows\system64
2012-04-27 08:27 - 2011-12-21 17:27 - 0000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-04-27 08:27 - 2011-12-21 17:27 - 0000000 ____D C:\Program Files\CCleaner
2012-04-27 06:03 - 2009-11-19 09:35 - 0000000 ____D C:\Users\winston\AppData\Roaming\Apple Computer
2012-04-26 19:26 - 2012-04-26 19:26 - 0001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-04-26 19:26 - 2012-04-26 19:25 - 0000000 ____D C:\Program Files\iTunes
2012-04-26 19:26 - 2012-04-26 19:25 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-26 19:25 - 2012-04-26 19:25 - 0000000 ____D C:\Program Files\iPod
2012-04-26 19:21 - 2012-04-26 19:21 - 0000628 ____A C:\Windows\System32\mapisvc.inf
2012-04-26 19:21 - 2009-11-19 09:33 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-18 12:27 - 2012-04-18 12:27 - 0000176 ____A C:\Users\All Users\-FfCnNQ74GEcl6sr
2012-04-18 12:27 - 2012-04-18 12:27 - 0000176 ____A C:\ProgramData\-FfCnNQ74GEcl6sr
2012-04-18 12:27 - 2012-04-18 12:27 - 0000000 ____A C:\Users\All Users\-FfCnNQ74GEcl6s
2012-04-18 12:27 - 2012-04-18 12:27 - 0000000 ____A C:\ProgramData\-FfCnNQ74GEcl6s
2012-04-17 03:08 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-17 03:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-17 00:11 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-14 13:08 - 2012-04-14 13:08 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2012-04-14 13:08 - 2012-04-14 13:08 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2012-04-14 13:08 - 2012-04-14 13:08 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2012-04-14 13:08 - 2012-04-14 13:08 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2012-04-13 13:48 - 2010-03-10 04:56 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-13 13:48 - 2010-03-10 04:56 - 0000000 ____D C:\ProgramData\Yahoo! Companion
2012-04-13 13:48 - 2010-03-10 04:56 - 0000000 ____D C:\Program Files (x86)\Yahoo!
2012-04-13 02:28 - 2012-04-13 02:28 - 0000000 ____D C:\Cache
2012-04-13 00:00 - 2012-04-13 00:00 - 0065536 __ASH C:\Windows\System32\config\components{4a6b6411-9dcc-11e0-9c6a-00251133d842}.TxR.blf
2012-04-12 00:02 - 2012-04-12 00:02 - 0000129 ____A C:\Windows\System32\MRT.INI
2012-04-12 00:00 - 2009-12-23 04:22 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-04 12:56 - 2011-12-21 17:51 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-22 11:32 - 2009-11-19 10:25 - 0000000 ____D C:\Users\winston\AppData\Local\Google
2012-03-20 17:44 - 2011-04-27 13:25 - 0098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-20 17:44 - 2011-04-18 11:18 - 0203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-14 09:00 - 2011-06-05 23:07 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-03-14 00:20 - 2009-07-13 20:45 - 0283168 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 00:19 - 2011-01-11 14:34 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-03-05 22:53 - 2012-04-30 13:02 - 5559152 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-05 21:59 - 2012-04-30 13:02 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-05 21:59 - 2012-04-30 13:02 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-02-29 22:46 - 2012-04-12 00:00 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:38 - 2012-04-12 00:00 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:33 - 2012-04-12 00:00 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:28 - 2012-04-12 00:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:37 - 2012-04-12 00:00 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:33 - 2012-04-12 00:00 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:29 - 2012-04-12 00:00 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-27 23:34 - 2012-04-12 00:02 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-12 00:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-12 00:02 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-12 00:02 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-12 00:02 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-12 00:02 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-12 00:02 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-12 00:02 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-12 00:02 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-12 00:02 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-12 00:02 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-12 00:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-12 00:02 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-12 00:02 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-12 00:02 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-12 00:02 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-12 00:02 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-12 00:02 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-12 00:02 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-12 00:02 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-12 00:02 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-12 00:02 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-12 00:02 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-12 00:02 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-12 00:02 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-12 00:02 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-18 04:48 - 2009-11-05 01:08 - 0000000 ____D C:\Users\winston\Documents\RCA easyRip
2012-02-18 04:14 - 2012-02-18 04:14 - 0454656 ____A C:\Users\winston\Downloads\Big_Eye_12 (1).mdb
2012-02-18 04:02 - 2012-02-18 04:02 - 0454656 ____A C:\Users\winston\Downloads\Big_Eye_12.mdb
2012-02-16 22:38 - 2012-03-13 23:17 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-16 21:34 - 2012-03-13 23:17 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-16 20:58 - 2012-03-13 23:17 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-16 20:57 - 2012-03-13 23:17 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-15 01:28 - 2009-11-05 09:31 - 0000174 ___SH C:\Users\winston\Start Menu\Programs\Startup\desktop.ini
2012-02-15 01:28 - 2009-11-05 09:31 - 0000174 ___SH C:\Users\winston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-09 22:36 - 2012-03-13 23:17 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:38 - 2012-03-13 23:17 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-09 12:47 - 2011-12-23 12:42 - 0000000 ____D C:\Users\winston\AppData\Local\ElevatedDiagnostics
2012-02-05 02:10 - 2012-02-05 02:10 - 2067199 ____A C:\Users\winston\Downloads\=_iso-8859-1_Q_Probleml=F6sungen.pdf_=

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3966.49 MB
Available physical RAM: 3393.93 MB
Total Pagefile: 3964.64 MB
Available Pagefile: 3376.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:14.99 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
3 Drive e: () (Removable) (Total:3.88 GB) (Free:1.16 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 9 MB
Disk 1 Online 3976 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 3976 MB 0 B

======================================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-04-30 18:45

======================= End Of Log ==========================

#9 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 09:16 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo

#10 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 09:38 PM

The FixTDSS tool said "Suspicious use of kernel callback but MBR appears intact. Repair not done. No infections found.

This is the TDSSKILLER report!!!

21:30:35.0185 0560 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:30:35.0560 0560 ============================================================
21:30:35.0560 0560 Current date / time: 2012/05/02 21:30:35.0560
21:30:35.0560 0560 SystemInfo:
21:30:35.0560 0560
21:30:35.0560 0560 OS Version: 6.1.7601 ServicePack: 1.0
21:30:35.0560 0560 Product type: Workstation
21:30:35.0560 0560 ComputerName: WINSTON-PC
21:30:35.0560 0560 UserName: winston
21:30:35.0560 0560 Windows directory: C:\Windows
21:30:35.0560 0560 System windows directory: C:\Windows
21:30:35.0560 0560 Running under WOW64
21:30:35.0560 0560 Processor architecture: Intel x64
21:30:35.0560 0560 Number of processors: 4
21:30:35.0560 0560 Page size: 0x1000
21:30:35.0560 0560 Boot type: Normal boot
21:30:35.0560 0560 ============================================================
21:30:38.0056 0560 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:38.0056 0560 ============================================================
21:30:38.0056 0560 \Device\Harddisk0\DR0:
21:30:38.0056 0560 MBR partitions:
21:30:38.0056 0560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
21:30:38.0056 0560 ============================================================
21:30:38.0071 0560 C: <-> \Device\Harddisk0\DR0\Partition0
21:30:38.0071 0560 ============================================================
21:30:38.0071 0560 Initialize success
21:30:38.0071 0560 ============================================================
21:30:44.0545 2284 ============================================================
21:30:44.0545 2284 Scan started
21:30:44.0545 2284 Mode: Manual; SigCheck; TDLFS;
21:30:44.0545 2284 ============================================================
21:30:45.0622 2284 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:30:45.0653 2284 !SASCORE - ok
21:30:45.0793 2284 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:30:45.0887 2284 1394ohci - ok
21:30:45.0949 2284 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:30:45.0981 2284 ACPI - ok
21:30:46.0012 2284 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:30:46.0059 2284 AcpiPmi - ok
21:30:46.0183 2284 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:30:46.0183 2284 AdobeARMservice - ok
21:30:46.0230 2284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:30:46.0293 2284 adp94xx - ok
21:30:46.0324 2284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:30:46.0371 2284 adpahci - ok
21:30:46.0402 2284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:30:46.0417 2284 adpu320 - ok
21:30:46.0449 2284 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:30:46.0651 2284 AeLookupSvc - ok
21:30:46.0729 2284 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:30:46.0823 2284 AFD - ok
21:30:46.0854 2284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:30:46.0870 2284 agp440 - ok
21:30:46.0870 2284 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:30:46.0917 2284 ALG - ok
21:30:46.0948 2284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:30:46.0948 2284 aliide - ok
21:30:46.0963 2284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:30:46.0979 2284 amdide - ok
21:30:46.0995 2284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:30:47.0041 2284 AmdK8 - ok
21:30:47.0073 2284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:30:47.0104 2284 AmdPPM - ok
21:30:47.0151 2284 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:30:47.0166 2284 amdsata - ok
21:30:47.0197 2284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:30:47.0213 2284 amdsbs - ok
21:30:47.0229 2284 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:30:47.0229 2284 amdxata - ok
21:30:47.0275 2284 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:30:47.0463 2284 AppID - ok
21:30:47.0478 2284 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:30:47.0556 2284 AppIDSvc - ok
21:30:47.0587 2284 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:30:47.0650 2284 Appinfo - ok
21:30:47.0759 2284 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:30:47.0759 2284 Apple Mobile Device - ok
21:30:47.0790 2284 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:30:47.0806 2284 AppMgmt - ok
21:30:47.0821 2284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:30:47.0837 2284 arc - ok
21:30:47.0837 2284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:30:47.0853 2284 arcsas - ok
21:30:47.0899 2284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:47.0962 2284 AsyncMac - ok
21:30:48.0024 2284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:30:48.0040 2284 atapi - ok
21:30:48.0102 2284 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:30:48.0180 2284 AudioEndpointBuilder - ok
21:30:48.0196 2284 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:30:48.0243 2284 AudioSrv - ok
21:30:48.0274 2284 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:30:48.0321 2284 AxInstSV - ok
21:30:48.0367 2284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:30:48.0414 2284 b06bdrv - ok
21:30:48.0445 2284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:48.0523 2284 b57nd60a - ok
21:30:48.0617 2284 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:30:48.0648 2284 BDESVC - ok
21:30:48.0695 2284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:30:48.0742 2284 Beep - ok
21:30:48.0835 2284 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:30:48.0945 2284 BFE - ok
21:30:49.0023 2284 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:30:49.0116 2284 BITS - ok
21:30:49.0179 2284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:30:49.0210 2284 blbdrive - ok
21:30:49.0303 2284 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:30:49.0319 2284 Bonjour Service - ok
21:30:49.0381 2284 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:30:49.0397 2284 bowser - ok
21:30:49.0428 2284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:30:49.0506 2284 BrFiltLo - ok
21:30:49.0522 2284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:30:49.0522 2284 BrFiltUp - ok
21:30:49.0553 2284 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:30:49.0615 2284 BridgeMP - ok
21:30:49.0662 2284 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:30:49.0740 2284 Browser - ok
21:30:49.0771 2284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:30:49.0849 2284 Brserid - ok
21:30:49.0881 2284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:30:49.0927 2284 BrSerWdm - ok
21:30:49.0943 2284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:30:49.0959 2284 BrUsbMdm - ok
21:30:49.0959 2284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:30:50.0005 2284 BrUsbSer - ok
21:30:50.0021 2284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:30:50.0068 2284 BTHMODEM - ok
21:30:50.0099 2284 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:30:50.0161 2284 bthserv - ok
21:30:50.0224 2284 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
21:30:50.0255 2284 BVRPMPR5a64 - ok
21:30:50.0271 2284 catchme - ok
21:30:50.0302 2284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:30:50.0364 2284 cdfs - ok
21:30:50.0427 2284 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:30:50.0458 2284 cdrom - ok
21:30:50.0505 2284 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:30:50.0567 2284 CertPropSvc - ok
21:30:50.0583 2284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:30:50.0629 2284 circlass - ok
21:30:50.0676 2284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:30:50.0723 2284 CLFS - ok
21:30:50.0785 2284 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:50.0801 2284 clr_optimization_v2.0.50727_32 - ok
21:30:50.0863 2284 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:50.0879 2284 clr_optimization_v2.0.50727_64 - ok
21:30:50.0973 2284 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:51.0019 2284 clr_optimization_v4.0.30319_32 - ok
21:30:51.0066 2284 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:51.0082 2284 clr_optimization_v4.0.30319_64 - ok
21:30:51.0097 2284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:51.0129 2284 CmBatt - ok
21:30:51.0191 2284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:30:51.0207 2284 cmdide - ok
21:30:51.0238 2284 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:30:51.0316 2284 CNG - ok
21:30:51.0331 2284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:30:51.0347 2284 Compbatt - ok
21:30:51.0394 2284 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:30:51.0425 2284 CompositeBus - ok
21:30:51.0425 2284 COMSysApp - ok
21:30:51.0456 2284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:30:51.0456 2284 crcdisk - ok
21:30:51.0503 2284 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:30:51.0612 2284 CryptSvc - ok
21:30:51.0721 2284 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:30:51.0784 2284 CSC - ok
21:30:51.0831 2284 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:30:51.0893 2284 CscService - ok
21:30:51.0940 2284 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:30:52.0018 2284 DcomLaunch - ok
21:30:52.0065 2284 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:30:52.0158 2284 defragsvc - ok
21:30:52.0252 2284 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:30:52.0314 2284 DfsC - ok
21:30:52.0345 2284 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:30:52.0423 2284 Dhcp - ok
21:30:52.0470 2284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:30:52.0517 2284 discache - ok
21:30:52.0564 2284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:30:52.0564 2284 Disk - ok
21:30:52.0611 2284 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:30:52.0642 2284 Dnscache - ok
21:30:52.0689 2284 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:30:52.0782 2284 dot3svc - ok
21:30:52.0813 2284 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:30:52.0891 2284 DPS - ok
21:30:52.0907 2284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:30:52.0954 2284 drmkaud - ok
21:30:53.0032 2284 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:30:53.0063 2284 DXGKrnl - ok
21:30:53.0094 2284 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:30:53.0141 2284 EapHost - ok
21:30:53.0297 2284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:30:53.0406 2284 ebdrv - ok
21:30:53.0484 2284 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:30:53.0531 2284 EFS - ok
21:30:53.0609 2284 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:30:53.0703 2284 ehRecvr - ok
21:30:53.0718 2284 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:30:53.0749 2284 ehSched - ok
21:30:53.0796 2284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:30:53.0874 2284 elxstor - ok
21:30:53.0905 2284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:30:53.0937 2284 ErrDev - ok
21:30:53.0983 2284 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:30:54.0093 2284 EventSystem - ok
21:30:54.0124 2284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:30:54.0186 2284 exfat - ok
21:30:54.0217 2284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:30:54.0264 2284 fastfat - ok
21:30:54.0327 2284 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:30:54.0389 2284 Fax - ok
21:30:54.0405 2284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:30:54.0451 2284 fdc - ok
21:30:54.0467 2284 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:30:54.0545 2284 fdPHost - ok
21:30:54.0561 2284 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:30:54.0623 2284 FDResPub - ok
21:30:54.0670 2284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:30:54.0670 2284 FileInfo - ok
21:30:54.0685 2284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:30:54.0748 2284 Filetrace - ok
21:30:54.0795 2284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:30:54.0795 2284 flpydisk - ok
21:30:54.0857 2284 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:30:54.0873 2284 FltMgr - ok
21:30:54.0966 2284 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:30:55.0044 2284 FontCache - ok
21:30:55.0138 2284 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:55.0138 2284 FontCache3.0.0.0 - ok
21:30:55.0169 2284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:30:55.0185 2284 FsDepends - ok
21:30:55.0216 2284 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:30:55.0231 2284 Fs_Rec - ok
21:30:55.0247 2284 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:30:55.0263 2284 fvevol - ok
21:30:55.0294 2284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:30:55.0309 2284 gagp30kx - ok
21:30:55.0356 2284 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:30:55.0372 2284 GEARAspiWDM - ok
21:30:55.0434 2284 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:30:55.0528 2284 gpsvc - ok
21:30:55.0715 2284 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:55.0731 2284 gupdate - ok
21:30:55.0746 2284 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:55.0762 2284 gupdatem - ok
21:30:55.0809 2284 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:30:55.0824 2284 gusvc - ok
21:30:55.0840 2284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:30:55.0887 2284 hcw85cir - ok
21:30:55.0949 2284 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:30:55.0996 2284 HdAudAddService - ok
21:30:56.0043 2284 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:30:56.0074 2284 HDAudBus - ok
21:30:56.0089 2284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:30:56.0121 2284 HidBatt - ok
21:30:56.0152 2284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:30:56.0183 2284 HidBth - ok
21:30:56.0199 2284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:30:56.0214 2284 HidIr - ok
21:30:56.0245 2284 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:30:56.0308 2284 hidserv - ok
21:30:56.0339 2284 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:30:56.0355 2284 HidUsb - ok
21:30:56.0386 2284 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:30:56.0464 2284 hkmsvc - ok
21:30:56.0495 2284 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:30:56.0573 2284 HomeGroupListener - ok
21:30:56.0620 2284 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:30:56.0651 2284 HomeGroupProvider - ok
21:30:56.0729 2284 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:30:56.0729 2284 HpSAMD - ok
21:30:56.0807 2284 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:30:56.0885 2284 HTTP - ok
21:30:56.0932 2284 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:30:56.0932 2284 hwpolicy - ok
21:30:56.0963 2284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:30:56.0963 2284 i8042prt - ok
21:30:57.0041 2284 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:30:57.0088 2284 iaStorV - ok
21:30:57.0181 2284 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:57.0213 2284 idsvc - ok
21:30:57.0244 2284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:30:57.0259 2284 iirsp - ok
21:30:57.0306 2284 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:30:57.0400 2284 IKEEXT - ok
21:30:57.0431 2284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:30:57.0447 2284 intelide - ok
21:30:57.0447 2284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:30:57.0493 2284 intelppm - ok
21:30:57.0525 2284 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:30:57.0587 2284 IPBusEnum - ok
21:30:57.0618 2284 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:57.0681 2284 IpFilterDriver - ok
21:30:57.0759 2284 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:30:57.0868 2284 iphlpsvc - ok
21:30:57.0899 2284 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:30:57.0915 2284 IPMIDRV - ok
21:30:57.0946 2284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:30:58.0008 2284 IPNAT - ok
21:30:58.0102 2284 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:30:58.0180 2284 iPod Service - ok
21:30:58.0180 2284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:30:58.0227 2284 IRENUM - ok
21:30:58.0258 2284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:30:58.0273 2284 isapnp - ok
21:30:58.0320 2284 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:30:58.0367 2284 iScsiPrt - ok
21:30:58.0383 2284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:58.0398 2284 kbdclass - ok
21:30:58.0429 2284 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:58.0461 2284 kbdhid - ok
21:30:58.0507 2284 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:30:58.0507 2284 KeyIso - ok
21:30:58.0539 2284 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:30:58.0554 2284 KSecDD - ok
21:30:58.0585 2284 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:30:58.0601 2284 KSecPkg - ok
21:30:58.0617 2284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:30:58.0679 2284 ksthunk - ok
21:30:58.0726 2284 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:30:58.0835 2284 KtmRm - ok
21:30:58.0913 2284 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:30:58.0991 2284 LanmanServer - ok
21:30:59.0022 2284 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:30:59.0085 2284 LanmanWorkstation - ok
21:30:59.0116 2284 Lbd - ok
21:30:59.0131 2284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:30:59.0194 2284 lltdio - ok
21:30:59.0241 2284 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:30:59.0334 2284 lltdsvc - ok
21:30:59.0350 2284 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:30:59.0397 2284 lmhosts - ok
21:30:59.0397 2284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:30:59.0412 2284 LSI_FC - ok
21:30:59.0428 2284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:30:59.0443 2284 LSI_SAS - ok
21:30:59.0443 2284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:30:59.0459 2284 LSI_SAS2 - ok
21:30:59.0490 2284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:30:59.0506 2284 LSI_SCSI - ok
21:30:59.0521 2284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:30:59.0568 2284 luafv - ok
21:30:59.0615 2284 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:30:59.0646 2284 Mcx2Svc - ok
21:30:59.0677 2284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:30:59.0693 2284 megasas - ok
21:30:59.0709 2284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:30:59.0755 2284 MegaSR - ok
21:30:59.0787 2284 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:30:59.0849 2284 MMCSS - ok
21:30:59.0865 2284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:30:59.0927 2284 Modem - ok
21:31:00.0005 2284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:31:00.0036 2284 monitor - ok
21:31:00.0083 2284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:31:00.0099 2284 mouclass - ok
21:31:00.0114 2284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:31:00.0145 2284 mouhid - ok
21:31:00.0192 2284 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:31:00.0192 2284 mountmgr - ok
21:31:00.0239 2284 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:31:00.0255 2284 MpFilter - ok
21:31:00.0301 2284 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:31:00.0317 2284 mpio - ok
21:31:00.0317 2284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:31:00.0364 2284 mpsdrv - ok
21:31:00.0473 2284 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:31:00.0567 2284 MpsSvc - ok
21:31:00.0613 2284 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:31:00.0660 2284 MRxDAV - ok
21:31:00.0723 2284 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:31:00.0785 2284 mrxsmb - ok
21:31:00.0832 2284 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:31:00.0863 2284 mrxsmb10 - ok
21:31:00.0910 2284 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:31:00.0925 2284 mrxsmb20 - ok
21:31:00.0957 2284 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:31:00.0972 2284 msahci - ok
21:31:00.0988 2284 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:31:01.0003 2284 msdsm - ok
21:31:01.0019 2284 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:31:01.0050 2284 MSDTC - ok
21:31:01.0113 2284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:31:01.0144 2284 Msfs - ok
21:31:01.0159 2284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:31:01.0222 2284 mshidkmdf - ok
21:31:01.0253 2284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:31:01.0269 2284 msisadrv - ok
21:31:01.0300 2284 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:31:01.0362 2284 MSiSCSI - ok
21:31:01.0362 2284 msiserver - ok
21:31:01.0393 2284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:31:01.0440 2284 MSKSSRV - ok
21:31:01.0549 2284 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:31:01.0565 2284 MsMpSvc - ok
21:31:01.0565 2284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:31:01.0627 2284 MSPCLOCK - ok
21:31:01.0627 2284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:31:01.0674 2284 MSPQM - ok
21:31:01.0705 2284 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:31:01.0768 2284 MsRPC - ok
21:31:01.0799 2284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:31:01.0799 2284 mssmbios - ok
21:31:01.0815 2284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:31:01.0861 2284 MSTEE - ok
21:31:01.0893 2284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:31:01.0924 2284 MTConfig - ok
21:31:01.0955 2284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:31:01.0971 2284 Mup - ok
21:31:02.0017 2284 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:31:02.0127 2284 napagent - ok
21:31:02.0158 2284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:31:02.0205 2284 NativeWifiP - ok
21:31:02.0283 2284 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:31:02.0345 2284 NDIS - ok
21:31:02.0376 2284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:31:02.0423 2284 NdisCap - ok
21:31:02.0454 2284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:31:02.0501 2284 NdisTapi - ok
21:31:02.0532 2284 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:31:02.0595 2284 Ndisuio - ok
21:31:02.0641 2284 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:31:02.0704 2284 NdisWan - ok
21:31:02.0751 2284 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:31:02.0782 2284 NDProxy - ok
21:31:02.0797 2284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:31:02.0860 2284 NetBIOS - ok
21:31:02.0891 2284 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:31:02.0953 2284 NetBT - ok
21:31:02.0969 2284 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:02.0985 2284 Netlogon - ok
21:31:03.0016 2284 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:31:03.0125 2284 Netman - ok
21:31:03.0172 2284 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:31:03.0281 2284 netprofm - ok
21:31:03.0375 2284 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:31:03.0375 2284 NetTcpPortSharing - ok
21:31:03.0406 2284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:31:03.0421 2284 nfrd960 - ok
21:31:03.0453 2284 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:31:03.0468 2284 NisDrv - ok
21:31:03.0546 2284 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:31:03.0609 2284 NisSrv - ok
21:31:03.0655 2284 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:31:03.0749 2284 NlaSvc - ok
21:31:03.0796 2284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:31:03.0827 2284 Npfs - ok
21:31:03.0843 2284 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:31:03.0889 2284 nsi - ok
21:31:03.0905 2284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:31:03.0967 2284 nsiproxy - ok
21:31:04.0077 2284 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:31:04.0139 2284 Ntfs - ok
21:31:04.0233 2284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:31:04.0295 2284 Null - ok
21:31:04.0342 2284 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:31:04.0420 2284 NVENETFD - ok
21:31:04.0966 2284 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:31:05.0169 2284 nvlddmkm - ok
21:31:05.0262 2284 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:31:05.0278 2284 NVNET - ok
21:31:05.0325 2284 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:31:05.0340 2284 nvraid - ok
21:31:05.0387 2284 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:31:05.0403 2284 nvstor - ok
21:31:05.0449 2284 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
21:31:05.0449 2284 nvsvc - ok
21:31:05.0496 2284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:31:05.0512 2284 nv_agp - ok
21:31:05.0559 2284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:31:05.0590 2284 ohci1394 - ok
21:31:05.0621 2284 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:05.0668 2284 p2pimsvc - ok
21:31:05.0715 2284 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:31:05.0793 2284 p2psvc - ok
21:31:05.0824 2284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:31:05.0839 2284 Parport - ok
21:31:05.0886 2284 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:31:05.0886 2284 partmgr - ok
21:31:05.0902 2284 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:31:05.0949 2284 PcaSvc - ok
21:31:06.0011 2284 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:31:06.0027 2284 pci - ok
21:31:06.0027 2284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:31:06.0042 2284 pciide - ok
21:31:06.0058 2284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:31:06.0089 2284 pcmcia - ok
21:31:06.0105 2284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:31:06.0105 2284 pcw - ok
21:31:06.0151 2284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:31:06.0261 2284 PEAUTH - ok
21:31:06.0339 2284 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:31:06.0417 2284 PeerDistSvc - ok
21:31:06.0479 2284 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:31:06.0510 2284 PerfHost - ok
21:31:06.0713 2284 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:31:06.0807 2284 pla - ok
21:31:06.0853 2284 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:31:06.0931 2284 PlugPlay - ok
21:31:06.0963 2284 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:31:06.0978 2284 PNRPAutoReg - ok
21:31:06.0994 2284 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:31:07.0009 2284 PNRPsvc - ok
21:31:07.0072 2284 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:31:07.0150 2284 PolicyAgent - ok
21:31:07.0181 2284 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:31:07.0243 2284 Power - ok
21:31:07.0306 2284 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:31:07.0368 2284 PptpMiniport - ok
21:31:07.0399 2284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:31:07.0431 2284 Processor - ok
21:31:07.0462 2284 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:31:07.0540 2284 ProfSvc - ok
21:31:07.0571 2284 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:07.0571 2284 ProtectedStorage - ok
21:31:07.0633 2284 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:31:07.0665 2284 Psched - ok
21:31:07.0727 2284 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
21:31:07.0727 2284 PxHlpa64 - ok
21:31:07.0789 2284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:31:07.0883 2284 ql2300 - ok
21:31:07.0961 2284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:31:07.0961 2284 ql40xx - ok
21:31:07.0992 2284 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:31:08.0023 2284 QWAVE - ok
21:31:08.0039 2284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:31:08.0055 2284 QWAVEdrv - ok
21:31:08.0070 2284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:31:08.0133 2284 RasAcd - ok
21:31:08.0164 2284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:31:08.0211 2284 RasAgileVpn - ok
21:31:08.0226 2284 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:31:08.0289 2284 RasAuto - ok
21:31:08.0351 2284 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:31:08.0413 2284 Rasl2tp - ok
21:31:08.0445 2284 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:31:08.0507 2284 RasMan - ok
21:31:08.0523 2284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:31:08.0585 2284 RasPppoe - ok
21:31:08.0616 2284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:31:08.0663 2284 RasSstp - ok
21:31:08.0741 2284 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:31:08.0803 2284 rdbss - ok
21:31:08.0850 2284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:31:08.0881 2284 rdpbus - ok
21:31:08.0897 2284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:31:08.0959 2284 RDPCDD - ok
21:31:09.0006 2284 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:31:09.0022 2284 RDPDR - ok
21:31:09.0022 2284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:31:09.0084 2284 RDPENCDD - ok
21:31:09.0100 2284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:31:09.0147 2284 RDPREFMP - ok
21:31:09.0193 2284 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:31:09.0225 2284 RDPWD - ok
21:31:09.0271 2284 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:31:09.0287 2284 rdyboost - ok
21:31:09.0318 2284 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:31:09.0365 2284 RemoteAccess - ok
21:31:09.0412 2284 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:31:09.0474 2284 RemoteRegistry - ok
21:31:09.0490 2284 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:31:09.0552 2284 RpcEptMapper - ok
21:31:09.0583 2284 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:31:09.0615 2284 RpcLocator - ok
21:31:09.0677 2284 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:31:09.0708 2284 RpcSs - ok
21:31:09.0755 2284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:31:09.0786 2284 rspndr - ok
21:31:09.0817 2284 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:31:09.0833 2284 s3cap - ok
21:31:09.0864 2284 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:09.0864 2284 SamSs - ok
21:31:09.0973 2284 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:31:09.0989 2284 SASDIFSV - ok
21:31:10.0005 2284 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:31:10.0005 2284 SASKUTIL - ok
21:31:10.0067 2284 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:31:10.0083 2284 sbp2port - ok
21:31:10.0114 2284 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:31:10.0176 2284 SCardSvr - ok
21:31:10.0207 2284 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:31:10.0270 2284 scfilter - ok
21:31:10.0379 2284 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:31:10.0504 2284 Schedule - ok
21:31:10.0597 2284 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:31:10.0629 2284 SCPolicySvc - ok
21:31:10.0675 2284 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:31:10.0722 2284 SDRSVC - ok
21:31:10.0769 2284 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:31:10.0831 2284 secdrv - ok
21:31:10.0878 2284 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:31:10.0925 2284 seclogon - ok
21:31:10.0956 2284 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:31:11.0003 2284 SENS - ok
21:31:11.0019 2284 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:31:11.0034 2284 SensrSvc - ok
21:31:11.0034 2284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:31:11.0065 2284 Serenum - ok
21:31:11.0097 2284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:31:11.0128 2284 Serial - ok
21:31:11.0159 2284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:31:11.0206 2284 sermouse - ok
21:31:11.0253 2284 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:31:11.0315 2284 SessionEnv - ok
21:31:11.0346 2284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:31:11.0377 2284 sffdisk - ok
21:31:11.0409 2284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:31:11.0440 2284 sffp_mmc - ok
21:31:11.0455 2284 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:31:11.0502 2284 sffp_sd - ok
21:31:11.0518 2284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:31:11.0549 2284 sfloppy - ok
21:31:11.0596 2284 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:31:11.0689 2284 SharedAccess - ok
21:31:11.0752 2284 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:31:11.0830 2284 ShellHWDetection - ok
21:31:11.0861 2284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:31:11.0877 2284 SiSRaid2 - ok
21:31:11.0892 2284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:31:11.0892 2284 SiSRaid4 - ok
21:31:11.0908 2284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:31:11.0955 2284 Smb - ok
21:31:12.0001 2284 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:31:12.0033 2284 SNMPTRAP - ok
21:31:12.0064 2284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:31:12.0064 2284 spldr - ok
21:31:12.0126 2284 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:31:12.0173 2284 Spooler - ok
21:31:12.0345 2284 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:31:12.0501 2284 sppsvc - ok
21:31:12.0563 2284 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:31:12.0610 2284 sppuinotify - ok
21:31:12.0688 2284 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:31:12.0781 2284 srv - ok
21:31:12.0859 2284 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:31:12.0937 2284 srv2 - ok
21:31:12.0969 2284 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:31:13.0000 2284 srvnet - ok
21:31:13.0031 2284 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:31:13.0140 2284 SSDPSRV - ok
21:31:13.0171 2284 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:31:13.0218 2284 SstpSvc - ok
21:31:13.0234 2284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:31:13.0249 2284 stexstor - ok
21:31:13.0327 2284 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:31:13.0390 2284 stisvc - ok
21:31:13.0421 2284 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:31:13.0437 2284 storflt - ok
21:31:13.0468 2284 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:31:13.0499 2284 StorSvc - ok
21:31:13.0530 2284 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:31:13.0546 2284 storvsc - ok
21:31:13.0577 2284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:31:13.0593 2284 swenum - ok
21:31:13.0624 2284 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:31:13.0702 2284 swprv - ok
21:31:13.0795 2284 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:31:13.0889 2284 SysMain - ok
21:31:13.0998 2284 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:31:14.0014 2284 TabletInputService - ok
21:31:14.0061 2284 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:31:14.0123 2284 TapiSrv - ok
21:31:14.0154 2284 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:31:14.0201 2284 TBS - ok
21:31:14.0326 2284 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:31:14.0404 2284 Tcpip - ok
21:31:14.0513 2284 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:31:14.0544 2284 TCPIP6 - ok
21:31:14.0653 2284 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:31:14.0700 2284 tcpipreg - ok
21:31:14.0747 2284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:31:14.0778 2284 TDPIPE - ok
21:31:14.0809 2284 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:31:14.0841 2284 TDTCP - ok
21:31:14.0919 2284 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:31:14.0950 2284 tdx - ok
21:31:14.0997 2284 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:31:15.0012 2284 TermDD - ok
21:31:15.0075 2284 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:31:15.0137 2284 TermService - ok
21:31:15.0137 2284 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:31:15.0184 2284 Themes - ok
21:31:15.0215 2284 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:31:15.0246 2284 THREADORDER - ok
21:31:15.0277 2284 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:31:15.0324 2284 TrkWks - ok
21:31:15.0371 2284 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:31:15.0418 2284 TrustedInstaller - ok
21:31:15.0465 2284 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:15.0527 2284 tssecsrv - ok
21:31:15.0574 2284 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:31:15.0605 2284 TsUsbFlt - ok
21:31:15.0636 2284 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:31:15.0699 2284 tunnel - ok
21:31:15.0777 2284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:31:15.0808 2284 uagp35 - ok
21:31:15.0855 2284 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:31:15.0948 2284 udfs - ok
21:31:15.0964 2284 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:31:15.0979 2284 UI0Detect - ok
21:31:15.0995 2284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:31:16.0011 2284 uliagpkx - ok
21:31:16.0042 2284 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:31:16.0073 2284 umbus - ok
21:31:16.0104 2284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:31:16.0135 2284 UmPass - ok
21:31:16.0167 2284 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:31:16.0245 2284 UmRdpService - ok
21:31:16.0276 2284 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:31:16.0385 2284 upnphost - ok
21:31:16.0432 2284 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
21:31:16.0463 2284 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:31:16.0463 2284 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:31:16.0525 2284 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:16.0541 2284 usbccgp - ok
21:31:16.0588 2284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:31:16.0603 2284 usbcir - ok
21:31:16.0635 2284 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:31:16.0650 2284 usbehci - ok
21:31:16.0697 2284 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:31:16.0728 2284 usbhub - ok
21:31:16.0759 2284 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:31:16.0775 2284 usbohci - ok
21:31:16.0806 2284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:31:16.0837 2284 usbprint - ok
21:31:16.0900 2284 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:31:16.0931 2284 usbscan - ok
21:31:16.0947 2284 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:17.0009 2284 USBSTOR - ok
21:31:17.0025 2284 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:31:17.0056 2284 usbuhci - ok
21:31:17.0071 2284 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:31:17.0134 2284 UxSms - ok
21:31:17.0165 2284 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:31:17.0181 2284 VaultSvc - ok
21:31:17.0212 2284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:31:17.0227 2284 vdrvroot - ok
21:31:17.0274 2284 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:31:17.0352 2284 vds - ok
21:31:17.0383 2284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:17.0399 2284 vga - ok
21:31:17.0399 2284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:31:17.0461 2284 VgaSave - ok
21:31:17.0493 2284 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:31:17.0508 2284 vhdmp - ok
21:31:17.0555 2284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:31:17.0571 2284 viaide - ok
21:31:17.0602 2284 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:31:17.0617 2284 vmbus - ok
21:31:17.0680 2284 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:31:17.0711 2284 VMBusHID - ok
21:31:17.0758 2284 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:31:17.0758 2284 volmgr - ok
21:31:17.0805 2284 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:31:17.0867 2284 volmgrx - ok
21:31:17.0914 2284 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:31:17.0961 2284 volsnap - ok
21:31:17.0976 2284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:18.0007 2284 vsmraid - ok
21:31:18.0101 2284 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:31:18.0210 2284 VSS - ok
21:31:18.0304 2284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:31:18.0335 2284 vwifibus - ok
21:31:18.0382 2284 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:31:18.0429 2284 W32Time - ok
21:31:18.0444 2284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:31:18.0460 2284 WacomPen - ok
21:31:18.0475 2284 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:18.0522 2284 WANARP - ok
21:31:18.0553 2284 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:31:18.0585 2284 Wanarpv6 - ok
21:31:18.0709 2284 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:31:18.0772 2284 WatAdminSvc - ok
21:31:18.0850 2284 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:31:18.0912 2284 wbengine - ok
21:31:18.0959 2284 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:31:18.0990 2284 WbioSrvc - ok
21:31:19.0037 2284 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:31:19.0084 2284 wcncsvc - ok
21:31:19.0115 2284 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:31:19.0146 2284 WcsPlugInService - ok
21:31:19.0193 2284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:31:19.0209 2284 Wd - ok
21:31:19.0240 2284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:31:19.0271 2284 Wdf01000 - ok
21:31:19.0287 2284 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:19.0333 2284 WdiServiceHost - ok
21:31:19.0333 2284 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:31:19.0349 2284 WdiSystemHost - ok
21:31:19.0396 2284 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:31:19.0474 2284 WebClient - ok
21:31:19.0521 2284 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:31:19.0614 2284 Wecsvc - ok
21:31:19.0645 2284 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:31:19.0708 2284 wercplsupport - ok
21:31:19.0739 2284 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:31:19.0801 2284 WerSvc - ok
21:31:19.0833 2284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:19.0864 2284 WfpLwf - ok
21:31:19.0879 2284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:31:19.0879 2284 WIMMount - ok
21:31:19.0926 2284 WinDefend - ok
21:31:19.0926 2284 WinHttpAutoProxySvc - ok
21:31:20.0004 2284 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:31:20.0067 2284 Winmgmt - ok
21:31:20.0176 2284 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:31:20.0301 2284 WinRM - ok
21:31:20.0457 2284 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:31:20.0472 2284 WinUsb - ok
21:31:20.0581 2284 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:31:20.0644 2284 Wlansvc - ok
21:31:20.0675 2284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:31:20.0706 2284 WmiAcpi - ok
21:31:20.0753 2284 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:31:20.0800 2284 wmiApSrv - ok
21:31:20.0815 2284 WMPNetworkSvc - ok
21:31:20.0815 2284 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:31:20.0831 2284 WPCSvc - ok
21:31:20.0909 2284 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:31:20.0956 2284 WPDBusEnum - ok
21:31:20.0971 2284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:31:21.0003 2284 ws2ifsl - ok
21:31:21.0049 2284 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:31:21.0096 2284 wscsvc - ok
21:31:21.0096 2284 WSearch - ok
21:31:21.0237 2284 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:31:21.0346 2284 wuauserv - ok
21:31:21.0408 2284 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:31:21.0455 2284 WudfPf - ok
21:31:21.0486 2284 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:21.0533 2284 WUDFRd - ok
21:31:21.0564 2284 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:31:21.0611 2284 wudfsvc - ok
21:31:21.0627 2284 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:31:21.0689 2284 WwanSvc - ok
21:31:21.0705 2284 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:31:21.0767 2284 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:31:21.0767 2284 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:31:21.0767 2284 Boot (0x1200) (8302744272a22a17ded8a6994d7c8c6b) \Device\Harddisk0\DR0\Partition0
21:31:21.0767 2284 \Device\Harddisk0\DR0\Partition0 - ok
21:31:21.0767 2284 ============================================================
21:31:21.0767 2284 Scan finished
21:31:21.0767 2284 ============================================================
21:31:21.0783 1316 Detected object count: 2
21:31:21.0783 1316 Actual detected object count: 2
21:33:50.0470 1316 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:33:50.0470 1316 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:33:50.0470 1316 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:33:50.0470 1316 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:35:10.0087 0360 Deinitialize success

#11 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 09:47 PM

Re-run TDSSKiller again please and if this appears :

\Device\Harddisk0\DR0 ( TDSS File System )

Select delete

#12 jmapcdoc

New Member

Members
12 posts

Posted 02 May 2012 - 10:29 PM

Finally appears to be gone even after reboot!! Thank you very much!! However this is the last TDSSKiller log!!!

22:25:39.0665 3648 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
22:25:40.0351 3648 ============================================================
22:25:40.0351 3648 Current date / time: 2012/05/02 22:25:40.0351
22:25:40.0351 3648 SystemInfo:
22:25:40.0351 3648
22:25:40.0351 3648 OS Version: 6.1.7601 ServicePack: 1.0
22:25:40.0351 3648 Product type: Workstation
22:25:40.0351 3648 ComputerName: WINSTON-PC
22:25:40.0351 3648 UserName: winston
22:25:40.0351 3648 Windows directory: C:\Windows
22:25:40.0351 3648 System windows directory: C:\Windows
22:25:40.0351 3648 Running under WOW64
22:25:40.0351 3648 Processor architecture: Intel x64
22:25:40.0351 3648 Number of processors: 4
22:25:40.0351 3648 Page size: 0x1000
22:25:40.0351 3648 Boot type: Normal boot
22:25:40.0351 3648 ============================================================
22:25:42.0286 3648 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:25:42.0301 3648 ============================================================
22:25:42.0301 3648 \Device\Harddisk0\DR0:
22:25:42.0301 3648 MBR partitions:
22:25:42.0301 3648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
22:25:42.0301 3648 ============================================================
22:25:42.0317 3648 C: <-> \Device\Harddisk0\DR0\Partition0
22:25:42.0317 3648 ============================================================
22:25:42.0317 3648 Initialize success
22:25:42.0317 3648 ============================================================
22:25:49.0976 3732 ============================================================
22:25:49.0976 3732 Scan started
22:25:49.0976 3732 Mode: Manual; SigCheck; TDLFS;
22:25:49.0976 3732 ============================================================
22:25:51.0037 3732 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:25:51.0100 3732 !SASCORE - ok
22:25:51.0240 3732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:25:51.0349 3732 1394ohci - ok
22:25:51.0412 3732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:25:51.0443 3732 ACPI - ok
22:25:51.0474 3732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:25:51.0599 3732 AcpiPmi - ok
22:25:51.0724 3732 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:25:51.0739 3732 AdobeARMservice - ok
22:25:51.0786 3732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:25:51.0833 3732 adp94xx - ok
22:25:51.0880 3732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:25:51.0926 3732 adpahci - ok
22:25:51.0958 3732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:25:51.0973 3732 adpu320 - ok
22:25:51.0989 3732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:25:52.0145 3732 AeLookupSvc - ok
22:25:52.0223 3732 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:25:52.0332 3732 AFD - ok
22:25:52.0363 3732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:25:52.0379 3732 agp440 - ok
22:25:52.0410 3732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:25:52.0472 3732 ALG - ok
22:25:52.0488 3732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:25:52.0488 3732 aliide - ok
22:25:52.0566 3732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:25:52.0582 3732 amdide - ok
22:25:52.0597 3732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:25:52.0675 3732 AmdK8 - ok
22:25:52.0691 3732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:25:52.0738 3732 AmdPPM - ok
22:25:52.0769 3732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:25:52.0784 3732 amdsata - ok
22:25:52.0816 3732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:25:52.0831 3732 amdsbs - ok
22:25:52.0847 3732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:25:52.0862 3732 amdxata - ok
22:25:52.0878 3732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:25:53.0065 3732 AppID - ok
22:25:53.0096 3732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:25:53.0159 3732 AppIDSvc - ok
22:25:53.0221 3732 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:25:53.0268 3732 Appinfo - ok
22:25:53.0393 3732 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:25:53.0408 3732 Apple Mobile Device - ok
22:25:53.0424 3732 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:25:53.0440 3732 AppMgmt - ok
22:25:53.0471 3732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:25:53.0486 3732 arc - ok
22:25:53.0486 3732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:25:53.0502 3732 arcsas - ok
22:25:53.0627 3732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:25:53.0705 3732 AsyncMac - ok
22:25:53.0752 3732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:25:53.0752 3732 atapi - ok
22:25:53.0814 3732 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:25:53.0908 3732 AudioEndpointBuilder - ok
22:25:53.0908 3732 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:25:53.0954 3732 AudioSrv - ok
22:25:53.0986 3732 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:25:54.0064 3732 AxInstSV - ok
22:25:54.0079 3732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:25:54.0157 3732 b06bdrv - ok
22:25:54.0173 3732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:25:54.0251 3732 b57nd60a - ok
22:25:54.0282 3732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:25:54.0344 3732 BDESVC - ok
22:25:54.0376 3732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:25:54.0422 3732 Beep - ok
22:25:54.0625 3732 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:25:54.0672 3732 BFE - ok
22:25:54.0781 3732 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:25:54.0875 3732 BITS - ok
22:25:54.0906 3732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:25:54.0937 3732 blbdrive - ok
22:25:55.0031 3732 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:25:55.0062 3732 Bonjour Service - ok
22:25:55.0124 3732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:25:55.0140 3732 bowser - ok
22:25:55.0171 3732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:25:55.0249 3732 BrFiltLo - ok
22:25:55.0265 3732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:25:55.0280 3732 BrFiltUp - ok
22:25:55.0312 3732 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:25:55.0374 3732 BridgeMP - ok
22:25:55.0405 3732 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:25:55.0468 3732 Browser - ok
22:25:55.0499 3732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:25:55.0639 3732 Brserid - ok
22:25:55.0655 3732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:25:55.0702 3732 BrSerWdm - ok
22:25:55.0717 3732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:25:55.0733 3732 BrUsbMdm - ok
22:25:55.0733 3732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:25:55.0764 3732 BrUsbSer - ok
22:25:55.0795 3732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:25:55.0826 3732 BTHMODEM - ok
22:25:55.0858 3732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:25:55.0920 3732 bthserv - ok
22:25:55.0998 3732 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
22:25:56.0138 3732 BVRPMPR5a64 - ok
22:25:56.0154 3732 catchme - ok
22:25:56.0185 3732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:25:56.0248 3732 cdfs - ok
22:25:56.0310 3732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:25:56.0341 3732 cdrom - ok
22:25:56.0372 3732 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:25:56.0435 3732 CertPropSvc - ok
22:25:56.0466 3732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:25:56.0497 3732 circlass - ok
22:25:56.0606 3732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:25:56.0653 3732 CLFS - ok
22:25:56.0731 3732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:25:56.0747 3732 clr_optimization_v2.0.50727_32 - ok
22:25:56.0809 3732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:25:56.0825 3732 clr_optimization_v2.0.50727_64 - ok
22:25:56.0934 3732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:25:57.0012 3732 clr_optimization_v4.0.30319_32 - ok
22:25:57.0059 3732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:25:57.0074 3732 clr_optimization_v4.0.30319_64 - ok
22:25:57.0090 3732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:25:57.0121 3732 CmBatt - ok
22:25:57.0152 3732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:25:57.0168 3732 cmdide - ok
22:25:57.0215 3732 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:25:57.0262 3732 CNG - ok
22:25:57.0277 3732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:25:57.0277 3732 Compbatt - ok
22:25:57.0324 3732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:25:57.0371 3732 CompositeBus - ok
22:25:57.0371 3732 COMSysApp - ok
22:25:57.0386 3732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:25:57.0402 3732 crcdisk - ok
22:25:57.0449 3732 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:25:57.0511 3732 CryptSvc - ok
22:25:57.0636 3732 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:25:57.0792 3732 CSC - ok
22:25:57.0854 3732 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:25:57.0917 3732 CscService - ok
22:25:58.0042 3732 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:25:58.0120 3732 DcomLaunch - ok
22:25:58.0166 3732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:25:58.0276 3732 defragsvc - ok
22:25:58.0354 3732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:25:58.0416 3732 DfsC - ok
22:25:58.0478 3732 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:25:58.0541 3732 Dhcp - ok
22:25:58.0603 3732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:25:58.0666 3732 discache - ok
22:25:58.0697 3732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:25:58.0712 3732 Disk - ok
22:25:58.0759 3732 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:25:58.0806 3732 Dnscache - ok
22:25:58.0853 3732 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:25:58.0946 3732 dot3svc - ok
22:25:58.0993 3732 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:25:59.0071 3732 DPS - ok
22:25:59.0118 3732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:25:59.0149 3732 drmkaud - ok
22:25:59.0243 3732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:25:59.0258 3732 DXGKrnl - ok
22:25:59.0305 3732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:25:59.0383 3732 EapHost - ok
22:25:59.0617 3732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:25:59.0758 3732 ebdrv - ok
22:25:59.0929 3732 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:25:59.0992 3732 EFS - ok
22:26:00.0210 3732 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:26:00.0366 3732 ehRecvr - ok
22:26:00.0382 3732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:26:00.0444 3732 ehSched - ok
22:26:00.0584 3732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:26:00.0647 3732 elxstor - ok
22:26:00.0709 3732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:26:00.0740 3732 ErrDev - ok
22:26:00.0818 3732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:26:00.0912 3732 EventSystem - ok
22:26:01.0068 3732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:26:01.0130 3732 exfat - ok
22:26:01.0162 3732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:26:01.0208 3732 fastfat - ok
22:26:01.0333 3732 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:26:01.0427 3732 Fax - ok
22:26:01.0458 3732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:26:01.0489 3732 fdc - ok
22:26:01.0583 3732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:26:01.0661 3732 fdPHost - ok
22:26:01.0676 3732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:26:01.0739 3732 FDResPub - ok
22:26:01.0801 3732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:26:01.0801 3732 FileInfo - ok
22:26:01.0817 3732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:26:01.0879 3732 Filetrace - ok
22:26:01.0910 3732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:26:01.0926 3732 flpydisk - ok
22:26:01.0973 3732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:26:02.0004 3732 FltMgr - ok
22:26:02.0082 3732 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:26:02.0160 3732 FontCache - ok
22:26:02.0285 3732 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:26:02.0300 3732 FontCache3.0.0.0 - ok
22:26:02.0347 3732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:26:02.0363 3732 FsDepends - ok
22:26:02.0456 3732 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:26:02.0456 3732 Fs_Rec - ok
22:26:02.0550 3732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:26:02.0566 3732 fvevol - ok
22:26:02.0597 3732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:26:02.0612 3732 gagp30kx - ok
22:26:02.0659 3732 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:26:02.0675 3732 GEARAspiWDM - ok
22:26:03.0533 3732 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:26:03.0642 3732 gpsvc - ok
22:26:03.0782 3732 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:03.0798 3732 gupdate - ok
22:26:03.0814 3732 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:03.0829 3732 gupdatem - ok
22:26:03.0876 3732 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:26:03.0892 3732 gusvc - ok
22:26:03.0923 3732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:26:03.0985 3732 hcw85cir - ok
22:26:04.0188 3732 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:26:04.0250 3732 HdAudAddService - ok
22:26:04.0297 3732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:26:04.0328 3732 HDAudBus - ok
22:26:04.0344 3732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:26:04.0375 3732 HidBatt - ok
22:26:04.0406 3732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:26:04.0438 3732 HidBth - ok
22:26:04.0453 3732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:26:04.0469 3732 HidIr - ok
22:26:04.0500 3732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:26:04.0562 3732 hidserv - ok
22:26:04.0625 3732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:26:04.0640 3732 HidUsb - ok
22:26:04.0703 3732 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:26:04.0765 3732 hkmsvc - ok
22:26:04.0812 3732 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:26:04.0906 3732 HomeGroupListener - ok
22:26:04.0952 3732 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:26:04.0999 3732 HomeGroupProvider - ok
22:26:05.0171 3732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:26:05.0202 3732 HpSAMD - ok
22:26:05.0280 3732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:26:05.0374 3732 HTTP - ok
22:26:05.0405 3732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:26:05.0420 3732 hwpolicy - ok
22:26:05.0561 3732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:26:05.0576 3732 i8042prt - ok
22:26:05.0654 3732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:26:05.0701 3732 iaStorV - ok
22:26:06.0575 3732 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:26:06.0637 3732 idsvc - ok
22:26:06.0668 3732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:26:06.0684 3732 iirsp - ok
22:26:07.0105 3732 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:26:07.0183 3732 IKEEXT - ok
22:26:07.0230 3732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:26:07.0246 3732 intelide - ok
22:26:07.0261 3732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:26:07.0308 3732 intelppm - ok
22:26:07.0355 3732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:26:07.0433 3732 IPBusEnum - ok
22:26:07.0464 3732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:26:07.0526 3732 IpFilterDriver - ok
22:26:07.0636 3732 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:26:07.0714 3732 iphlpsvc - ok
22:26:07.0745 3732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:26:07.0760 3732 IPMIDRV - ok
22:26:07.0792 3732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:26:07.0854 3732 IPNAT - ok
22:26:07.0948 3732 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
22:26:08.0010 3732 iPod Service - ok
22:26:08.0026 3732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:26:08.0104 3732 IRENUM - ok
22:26:08.0150 3732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:26:08.0150 3732 isapnp - ok
22:26:08.0572 3732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:26:08.0618 3732 iScsiPrt - ok
22:26:08.0650 3732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:26:08.0650 3732 kbdclass - ok
22:26:08.0696 3732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
22:26:08.0728 3732 kbdhid - ok
22:26:08.0806 3732 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:08.0821 3732 KeyIso - ok
22:26:08.0837 3732 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:26:08.0852 3732 KSecDD - ok
22:26:08.0899 3732 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:26:08.0977 3732 KSecPkg - ok
22:26:08.0993 3732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:26:09.0055 3732 ksthunk - ok
22:26:09.0570 3732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:26:09.0617 3732 KtmRm - ok
22:26:09.0695 3732 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:26:09.0788 3732 LanmanServer - ok
22:26:09.0820 3732 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:26:09.0898 3732 LanmanWorkstation - ok
22:26:09.0944 3732 Lbd - ok
22:26:09.0976 3732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:26:10.0022 3732 lltdio - ok
22:26:10.0568 3732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:26:10.0615 3732 lltdsvc - ok
22:26:10.0631 3732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:26:10.0693 3732 lmhosts - ok
22:26:10.0912 3732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:26:10.0927 3732 LSI_FC - ok
22:26:10.0958 3732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:26:10.0974 3732 LSI_SAS - ok
22:26:10.0990 3732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:26:10.0990 3732 LSI_SAS2 - ok
22:26:11.0021 3732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:26:11.0036 3732 LSI_SCSI - ok
22:26:11.0052 3732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:26:11.0114 3732 luafv - ok
22:26:11.0146 3732 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:26:11.0177 3732 Mcx2Svc - ok
22:26:11.0208 3732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:26:11.0224 3732 megasas - ok
22:26:11.0239 3732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:26:11.0286 3732 MegaSR - ok
22:26:11.0317 3732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:11.0380 3732 MMCSS - ok
22:26:11.0411 3732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:26:11.0458 3732 Modem - ok
22:26:11.0660 3732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:26:11.0692 3732 monitor - ok
22:26:11.0863 3732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:26:11.0879 3732 mouclass - ok
22:26:11.0957 3732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:26:12.0035 3732 mouhid - ok
22:26:12.0097 3732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:26:12.0113 3732 mountmgr - ok
22:26:12.0175 3732 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:26:12.0191 3732 MpFilter - ok
22:26:12.0253 3732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:26:12.0269 3732 mpio - ok
22:26:12.0284 3732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:26:12.0316 3732 mpsdrv - ok
22:26:12.0565 3732 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:26:12.0659 3732 MpsSvc - ok
22:26:12.0815 3732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:26:12.0862 3732 MRxDAV - ok
22:26:12.0940 3732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:13.0002 3732 mrxsmb - ok
22:26:13.0049 3732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:13.0127 3732 mrxsmb10 - ok
22:26:13.0158 3732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:13.0174 3732 mrxsmb20 - ok
22:26:13.0220 3732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:26:13.0236 3732 msahci - ok
22:26:13.0376 3732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:26:13.0392 3732 msdsm - ok
22:26:13.0423 3732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:26:13.0454 3732 MSDTC - ok
22:26:13.0548 3732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:26:13.0579 3732 Msfs - ok
22:26:13.0610 3732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:26:13.0657 3732 mshidkmdf - ok
22:26:13.0704 3732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:26:13.0704 3732 msisadrv - ok
22:26:13.0844 3732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:26:13.0907 3732 MSiSCSI - ok
22:26:13.0907 3732 msiserver - ok
22:26:13.0938 3732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:26:14.0000 3732 MSKSSRV - ok
22:26:14.0110 3732 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:26:14.0125 3732 MsMpSvc - ok
22:26:14.0125 3732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:14.0188 3732 MSPCLOCK - ok
22:26:14.0188 3732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:26:14.0234 3732 MSPQM - ok
22:26:14.0281 3732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:26:14.0328 3732 MsRPC - ok
22:26:14.0359 3732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:26:14.0375 3732 mssmbios - ok
22:26:14.0375 3732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:26:14.0437 3732 MSTEE - ok
22:26:14.0484 3732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:26:14.0515 3732 MTConfig - ok
22:26:14.0562 3732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:26:14.0578 3732 Mup - ok
22:26:14.0843 3732 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:26:14.0905 3732 napagent - ok
22:26:14.0952 3732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:26:14.0999 3732 NativeWifiP - ok
22:26:15.0061 3732 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:26:15.0139 3732 NDIS - ok
22:26:15.0186 3732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:15.0248 3732 NdisCap - ok
22:26:15.0264 3732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:15.0311 3732 NdisTapi - ok
22:26:15.0358 3732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:15.0404 3732 Ndisuio - ok
22:26:15.0451 3732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:15.0514 3732 NdisWan - ok
22:26:15.0592 3732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:26:15.0638 3732 NDProxy - ok
22:26:15.0670 3732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:26:15.0716 3732 NetBIOS - ok
22:26:15.0763 3732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:26:15.0810 3732 NetBT - ok
22:26:15.0841 3732 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:15.0857 3732 Netlogon - ok
22:26:16.0184 3732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:26:16.0247 3732 Netman - ok
22:26:16.0309 3732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:26:16.0403 3732 netprofm - ok
22:26:16.0606 3732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:16.0621 3732 NetTcpPortSharing - ok
22:26:16.0652 3732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:26:16.0668 3732 nfrd960 - ok
22:26:16.0715 3732 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:26:16.0715 3732 NisDrv - ok
22:26:16.0824 3732 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:26:16.0886 3732 NisSrv - ok
22:26:16.0949 3732 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:26:17.0042 3732 NlaSvc - ok
22:26:17.0074 3732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:26:17.0120 3732 Npfs - ok
22:26:17.0136 3732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:26:17.0167 3732 nsi - ok
22:26:17.0183 3732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:26:17.0245 3732 nsiproxy - ok
22:26:17.0620 3732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:26:17.0713 3732 Ntfs - ok
22:26:17.0822 3732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:26:17.0885 3732 Null - ok
22:26:17.0963 3732 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
22:26:18.0010 3732 NVENETFD - ok
22:26:20.0506 3732 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:26:20.0708 3732 nvlddmkm - ok
22:26:20.0974 3732 NVNET (0ad267a4674805b61a5d7b911d2a978a) C:\Windows\system32\DRIVERS\nvmf6264.sys
22:26:20.0989 3732 NVNET - ok
22:26:21.0052 3732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:26:21.0067 3732 nvraid - ok
22:26:21.0114 3732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:26:21.0114 3732 nvstor - ok
22:26:21.0161 3732 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
22:26:21.0176 3732 nvsvc - ok
22:26:21.0223 3732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:26:21.0239 3732 nv_agp - ok
22:26:21.0286 3732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:26:21.0317 3732 ohci1394 - ok
22:26:21.0364 3732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:21.0426 3732 p2pimsvc - ok
22:26:21.0457 3732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:26:21.0566 3732 p2psvc - ok
22:26:21.0613 3732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:26:21.0629 3732 Parport - ok
22:26:21.0660 3732 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:26:21.0676 3732 partmgr - ok
22:26:21.0691 3732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:26:21.0722 3732 PcaSvc - ok
22:26:21.0785 3732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:26:21.0816 3732 pci - ok
22:26:21.0816 3732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:26:21.0832 3732 pciide - ok
22:26:21.0847 3732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:26:21.0863 3732 pcmcia - ok
22:26:21.0878 3732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:26:21.0894 3732 pcw - ok
22:26:21.0925 3732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:26:22.0050 3732 PEAUTH - ok
22:26:22.0128 3732 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:26:22.0222 3732 PeerDistSvc - ok
22:26:22.0284 3732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:26:22.0409 3732 PerfHost - ok
22:26:22.0612 3732 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:26:22.0736 3732 pla - ok
22:26:22.0783 3732 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:26:22.0892 3732 PlugPlay - ok
22:26:22.0924 3732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:26:22.0924 3732 PNRPAutoReg - ok
22:26:22.0955 3732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:26:22.0970 3732 PNRPsvc - ok
22:26:23.0017 3732 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:26:23.0095 3732 PolicyAgent - ok
22:26:23.0142 3732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:26:23.0220 3732 Power - ok
22:26:23.0282 3732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:26:23.0345 3732 PptpMiniport - ok
22:26:23.0376 3732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:26:23.0407 3732 Processor - ok
22:26:23.0438 3732 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:26:23.0501 3732 ProfSvc - ok
22:26:23.0610 3732 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:23.0610 3732 ProtectedStorage - ok
22:26:23.0672 3732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:26:23.0704 3732 Psched - ok
22:26:23.0766 3732 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
22:26:23.0766 3732 PxHlpa64 - ok
22:26:23.0828 3732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:26:23.0922 3732 ql2300 - ok
22:26:23.0969 3732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:26:23.0984 3732 ql40xx - ok
22:26:24.0016 3732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:26:24.0047 3732 QWAVE - ok
22:26:24.0062 3732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:26:24.0078 3732 QWAVEdrv - ok
22:26:24.0094 3732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:26:24.0156 3732 RasAcd - ok
22:26:24.0187 3732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:26:24.0234 3732 RasAgileVpn - ok
22:26:24.0250 3732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:26:24.0312 3732 RasAuto - ok
22:26:24.0374 3732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:26:24.0437 3732 Rasl2tp - ok
22:26:24.0484 3732 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:26:24.0530 3732 RasMan - ok
22:26:24.0593 3732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:26:24.0640 3732 RasPppoe - ok
22:26:24.0671 3732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:26:24.0718 3732 RasSstp - ok
22:26:24.0780 3732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:26:24.0889 3732 rdbss - ok
22:26:24.0920 3732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:26:24.0952 3732 rdpbus - ok
22:26:24.0967 3732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:26:25.0030 3732 RDPCDD - ok
22:26:25.0076 3732 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:26:25.0108 3732 RDPDR - ok
22:26:25.0123 3732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:26:25.0186 3732 RDPENCDD - ok
22:26:25.0217 3732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:26:25.0248 3732 RDPREFMP - ok
22:26:25.0295 3732 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:26:25.0342 3732 RDPWD - ok
22:26:25.0388 3732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:26:25.0420 3732 rdyboost - ok
22:26:25.0435 3732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:26:25.0498 3732 RemoteAccess - ok
22:26:25.0591 3732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:26:25.0654 3732 RemoteRegistry - ok
22:26:25.0685 3732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:26:25.0732 3732 RpcEptMapper - ok
22:26:25.0778 3732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:26:25.0810 3732 RpcLocator - ok
22:26:25.0856 3732 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:26:25.0903 3732 RpcSs - ok
22:26:25.0919 3732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:26:25.0966 3732 rspndr - ok
22:26:25.0997 3732 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:26:26.0012 3732 s3cap - ok
22:26:26.0044 3732 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:26.0059 3732 SamSs - ok
22:26:26.0168 3732 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:26:26.0168 3732 SASDIFSV - ok
22:26:26.0184 3732 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:26:26.0200 3732 SASKUTIL - ok
22:26:26.0246 3732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:26:26.0262 3732 sbp2port - ok
22:26:26.0278 3732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:26:26.0356 3732 SCardSvr - ok
22:26:26.0387 3732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:26:26.0449 3732 scfilter - ok
22:26:26.0605 3732 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:26:26.0714 3732 Schedule - ok
22:26:26.0761 3732 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:26:26.0792 3732 SCPolicySvc - ok
22:26:26.0839 3732 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:26:26.0902 3732 SDRSVC - ok
22:26:26.0948 3732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:26:27.0011 3732 secdrv - ok
22:26:27.0042 3732 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:26:27.0104 3732 seclogon - ok
22:26:27.0136 3732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:26:27.0198 3732 SENS - ok
22:26:27.0229 3732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:26:27.0245 3732 SensrSvc - ok
22:26:27.0260 3732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:26:27.0292 3732 Serenum - ok
22:26:27.0307 3732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:26:27.0338 3732 Serial - ok
22:26:27.0385 3732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:26:27.0416 3732 sermouse - ok
22:26:27.0463 3732 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:26:27.0526 3732 SessionEnv - ok
22:26:27.0572 3732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:26:27.0604 3732 sffdisk - ok
22:26:27.0635 3732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:26:27.0666 3732 sffp_mmc - ok
22:26:27.0682 3732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:26:27.0728 3732 sffp_sd - ok
22:26:27.0744 3732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:26:27.0775 3732 sfloppy - ok
22:26:27.0822 3732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:26:27.0916 3732 SharedAccess - ok
22:26:27.0978 3732 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:26:28.0056 3732 ShellHWDetection - ok
22:26:28.0087 3732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:26:28.0103 3732 SiSRaid2 - ok
22:26:28.0118 3732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:26:28.0134 3732 SiSRaid4 - ok
22:26:28.0150 3732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:26:28.0181 3732 Smb - ok
22:26:28.0228 3732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:26:28.0259 3732 SNMPTRAP - ok
22:26:28.0274 3732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:26:28.0290 3732 spldr - ok
22:26:28.0337 3732 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:26:28.0446 3732 Spooler - ok
22:26:28.0649 3732 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:26:28.0836 3732 sppsvc - ok
22:26:28.0914 3732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:26:28.0945 3732 sppuinotify - ok
22:26:29.0039 3732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:26:29.0132 3732 srv - ok
22:26:29.0210 3732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:26:29.0288 3732 srv2 - ok
22:26:29.0320 3732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:26:29.0351 3732 srvnet - ok
22:26:29.0398 3732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:26:29.0491 3732 SSDPSRV - ok
22:26:29.0554 3732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:26:29.0600 3732 SstpSvc - ok
22:26:29.0632 3732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:26:29.0647 3732 stexstor - ok
22:26:29.0710 3732 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:26:29.0772 3732 stisvc - ok
22:26:29.0819 3732 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:26:29.0819 3732 storflt - ok
22:26:29.0850 3732 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:26:29.0912 3732 StorSvc - ok
22:26:29.0944 3732 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:26:29.0959 3732 storvsc - ok
22:26:30.0006 3732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:26:30.0006 3732 swenum - ok
22:26:30.0037 3732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:26:30.0146 3732 swprv - ok
22:26:30.0256 3732 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:26:30.0365 3732 SysMain - ok
22:26:30.0458 3732 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:26:30.0505 3732 TabletInputService - ok
22:26:30.0583 3732 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:26:30.0646 3732 TapiSrv - ok
22:26:30.0692 3732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:26:30.0724 3732 TBS - ok
22:26:30.0848 3732 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:26:30.0942 3732 Tcpip - ok
22:26:31.0036 3732 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:26:31.0082 3732 TCPIP6 - ok
22:26:31.0145 3732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:26:31.0207 3732 tcpipreg - ok
22:26:31.0254 3732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:26:31.0285 3732 TDPIPE - ok
22:26:31.0316 3732 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:26:31.0348 3732 TDTCP - ok
22:26:31.0410 3732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:26:31.0457 3732 tdx - ok
22:26:31.0550 3732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:26:31.0550 3732 TermDD - ok
22:26:31.0613 3732 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:26:31.0722 3732 TermService - ok
22:26:31.0722 3732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:26:31.0753 3732 Themes - ok
22:26:31.0800 3732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:26:31.0831 3732 THREADORDER - ok
22:26:31.0862 3732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:26:31.0909 3732 TrkWks - ok
22:26:31.0972 3732 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:26:32.0018 3732 TrustedInstaller - ok
22:26:32.0065 3732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:26:32.0128 3732 tssecsrv - ok
22:26:32.0190 3732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:26:32.0237 3732 TsUsbFlt - ok
22:26:32.0284 3732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:26:32.0362 3732 tunnel - ok
22:26:32.0377 3732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:26:32.0393 3732 uagp35 - ok
22:26:32.0455 3732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:26:32.0549 3732 udfs - ok
22:26:32.0580 3732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:26:32.0596 3732 UI0Detect - ok
22:26:32.0611 3732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:26:32.0611 3732 uliagpkx - ok
22:26:32.0658 3732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:26:32.0689 3732 umbus - ok
22:26:32.0720 3732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:26:32.0752 3732 UmPass - ok
22:26:32.0783 3732 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:26:32.0861 3732 UmRdpService - ok
22:26:32.0908 3732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:26:33.0001 3732 upnphost - ok
22:26:33.0064 3732 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
22:26:33.0095 3732 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:26:33.0095 3732 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:26:33.0157 3732 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:26:33.0173 3732 usbccgp - ok
22:26:33.0220 3732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:26:33.0235 3732 usbcir - ok
22:26:33.0266 3732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:26:33.0282 3732 usbehci - ok
22:26:33.0329 3732 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:26:33.0360 3732 usbhub - ok
22:26:33.0391 3732 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:26:33.0407 3732 usbohci - ok
22:26:33.0422 3732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:26:33.0454 3732 usbprint - ok
22:26:33.0516 3732 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:26:33.0610 3732 usbscan - ok
22:26:33.0641 3732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:26:33.0703 3732 USBSTOR - ok
22:26:33.0719 3732 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:26:33.0734 3732 usbuhci - ok
22:26:33.0766 3732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:26:33.0828 3732 UxSms - ok
22:26:33.0859 3732 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:26:33.0875 3732 VaultSvc - ok
22:26:33.0906 3732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:26:33.0922 3732 vdrvroot - ok
22:26:33.0968 3732 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:26:34.0062 3732 vds - ok
22:26:34.0093 3732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:26:34.0109 3732 vga - ok
22:26:34.0109 3732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:26:34.0171 3732 VgaSave - ok
22:26:34.0202 3732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:26:34.0218 3732 vhdmp - ok
22:26:34.0265 3732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:26:34.0265 3732 viaide - ok
22:26:34.0312 3732 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:26:34.0327 3732 vmbus - ok
22:26:34.0390 3732 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:26:34.0421 3732 VMBusHID - ok
22:26:34.0452 3732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:26:34.0468 3732 volmgr - ok
22:26:34.0577 3732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:26:34.0624 3732 volmgrx - ok
22:26:34.0670 3732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:26:34.0733 3732 volsnap - ok
22:26:34.0748 3732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:26:34.0764 3732 vsmraid - ok
22:26:34.0858 3732 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:26:34.0967 3732 VSS - ok
22:26:35.0076 3732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:26:35.0107 3732 vwifibus - ok
22:26:35.0154 3732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:26:35.0201 3732 W32Time - ok
22:26:35.0232 3732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:26:35.0248 3732 WacomPen - ok
22:26:35.0248 3732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:35.0310 3732 WANARP - ok
22:26:35.0341 3732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:26:35.0372 3732 Wanarpv6 - ok
22:26:35.0466 3732 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:26:35.0528 3732 WatAdminSvc - ok
22:26:35.0622 3732 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:26:35.0731 3732 wbengine - ok
22:26:35.0778 3732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:26:35.0825 3732 WbioSrvc - ok
22:26:35.0872 3732 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:26:35.0934 3732 wcncsvc - ok
22:26:35.0950 3732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:26:35.0996 3732 WcsPlugInService - ok
22:26:36.0028 3732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:26:36.0043 3732 Wd - ok
22:26:36.0074 3732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:26:36.0137 3732 Wdf01000 - ok
22:26:36.0152 3732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:36.0246 3732 WdiServiceHost - ok
22:26:36.0262 3732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:26:36.0277 3732 WdiSystemHost - ok
22:26:36.0324 3732 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:26:36.0402 3732 WebClient - ok
22:26:36.0433 3732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:26:36.0527 3732 Wecsvc - ok
22:26:36.0652 3732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:26:36.0730 3732 wercplsupport - ok
22:26:36.0839 3732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:26:36.0901 3732 WerSvc - ok
22:26:37.0010 3732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:26:37.0057 3732 WfpLwf - ok
22:26:37.0088 3732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:26:37.0104 3732 WIMMount - ok
22:26:37.0151 3732 WinDefend - ok
22:26:37.0166 3732 WinHttpAutoProxySvc - ok
22:26:37.0229 3732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:26:37.0307 3732 Winmgmt - ok
22:26:37.0572 3732 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:26:37.0728 3732 WinRM - ok
22:26:37.0993 3732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:26:38.0009 3732 WinUsb - ok
22:26:38.0071 3732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:26:38.0118 3732 Wlansvc - ok
22:26:38.0165 3732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:26:38.0196 3732 WmiAcpi - ok
22:26:38.0258 3732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:26:38.0305 3732 wmiApSrv - ok
22:26:38.0368 3732 WMPNetworkSvc - ok
22:26:38.0368 3732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:26:38.0383 3732 WPCSvc - ok
22:26:38.0430 3732 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:26:38.0461 3732 WPDBusEnum - ok
22:26:38.0477 3732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:26:38.0508 3732 ws2ifsl - ok
22:26:39.0257 3732 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:26:39.0382 3732 wscsvc - ok
22:26:39.0397 3732 WSearch - ok
22:26:40.0489 3732 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:26:40.0598 3732 wuauserv - ok
22:26:40.0864 3732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:26:40.0926 3732 WudfPf - ok
22:26:40.0957 3732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:26:40.0988 3732 WUDFRd - ok
22:26:41.0035 3732 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:26:41.0066 3732 wudfsvc - ok
22:26:41.0098 3732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:26:41.0144 3732 WwanSvc - ok
22:26:41.0176 3732 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:26:41.0238 3732 \Device\Harddisk0\DR0 - ok
22:26:41.0238 3732 Boot (0x1200) (8302744272a22a17ded8a6994d7c8c6b) \Device\Harddisk0\DR0\Partition0
22:26:41.0238 3732 \Device\Harddisk0\DR0\Partition0 - ok
22:26:41.0238 3732 ============================================================
22:26:41.0238 3732 Scan finished
22:26:41.0238 3732 ============================================================
22:26:41.0254 3724 Detected object count: 1
22:26:41.0254 3724 Actual detected object count: 1
22:26:49.0147 3724 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:26:49.0147 3724 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

#13 gringo_pr

Bleepin Gringo

Malware Response Team
120,927 posts

Gender:Male
Location:Puerto rico

Posted 02 May 2012 - 10:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#14 jmapcdoc

New Member

Members
12 posts

Posted 03 May 2012 - 09:05 AM

The computer appears to be running fine and this is the first time TDSS problem was deleted and did not come back, Thank you very much, however when I ran MSE this moring this is what I got, MSE is asking me to rremove them as the recommended action. What should I do?

Trojan:Win32/Orsam!rts
Trojan:Win64/Alureon.gen!F
Trojan:Win32/Medfos.B
Trojan:Win32/Alureon.FK
Trojan:Win32/Alureon.gen!AD
Trojan:WinNT/Alureon.AA
Trojan:Win64/Alureon.gen!J