Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect, mevio, and random audio


  • This topic is locked This topic is locked
26 replies to this topic

#1 rampy

rampy

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 25 November 2011 - 06:43 PM

Infected with:
- google redirect
- mevio pops up from time to time and seems to be linked to itunes.
- random internet radio at random
- internet explorer (iexplore.exe) processes run and if I manually kill them they come back. (I have been running safari since this started)



What I've tried to resolve so far:
- Malware Bytes does not find anything in safe mode
- StopZilla finds a fair bit, removes it but it comes back so the infection is not getting totally eradicated. (in safe mode as well)
- I've run through the list of tests as displayed no the link http://www.bleepingcomputer.com/forums/topic428636.html

Any advice and help would be great.

Logs are as follows
////////////

DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:36 on 25/11/2011 (Owner)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


//////////////////////

DDS


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 10:37:27 on 2011-11-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5887.3466 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
Trusted Zone: altagas.ca\remote
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://blacks.pnimedia.com/upload/activex/v3_0_0_2/PCAXSetupv3.0.0.2.cab?
TCP: DhcpNameServer = 64.71.255.198
TCP: Interfaces\{1C61B744-F161-46F4-8206-8E7890B259DA} : DhcpNameServer = 64.71.255.198
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files (x86)\QuickTax 2009\ic2009pp.dll
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - C:\Program Files (x86)\Common Files\Intuit\intu-res.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files (x86)\TurboTax 2010\ic2010pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ScrewDrivers RDP Plugin] C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 Start BT in service;Start BT in service;C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-3-19 51816]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-6-10 23536]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-25 14:48:09 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C3485F9-377E-46AE-944F-6DF8092235FB}\offreg.dll
2011-11-25 05:14:33 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C3485F9-377E-46AE-944F-6DF8092235FB}\mpengine.dll
2011-11-20 05:26:58 -------- d-----w- C:\ProgramData\KingsIsle Entertainment
2011-11-14 01:30:00 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-14 01:29:59 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-14 01:29:59 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-14 01:29:56 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-14 01:15:22 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-01 03:32:00 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-10-31 18:37:12 -------- d-----w- C:\Users\Owner\AppData\Local\Google
2011-10-30 06:50:12 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2011-10-30 06:50:11 -------- d-----w- C:\ProgramData\STOPzilla!
2011-10-30 06:50:11 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-10-30 06:32:26 -------- d-----w- C:\Users\Owner\AppData\Roaming\PC Cleaners
2011-10-30 06:32:24 5359888 ----a-w- C:\Windows\uninst.exe
2011-10-30 06:32:22 -------- d-----w- C:\ProgramData\PC1Data
2011-10-30 00:33:20 -------- d-----w- C:\Users\Owner\AppData\Local\LEGO Software
2011-10-30 00:24:03 -------- d-----w- C:\Users\Owner\AppData\Local\Chromium
2011-10-30 00:23:48 -------- d-----w- C:\Program Files (x86)\LEGO Software
2011-10-29 05:00:59 -------- d--h--w- C:\Windows\AxInstSV
2011-10-28 22:17:36 546256 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-10-28 22:17:36 480720 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-10-28 22:17:36 28624 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-10-28 22:17:36 22992 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-10-28 22:17:36 132560 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-10-28 22:17:34 99792 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-10-28 22:17:34 738768 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-10-28 22:17:34 67024 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-10-28 22:17:34 456144 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-10-28 22:17:34 390608 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-10-28 22:17:34 230864 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-10-28 22:17:34 103888 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
.
==================== Find3M ====================
.
2011-11-25 02:50:46 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2011-10-31 18:38:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
.
============= FINISH: 10:45:23.87 ===============


//////////////

DDS - Attachment (Attached)


///////////////

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-25 15:26:12
Windows 6.1.7601 Service Pack 1
Running: 3gjronu1.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\01686886036a
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\01686886036a (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LSC56RLS\adoapn_AppNexusDemoActionTag_1[1].htm 0 bytes

---- EOF - GMER 1.0.15 ----
Attached File  Attach.zip   3.42KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 27 November 2011 - 11:21 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 28 November 2011 - 08:41 PM

Hi There Gringo!

I have run combofix with the network cable yanked. The IE processes running like mad in the background has drawn my bandwith utilization through the roof. My ISP shows in the last 6 months I average 25 GB of utilization and this month it will finish around 65+

Post Combo-Fix I still have google redirect and the Iexplore and iexplore *32 processes running

On the weekend I started the computer with the network cable removed and I got the follownig error in the event log.

The following boot-start or system-start driver(s) failed to load:
is3srv

The combo-fix log is as follows:

ComboFix 11-11-28.02 - Owner 28/11/2011 18:49:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.5887.4779 [GMT -5:00]
Running from: c:\users\Owner\Desktop\From_Bleeping\Combo\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\Documents\~WRL3305.tmp
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 00:26 . 2011-11-29 00:26 -------- d-----w- c:\users\Family\AppData\Local\temp
2011-11-29 00:26 . 2011-11-29 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-28 22:46 . 2011-11-28 22:46 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2942D54F-7C39-4B87-A96E-498518093BFB}\offreg.dll
2011-11-28 13:14 . 2011-10-07 02:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2942D54F-7C39-4B87-A96E-498518093BFB}\mpengine.dll
2011-11-25 05:19 . 2011-11-25 05:19 -------- d-----w- c:\windows\Sun
2011-11-25 05:19 . 2011-11-25 05:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-20 05:26 . 2011-11-20 05:26 -------- d-----w- c:\programdata\KingsIsle Entertainment
2011-11-19 17:14 . 2011-11-19 17:14 -------- d-----w- c:\users\Family\AppData\Local\Corel
2011-11-19 17:13 . 2011-11-19 17:13 -------- d-----w- c:\users\Family\AppData\Roaming\Corel
2011-11-19 14:16 . 2011-11-19 14:16 -------- d-----w- c:\users\Family\AppData\Local\Apple
2011-11-14 01:30 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-14 01:29 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-14 01:29 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-14 01:29 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 01:15 . 2011-11-14 01:15 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2011-11-01 03:32 . 2011-11-01 03:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-01 03:32 . 2011-11-01 03:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-01 03:32 . 2011-11-01 03:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-01 03:32 . 2011-11-01 03:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-01 03:32 . 2011-11-01 03:32 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-01 03:32 . 2011-11-01 03:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-01 03:32 . 2011-11-01 03:31 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-01 03:31 . 2011-11-01 03:31 -------- d-----w- c:\program files (x86)\QuickTime
2011-10-31 18:37 . 2011-10-31 18:38 -------- d-----w- c:\users\Owner\AppData\Local\Google
2011-10-31 18:37 . 2011-10-31 18:37 -------- d-----w- c:\program files (x86)\Google
2011-10-31 18:37 . 2011-10-31 18:37 -------- d-----w- c:\windows\system32\Macromed
2011-10-30 13:19 . 2011-10-30 13:19 -------- d-----w- c:\program files (x86)\Safari
2011-10-30 06:50 . 2011-11-25 23:32 -------- d-----w- c:\program files (x86)\STOPzilla!
2011-10-30 06:50 . 2011-11-28 23:20 -------- d-----w- c:\programdata\STOPzilla!
2011-10-30 06:50 . 2011-10-30 06:50 -------- d-----w- c:\program files (x86)\Common Files\iS3
2011-10-30 06:32 . 2011-10-30 06:32 -------- d-----w- c:\users\Owner\AppData\Roaming\PC Cleaners
2011-10-30 06:32 . 2011-10-30 06:31 5359888 ----a-w- c:\windows\uninst.exe
2011-10-30 06:32 . 2011-10-30 06:32 -------- d-----w- c:\programdata\PC1Data
2011-10-30 00:48 . 2011-10-30 00:48 -------- d-----w- c:\users\Family\AppData\Local\LEGO Software
2011-10-30 00:33 . 2011-10-30 00:33 -------- d-----w- c:\users\Owner\AppData\Local\LEGO Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 12:49 . 2011-02-13 05:05 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-10-31 18:38 . 2011-07-10 04:14 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-28 22:17 . 2011-10-28 22:17 546256 ----a-r- c:\windows\SysWow64\SZComp5.dll
2011-10-28 22:17 . 2011-10-28 22:17 480720 ----a-r- c:\windows\SysWow64\SZBase5.dll
2011-10-28 22:17 . 2011-10-28 22:17 28624 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2011-10-28 22:17 . 2011-10-28 22:17 22992 ----a-r- c:\windows\SysWow64\SZIO5.dll
2011-10-28 22:17 . 2011-10-28 22:17 132560 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2011-10-28 22:17 . 2011-10-28 22:17 99792 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2011-10-28 22:17 . 2011-10-28 22:17 738768 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2011-10-28 22:17 . 2011-10-28 22:17 67024 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2011-10-28 22:17 . 2011-10-28 22:17 456144 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2011-10-28 22:17 . 2011-10-28 22:17 390608 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2011-10-28 22:17 . 2011-10-28 22:17 230864 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2011-10-28 22:17 . 2011-10-28 22:17 103888 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2011-10-24 18:29 . 2011-10-24 18:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-11 14:22 . 2011-10-11 14:22 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC255FA4-0DE9-4750-890E-F9CA1507CFB3}\gapaengine.dll
2011-10-07 02:16 . 2010-02-08 02:50 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 10:06 . 2010-06-09 23:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\SZKG64.sys
2011-09-26 16:21 . 2011-09-26 16:21 74768 ----a-r- c:\windows\SysWow64\drivers\is3srv64.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2008-08-08 532808]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ScrewDrivers RDP Plugin"="c:\program files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe" [2009-11-12 44872]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-1-25 984408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-05-13 01:09 581480 ----a-w- c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [2011-09-26 74768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-06-10 23536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 szkg5;szkg5;c:\windows\SySWOW64\DRIVERS\szkg64.sys [2011-09-26 74768]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 18:37]
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 18:37]
.
2011-11-19 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 08:22]
.
2011-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 16335976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: altagas.ca\remote
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-28 19:47:09
ComboFix-quarantined-files.txt 2011-11-29 00:47
.
Pre-Run: 303,931,510,784 bytes free
Post-Run: 303,254,728,704 bytes free
.
- - End Of File - - CB002CED9F0C83B02F605BCB2434CCC4

Edited by rampy, 28 November 2011 - 08:54 PM.


#4 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 28 November 2011 - 08:51 PM

From StopZilla

Block/Extraction NT Service enforcer 2011-11-28 20:41:38 Removed service: catchme - catchme
Block/Extraction Registry enforcer 2011-11-28 20:41:37 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\catchme
Information Registry enforcer 2011-11-28 20:40:38 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2011-11-28 20:40:29 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2011-11-28 20:40:01 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2011-11-28 20:39:59 Inspecting WinSock registry (LSP Chain)
Block/Extraction Hosts file 2011-11-28 20:39:57 Deleted 'hosts' file entries: 0 Entries
Information Registry enforcer 2011-11-28 20:39:57 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2011-11-28 20:39:37 Inspecting WinSock registry (LSP Chain)
Information Registry enforcer 2011-11-28 20:39:37 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Block/Extraction Registry enforcer 2011-11-28 20:39:28 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
Warning/Detection COM enforcer 2011-11-28 20:39:28 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system
Block/Extraction Registry enforcer 2011-11-28 20:39:14 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon
Information Registry enforcer 2011-11-28 20:39:14 Inspecting WinLogon notification handlers and modules loaded by WinLogon
Information Registry enforcer 2011-11-28 20:38:59 Inspecting WinSock registry (LSP Chain)
Block/Extraction NT Service enforcer 2011-11-28 20:38:34 Removed driver: c:\combofix\catchme.sys
Information Internet ExplorerSiteguard 2011-11-28 20:38:14 Inspecting registered Internet Explorer toolbars
Information Registry enforcer 2011-11-28 20:38:14 Inspecting registered Explorer bars
Information Registry enforcer 2011-11-28 20:38:14 Inspecting registered Browser Helper Objects (BHOs)
Information Process enforcer 2011-11-28 20:38:14 Starting process watcher

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 28 November 2011 - 09:12 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 30 November 2011 - 06:40 PM

It didn't seem to find anything.


18:38:02.0030 2868 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:38:02.0312 2868 ============================================================
18:38:02.0312 2868 Current date / time: 2011/11/30 18:38:02.0312
18:38:02.0312 2868 SystemInfo:
18:38:02.0312 2868
18:38:02.0312 2868 OS Version: 6.1.7601 ServicePack: 1.0
18:38:02.0312 2868 Product type: Workstation
18:38:02.0312 2868 ComputerName: OWNER-PC
18:38:02.0313 2868 UserName: Owner
18:38:02.0313 2868 Windows directory: C:\Windows
18:38:02.0313 2868 System windows directory: C:\Windows
18:38:02.0313 2868 Running under WOW64
18:38:02.0313 2868 Processor architecture: Intel x64
18:38:02.0313 2868 Number of processors: 4
18:38:02.0313 2868 Page size: 0x1000
18:38:02.0313 2868 Boot type: Normal boot
18:38:02.0313 2868 ============================================================
18:38:03.0588 2868 Initialize success
18:38:08.0437 4616 ============================================================
18:38:08.0438 4616 Scan started
18:38:08.0438 4616 Mode: Manual;
18:38:08.0438 4616 ============================================================
18:38:09.0024 4616 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:38:09.0029 4616 1394ohci - ok
18:38:09.0083 4616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:38:09.0089 4616 ACPI - ok
18:38:09.0124 4616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:38:09.0126 4616 AcpiPmi - ok
18:38:09.0175 4616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:09.0193 4616 adp94xx - ok
18:38:09.0230 4616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:38:09.0235 4616 adpahci - ok
18:38:09.0257 4616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:38:09.0260 4616 adpu320 - ok
18:38:09.0345 4616 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:38:09.0363 4616 AFD - ok
18:38:09.0426 4616 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
18:38:09.0463 4616 AgereSoftModem - ok
18:38:09.0502 4616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:38:09.0505 4616 agp440 - ok
18:38:09.0548 4616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:38:09.0551 4616 aliide - ok
18:38:09.0585 4616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:38:09.0587 4616 amdide - ok
18:38:09.0607 4616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:38:09.0609 4616 AmdK8 - ok
18:38:09.0638 4616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:38:09.0639 4616 AmdPPM - ok
18:38:09.0683 4616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:38:09.0686 4616 amdsata - ok
18:38:09.0716 4616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:09.0721 4616 amdsbs - ok
18:38:09.0744 4616 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:38:09.0745 4616 amdxata - ok
18:38:09.0798 4616 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:38:09.0801 4616 AppID - ok
18:38:09.0864 4616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:38:09.0866 4616 arc - ok
18:38:09.0884 4616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:38:09.0887 4616 arcsas - ok
18:38:09.0915 4616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:38:09.0917 4616 AsyncMac - ok
18:38:09.0940 4616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:38:09.0941 4616 atapi - ok
18:38:09.0992 4616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:38:09.0997 4616 b06bdrv - ok
18:38:10.0019 4616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:38:10.0023 4616 b57nd60a - ok
18:38:10.0044 4616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:38:10.0045 4616 Beep - ok
18:38:10.0097 4616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:38:10.0098 4616 blbdrive - ok
18:38:10.0147 4616 BlueletAudio (daa72c9154459e613eed88502624c340) C:\Windows\system32\DRIVERS\blueletaudio.sys
18:38:10.0149 4616 BlueletAudio - ok
18:38:10.0172 4616 BlueletSCOAudio (8af05bcb15d846e1e8b34af0635879c9) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
18:38:10.0174 4616 BlueletSCOAudio - ok
18:38:10.0241 4616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:38:10.0243 4616 bowser - ok
18:38:10.0291 4616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:38:10.0292 4616 BrFiltLo - ok
18:38:10.0323 4616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:38:10.0324 4616 BrFiltUp - ok
18:38:10.0348 4616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:38:10.0354 4616 Brserid - ok
18:38:10.0368 4616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:38:10.0369 4616 BrSerWdm - ok
18:38:10.0385 4616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:38:10.0387 4616 BrUsbMdm - ok
18:38:10.0404 4616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:38:10.0405 4616 BrUsbSer - ok
18:38:10.0437 4616 BT (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
18:38:10.0439 4616 BT - ok
18:38:10.0463 4616 Btcsrusb (7c5893ea5aa483e051b8311bdb36e19a) C:\Windows\system32\Drivers\btcusb.sys
18:38:10.0464 4616 Btcsrusb - ok
18:38:10.0504 4616 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:38:10.0506 4616 BthEnum - ok
18:38:10.0536 4616 BTHidEnum (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
18:38:10.0537 4616 BTHidEnum - ok
18:38:10.0573 4616 BTHidMgr (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
18:38:10.0575 4616 BTHidMgr - ok
18:38:10.0612 4616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:38:10.0614 4616 BTHMODEM - ok
18:38:10.0664 4616 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:38:10.0666 4616 BthPan - ok
18:38:10.0711 4616 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
18:38:10.0726 4616 BTHPORT - ok
18:38:10.0760 4616 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
18:38:10.0762 4616 BTHUSB - ok
18:38:10.0793 4616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:38:10.0795 4616 cdfs - ok
18:38:10.0842 4616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:38:10.0844 4616 cdrom - ok
18:38:10.0879 4616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:38:10.0881 4616 circlass - ok
18:38:10.0917 4616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:38:10.0922 4616 CLFS - ok
18:38:10.0966 4616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:38:10.0968 4616 CmBatt - ok
18:38:10.0993 4616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:38:10.0994 4616 cmdide - ok
18:38:11.0041 4616 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:38:11.0046 4616 CNG - ok
18:38:11.0065 4616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:38:11.0067 4616 Compbatt - ok
18:38:11.0095 4616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:38:11.0097 4616 CompositeBus - ok
18:38:11.0120 4616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:38:11.0121 4616 crcdisk - ok
18:38:11.0194 4616 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:38:11.0195 4616 ctxusbm - ok
18:38:11.0265 4616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:38:11.0267 4616 DfsC - ok
18:38:11.0298 4616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:38:11.0298 4616 discache - ok
18:38:11.0324 4616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:38:11.0325 4616 Disk - ok
18:38:11.0378 4616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:38:11.0380 4616 drmkaud - ok
18:38:11.0450 4616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:38:11.0477 4616 DXGKrnl - ok
18:38:11.0598 4616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:38:11.0688 4616 ebdrv - ok
18:38:11.0748 4616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:38:11.0765 4616 elxstor - ok
18:38:11.0796 4616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:38:11.0797 4616 ErrDev - ok
18:38:11.0845 4616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:38:11.0849 4616 exfat - ok
18:38:11.0879 4616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:38:11.0882 4616 fastfat - ok
18:38:11.0916 4616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:38:11.0918 4616 fdc - ok
18:38:11.0948 4616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:38:11.0949 4616 FileInfo - ok
18:38:11.0969 4616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:38:11.0970 4616 Filetrace - ok
18:38:11.0991 4616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:38:11.0992 4616 flpydisk - ok
18:38:12.0041 4616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:38:12.0047 4616 FltMgr - ok
18:38:12.0094 4616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:38:12.0097 4616 FsDepends - ok
18:38:12.0118 4616 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:38:12.0120 4616 Fs_Rec - ok
18:38:12.0170 4616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:38:12.0173 4616 fvevol - ok
18:38:12.0194 4616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:38:12.0196 4616 gagp30kx - ok
18:38:12.0293 4616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:38:12.0295 4616 GEARAspiWDM - ok
18:38:12.0370 4616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:38:12.0390 4616 hcw85cir - ok
18:38:12.0507 4616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:38:12.0510 4616 HDAudBus - ok
18:38:12.0537 4616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:38:12.0539 4616 HidBatt - ok
18:38:12.0560 4616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:38:12.0563 4616 HidBth - ok
18:38:12.0583 4616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:38:12.0586 4616 HidIr - ok
18:38:12.0637 4616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:38:12.0639 4616 HidUsb - ok
18:38:12.0704 4616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:38:12.0706 4616 HpSAMD - ok
18:38:12.0770 4616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:38:12.0798 4616 HTTP - ok
18:38:12.0846 4616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:38:12.0847 4616 hwpolicy - ok
18:38:12.0886 4616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:38:12.0888 4616 i8042prt - ok
18:38:12.0926 4616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:38:12.0931 4616 iaStorV - ok
18:38:12.0981 4616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:38:12.0982 4616 iirsp - ok
18:38:13.0081 4616 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
18:38:13.0117 4616 IntcAzAudAddService - ok
18:38:13.0149 4616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:38:13.0151 4616 intelide - ok
18:38:13.0185 4616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:38:13.0187 4616 intelppm - ok
18:38:13.0232 4616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:38:13.0234 4616 IpFilterDriver - ok
18:38:13.0274 4616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:38:13.0276 4616 IPMIDRV - ok
18:38:13.0310 4616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:38:13.0312 4616 IPNAT - ok
18:38:13.0343 4616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:38:13.0344 4616 IRENUM - ok
18:38:13.0357 4616 is3srv - ok
18:38:13.0390 4616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:38:13.0392 4616 isapnp - ok
18:38:13.0425 4616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:38:13.0430 4616 iScsiPrt - ok
18:38:13.0458 4616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:38:13.0460 4616 kbdclass - ok
18:38:13.0481 4616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:38:13.0482 4616 kbdhid - ok
18:38:13.0505 4616 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:38:13.0507 4616 KSecDD - ok
18:38:13.0553 4616 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:38:13.0555 4616 KSecPkg - ok
18:38:13.0568 4616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:38:13.0569 4616 ksthunk - ok
18:38:13.0633 4616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:38:13.0635 4616 lltdio - ok
18:38:13.0690 4616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:38:13.0692 4616 LSI_FC - ok
18:38:13.0721 4616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:38:13.0723 4616 LSI_SAS - ok
18:38:13.0738 4616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:38:13.0740 4616 LSI_SAS2 - ok
18:38:13.0755 4616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:38:13.0758 4616 LSI_SCSI - ok
18:38:13.0785 4616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:38:13.0787 4616 luafv - ok
18:38:13.0821 4616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:38:13.0822 4616 megasas - ok
18:38:13.0844 4616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:38:13.0848 4616 MegaSR - ok
18:38:13.0868 4616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:38:13.0869 4616 Modem - ok
18:38:13.0893 4616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:38:13.0894 4616 monitor - ok
18:38:13.0922 4616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:38:13.0924 4616 mouclass - ok
18:38:13.0948 4616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:38:13.0949 4616 mouhid - ok
18:38:14.0001 4616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:38:14.0003 4616 mountmgr - ok
18:38:14.0058 4616 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:38:14.0063 4616 MpFilter - ok
18:38:14.0102 4616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:38:14.0106 4616 mpio - ok
18:38:14.0140 4616 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:38:14.0142 4616 MpNWMon - ok
18:38:14.0172 4616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:38:14.0174 4616 mpsdrv - ok
18:38:14.0223 4616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:38:14.0227 4616 MRxDAV - ok
18:38:14.0272 4616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:38:14.0277 4616 mrxsmb - ok
18:38:14.0328 4616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:38:14.0334 4616 mrxsmb10 - ok
18:38:14.0358 4616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:38:14.0361 4616 mrxsmb20 - ok
18:38:14.0396 4616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:38:14.0398 4616 msahci - ok
18:38:14.0435 4616 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:38:14.0439 4616 msdsm - ok
18:38:14.0480 4616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:38:14.0481 4616 Msfs - ok
18:38:14.0503 4616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:38:14.0505 4616 mshidkmdf - ok
18:38:14.0539 4616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:38:14.0540 4616 msisadrv - ok
18:38:14.0582 4616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:38:14.0583 4616 MSKSSRV - ok
18:38:14.0611 4616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:38:14.0612 4616 MSPCLOCK - ok
18:38:14.0623 4616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:38:14.0624 4616 MSPQM - ok
18:38:14.0676 4616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:38:14.0680 4616 MsRPC - ok
18:38:14.0700 4616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:38:14.0701 4616 mssmbios - ok
18:38:14.0724 4616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:38:14.0725 4616 MSTEE - ok
18:38:14.0757 4616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:38:14.0758 4616 MTConfig - ok
18:38:14.0786 4616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:38:14.0787 4616 Mup - ok
18:38:14.0821 4616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:38:14.0825 4616 NativeWifiP - ok
18:38:14.0899 4616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:38:14.0913 4616 NDIS - ok
18:38:14.0950 4616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:38:14.0952 4616 NdisCap - ok
18:38:14.0978 4616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:38:14.0979 4616 NdisTapi - ok
18:38:15.0029 4616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:38:15.0031 4616 Ndisuio - ok
18:38:15.0080 4616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:38:15.0084 4616 NdisWan - ok
18:38:15.0132 4616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:38:15.0135 4616 NDProxy - ok
18:38:15.0155 4616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:38:15.0158 4616 NetBIOS - ok
18:38:15.0214 4616 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:38:15.0220 4616 NetBT - ok
18:38:15.0293 4616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:38:15.0295 4616 nfrd960 - ok
18:38:15.0359 4616 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:38:15.0363 4616 NisDrv - ok
18:38:15.0398 4616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:38:15.0401 4616 Npfs - ok
18:38:15.0418 4616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:38:15.0419 4616 nsiproxy - ok
18:38:15.0503 4616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:38:15.0549 4616 Ntfs - ok
18:38:15.0570 4616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:38:15.0572 4616 Null - ok
18:38:15.0831 4616 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:38:16.0046 4616 nvlddmkm - ok
18:38:16.0100 4616 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:38:16.0116 4616 NVNET - ok
18:38:16.0184 4616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:38:16.0188 4616 nvraid - ok
18:38:16.0251 4616 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
18:38:16.0253 4616 nvrd64 - ok
18:38:16.0273 4616 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
18:38:16.0274 4616 nvsmu - ok
18:38:16.0288 4616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:38:16.0290 4616 nvstor - ok
18:38:16.0304 4616 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:38:16.0306 4616 nvstor64 - ok
18:38:16.0342 4616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:38:16.0344 4616 nv_agp - ok
18:38:16.0372 4616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:38:16.0373 4616 ohci1394 - ok
18:38:16.0419 4616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:38:16.0421 4616 Parport - ok
18:38:16.0458 4616 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:38:16.0459 4616 partmgr - ok
18:38:16.0660 4616 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
18:38:16.0672 4616 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
18:38:16.0729 4616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:38:16.0734 4616 pci - ok
18:38:16.0793 4616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:38:16.0796 4616 pciide - ok
18:38:17.0049 4616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:38:17.0054 4616 pcmcia - ok
18:38:17.0099 4616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:38:17.0101 4616 pcw - ok
18:38:17.0151 4616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:38:17.0179 4616 PEAUTH - ok
18:38:17.0300 4616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:38:17.0303 4616 PptpMiniport - ok
18:38:17.0356 4616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:38:17.0359 4616 Processor - ok
18:38:17.0458 4616 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:38:17.0462 4616 Psched - ok
18:38:17.0733 4616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:38:17.0785 4616 ql2300 - ok
18:38:17.0846 4616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:38:17.0849 4616 ql40xx - ok
18:38:17.0900 4616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:38:17.0903 4616 QWAVEdrv - ok
18:38:17.0968 4616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:38:17.0970 4616 RasAcd - ok
18:38:18.0071 4616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:38:18.0073 4616 RasAgileVpn - ok
18:38:18.0235 4616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:38:18.0238 4616 Rasl2tp - ok
18:38:18.0333 4616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:38:18.0336 4616 RasPppoe - ok
18:38:18.0421 4616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:38:18.0424 4616 RasSstp - ok
18:38:18.0547 4616 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:38:18.0554 4616 rdbss - ok
18:38:18.0681 4616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:38:18.0684 4616 rdpbus - ok
18:38:18.0763 4616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:38:18.0764 4616 RDPCDD - ok
18:38:18.0972 4616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:38:18.0973 4616 RDPENCDD - ok
18:38:19.0053 4616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:38:19.0054 4616 RDPREFMP - ok
18:38:19.0162 4616 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:38:19.0169 4616 RDPWD - ok
18:38:19.0331 4616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:38:19.0336 4616 rdyboost - ok
18:38:19.0515 4616 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:38:19.0520 4616 RFCOMM - ok
18:38:19.0633 4616 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:38:19.0635 4616 RimUsb - ok
18:38:19.0746 4616 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:38:19.0748 4616 ROOTMODEM - ok
18:38:19.0907 4616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:38:19.0910 4616 rspndr - ok
18:38:20.0012 4616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:38:20.0016 4616 sbp2port - ok
18:38:20.0136 4616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:38:20.0138 4616 scfilter - ok
18:38:20.0270 4616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:38:20.0271 4616 secdrv - ok
18:38:20.0409 4616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:38:20.0411 4616 Serenum - ok
18:38:20.0506 4616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:38:20.0510 4616 Serial - ok
18:38:20.0699 4616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:38:20.0701 4616 sermouse - ok
18:38:20.0819 4616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:38:20.0820 4616 sffdisk - ok
18:38:20.0900 4616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:38:20.0902 4616 sffp_mmc - ok
18:38:21.0043 4616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:38:21.0045 4616 sffp_sd - ok
18:38:21.0132 4616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:38:21.0134 4616 sfloppy - ok
18:38:21.0264 4616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:38:21.0267 4616 SiSRaid2 - ok
18:38:21.0376 4616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:38:21.0380 4616 SiSRaid4 - ok
18:38:21.0554 4616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:38:21.0557 4616 Smb - ok
18:38:21.0713 4616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:38:21.0714 4616 spldr - ok
18:38:21.0841 4616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:38:21.0852 4616 srv - ok
18:38:22.0017 4616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:38:22.0051 4616 srv2 - ok
18:38:22.0183 4616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:38:22.0187 4616 srvnet - ok
18:38:22.0366 4616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:38:22.0368 4616 stexstor - ok
18:38:22.0526 4616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:38:22.0528 4616 swenum - ok
18:38:22.0552 4616 szkg5 - ok
18:38:22.0764 4616 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:38:22.0787 4616 Tcpip - ok
18:38:23.0272 4616 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:38:23.0295 4616 TCPIP6 - ok
18:38:23.0369 4616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:38:23.0371 4616 tcpipreg - ok
18:38:23.0451 4616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:38:23.0453 4616 TDPIPE - ok
18:38:23.0489 4616 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:38:23.0490 4616 TDTCP - ok
18:38:23.0560 4616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:38:23.0564 4616 tdx - ok
18:38:23.0624 4616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:38:23.0627 4616 TermDD - ok
18:38:23.0856 4616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:38:23.0858 4616 tssecsrv - ok
18:38:23.0922 4616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:38:23.0925 4616 TsUsbFlt - ok
18:38:24.0008 4616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:38:24.0012 4616 tunnel - ok
18:38:24.0059 4616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:38:24.0062 4616 uagp35 - ok
18:38:24.0144 4616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:38:24.0170 4616 udfs - ok
18:38:24.0269 4616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:38:24.0271 4616 uliagpkx - ok
18:38:24.0395 4616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:38:24.0413 4616 umbus - ok
18:38:24.0558 4616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:38:24.0561 4616 UmPass - ok
18:38:24.0752 4616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:38:24.0755 4616 USBAAPL64 - ok
18:38:24.0957 4616 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:38:24.0961 4616 usbaudio - ok
18:38:25.0116 4616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:38:25.0119 4616 usbccgp - ok
18:38:25.0264 4616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:38:25.0306 4616 usbcir - ok
18:38:25.0410 4616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:38:25.0412 4616 usbehci - ok
18:38:25.0586 4616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:38:25.0593 4616 usbhub - ok
18:38:25.0751 4616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:38:25.0753 4616 usbohci - ok
18:38:25.0913 4616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:38:25.0915 4616 usbprint - ok
18:38:26.0110 4616 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:38:26.0136 4616 usbscan - ok
18:38:26.0378 4616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:38:26.0381 4616 USBSTOR - ok
18:38:26.0568 4616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:38:26.0570 4616 usbuhci - ok
18:38:26.0762 4616 VComm (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
18:38:26.0804 4616 VComm - ok
18:38:27.0047 4616 VcommMgr (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
18:38:27.0050 4616 VcommMgr - ok
18:38:27.0166 4616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:38:27.0168 4616 vdrvroot - ok
18:38:27.0627 4616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:38:27.0628 4616 vga - ok
18:38:27.0655 4616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:38:27.0657 4616 VgaSave - ok
18:38:27.0733 4616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:38:27.0737 4616 vhdmp - ok
18:38:27.0804 4616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:38:27.0806 4616 viaide - ok
18:38:27.0871 4616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:38:27.0874 4616 volmgr - ok
18:38:27.0956 4616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:38:27.0964 4616 volmgrx - ok
18:38:28.0027 4616 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:38:28.0032 4616 volsnap - ok
18:38:28.0269 4616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:38:28.0322 4616 vsmraid - ok
18:38:28.0363 4616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:38:28.0367 4616 vwifibus - ok
18:38:28.0439 4616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:38:28.0441 4616 WacomPen - ok
18:38:28.0536 4616 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:28.0537 4616 WANARP - ok
18:38:28.0571 4616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:38:28.0572 4616 Wanarpv6 - ok
18:38:28.0643 4616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:38:28.0644 4616 Wd - ok
18:38:28.0703 4616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:38:28.0725 4616 Wdf01000 - ok
18:38:28.0827 4616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:38:28.0829 4616 WfpLwf - ok
18:38:28.0864 4616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:38:28.0865 4616 WIMMount - ok
18:38:28.0967 4616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:38:28.0968 4616 WmiAcpi - ok
18:38:29.0015 4616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:38:29.0017 4616 ws2ifsl - ok
18:38:29.0106 4616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:38:29.0108 4616 WudfPf - ok
18:38:29.0290 4616 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:38:29.0293 4616 WUDFRd - ok
18:38:29.0348 4616 MBR (0x1B8) (cc4433051291e08ed14b9e83b3b430c2) \Device\Harddisk0\DR0
18:38:30.0846 4616 \Device\Harddisk0\DR0 - ok
18:38:30.0862 4616 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
18:38:30.0906 4616 \Device\Harddisk5\DR5 - ok
18:38:30.0924 4616 Boot (0x1200) (728541c7e8b6969a287660d9632a839b) \Device\Harddisk0\DR0\Partition0
18:38:30.0925 4616 \Device\Harddisk0\DR0\Partition0 - ok
18:38:30.0937 4616 Boot (0x1200) (a7730ebdfeaedea0af043cec4f281d1d) \Device\Harddisk0\DR0\Partition1
18:38:30.0937 4616 \Device\Harddisk0\DR0\Partition1 - ok
18:38:30.0971 4616 Boot (0x1200) (66ed3df855ecb2e3552a3bc04331c70c) \Device\Harddisk0\DR0\Partition2
18:38:30.0972 4616 \Device\Harddisk0\DR0\Partition2 - ok
18:38:30.0977 4616 Boot (0x1200) (b5528dc82f54dd3b84b939545c788617) \Device\Harddisk5\DR5\Partition0
18:38:30.0978 4616 \Device\Harddisk5\DR5\Partition0 - ok
18:38:30.0978 4616 ============================================================
18:38:30.0979 4616 Scan finished
18:38:30.0979 4616 ============================================================
18:38:30.0992 2480 Detected object count: 0
18:38:30.0992 2480 Actual detected object count: 0
18:38:57.0826 5240 ============================================================
18:38:57.0827 5240 Scan started
18:38:57.0827 5240 Mode: Manual; SigCheck; TDLFS;
18:38:57.0827 5240 ============================================================
18:38:58.0456 5240 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:38:58.0617 5240 1394ohci - ok
18:38:58.0666 5240 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:38:58.0712 5240 ACPI - ok
18:38:58.0756 5240 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:38:58.0864 5240 AcpiPmi - ok
18:38:58.0907 5240 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:38:58.0964 5240 adp94xx - ok
18:38:59.0003 5240 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:38:59.0030 5240 adpahci - ok
18:38:59.0047 5240 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:38:59.0071 5240 adpu320 - ok
18:38:59.0133 5240 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:38:59.0233 5240 AFD - ok
18:38:59.0284 5240 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
18:38:59.0380 5240 AgereSoftModem - ok
18:38:59.0409 5240 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:38:59.0436 5240 agp440 - ok
18:38:59.0471 5240 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:38:59.0496 5240 aliide - ok
18:38:59.0525 5240 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:38:59.0552 5240 amdide - ok
18:38:59.0573 5240 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:38:59.0596 5240 AmdK8 - ok
18:38:59.0620 5240 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:38:59.0678 5240 AmdPPM - ok
18:38:59.0731 5240 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:38:59.0772 5240 amdsata - ok
18:38:59.0797 5240 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:38:59.0823 5240 amdsbs - ok
18:38:59.0843 5240 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:38:59.0863 5240 amdxata - ok
18:38:59.0905 5240 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:39:00.0052 5240 AppID - ok
18:39:00.0079 5240 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:39:00.0097 5240 arc - ok
18:39:00.0140 5240 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:39:00.0158 5240 arcsas - ok
18:39:00.0181 5240 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:00.0352 5240 AsyncMac - ok
18:39:00.0389 5240 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:39:00.0405 5240 atapi - ok
18:39:00.0449 5240 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:39:00.0545 5240 b06bdrv - ok
18:39:00.0571 5240 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:00.0619 5240 b57nd60a - ok
18:39:00.0660 5240 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:39:00.0745 5240 Beep - ok
18:39:00.0787 5240 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:00.0824 5240 blbdrive - ok
18:39:00.0862 5240 BlueletAudio (daa72c9154459e613eed88502624c340) C:\Windows\system32\DRIVERS\blueletaudio.sys
18:39:00.0895 5240 BlueletAudio - ok
18:39:00.0912 5240 BlueletSCOAudio (8af05bcb15d846e1e8b34af0635879c9) C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
18:39:00.0928 5240 BlueletSCOAudio - ok
18:39:00.0972 5240 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:39:01.0044 5240 bowser - ok
18:39:01.0064 5240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:39:01.0104 5240 BrFiltLo - ok
18:39:01.0138 5240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:39:01.0173 5240 BrFiltUp - ok
18:39:01.0205 5240 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:39:01.0263 5240 Brserid - ok
18:39:01.0283 5240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:01.0324 5240 BrSerWdm - ok
18:39:01.0359 5240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:01.0395 5240 BrUsbMdm - ok
18:39:01.0419 5240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:01.0454 5240 BrUsbSer - ok
18:39:01.0486 5240 BT (0f890e854fcbe98f4574acc6423fccef) C:\Windows\system32\DRIVERS\btnetdrv.sys
18:39:01.0502 5240 BT - ok
18:39:01.0512 5240 Btcsrusb (7c5893ea5aa483e051b8311bdb36e19a) C:\Windows\system32\Drivers\btcusb.sys
18:39:01.0546 5240 Btcsrusb - ok
18:39:01.0594 5240 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:39:01.0656 5240 BthEnum - ok
18:39:01.0676 5240 BTHidEnum (e49a371185d5e79c103765da93856ee1) C:\Windows\system32\Drivers\vbtenum.sys
18:39:01.0708 5240 BTHidEnum - ok
18:39:01.0730 5240 BTHidMgr (8fa060b557c7de309d2d5c16c3da2ef6) C:\Windows\system32\Drivers\BTHidMgr.sys
18:39:01.0748 5240 BTHidMgr - ok
18:39:01.0769 5240 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:39:01.0812 5240 BTHMODEM - ok
18:39:01.0854 5240 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:39:01.0922 5240 BthPan - ok
18:39:01.0969 5240 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
18:39:02.0033 5240 BTHPORT - ok
18:39:02.0075 5240 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
18:39:02.0119 5240 BTHUSB - ok
18:39:02.0159 5240 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:02.0246 5240 cdfs - ok
18:39:02.0292 5240 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:39:02.0359 5240 cdrom - ok
18:39:02.0395 5240 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:39:02.0449 5240 circlass - ok
18:39:02.0500 5240 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:39:02.0534 5240 CLFS - ok
18:39:02.0565 5240 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:02.0584 5240 CmBatt - ok
18:39:02.0608 5240 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:39:02.0624 5240 cmdide - ok
18:39:02.0673 5240 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:39:02.0721 5240 CNG - ok
18:39:02.0739 5240 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:39:02.0756 5240 Compbatt - ok
18:39:02.0786 5240 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:39:02.0858 5240 CompositeBus - ok
18:39:02.0911 5240 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:39:02.0951 5240 crcdisk - ok
18:39:03.0001 5240 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:39:03.0029 5240 ctxusbm - ok
18:39:03.0098 5240 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:39:03.0160 5240 DfsC - ok
18:39:03.0196 5240 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:39:03.0252 5240 discache - ok
18:39:03.0289 5240 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:39:03.0306 5240 Disk - ok
18:39:03.0344 5240 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:39:03.0404 5240 drmkaud - ok
18:39:03.0474 5240 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:03.0520 5240 DXGKrnl - ok
18:39:03.0630 5240 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:39:03.0710 5240 ebdrv - ok
18:39:03.0767 5240 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:39:03.0807 5240 elxstor - ok
18:39:03.0836 5240 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:39:03.0874 5240 ErrDev - ok
18:39:03.0919 5240 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:39:03.0990 5240 exfat - ok
18:39:04.0027 5240 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:39:04.0097 5240 fastfat - ok
18:39:04.0123 5240 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:39:04.0179 5240 fdc - ok
18:39:04.0230 5240 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:39:04.0253 5240 FileInfo - ok
18:39:04.0268 5240 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:39:04.0386 5240 Filetrace - ok
18:39:04.0415 5240 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:04.0437 5240 flpydisk - ok
18:39:04.0490 5240 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:39:04.0544 5240 FltMgr - ok
18:39:04.0567 5240 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:39:04.0589 5240 FsDepends - ok
18:39:04.0608 5240 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:04.0629 5240 Fs_Rec - ok
18:39:04.0668 5240 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:39:04.0697 5240 fvevol - ok
18:39:04.0717 5240 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:04.0739 5240 gagp30kx - ok
18:39:04.0784 5240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:04.0819 5240 GEARAspiWDM - ok
18:39:04.0852 5240 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:39:04.0935 5240 hcw85cir - ok
18:39:04.0963 5240 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:39:05.0018 5240 HDAudBus - ok
18:39:05.0052 5240 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:05.0071 5240 HidBatt - ok
18:39:05.0091 5240 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:39:05.0113 5240 HidBth - ok
18:39:05.0131 5240 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:39:05.0189 5240 HidIr - ok
18:39:05.0236 5240 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:39:05.0293 5240 HidUsb - ok
18:39:05.0353 5240 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:39:05.0396 5240 HpSAMD - ok
18:39:05.0453 5240 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:39:05.0539 5240 HTTP - ok
18:39:05.0578 5240 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:39:05.0593 5240 hwpolicy - ok
18:39:05.0626 5240 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:39:05.0645 5240 i8042prt - ok
18:39:05.0674 5240 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:39:05.0696 5240 iaStorV - ok
18:39:05.0721 5240 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:39:05.0736 5240 iirsp - ok
18:39:05.0826 5240 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
18:39:05.0895 5240 IntcAzAudAddService - ok
18:39:05.0923 5240 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:39:05.0938 5240 intelide - ok
18:39:05.0950 5240 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:05.0984 5240 intelppm - ok
18:39:06.0022 5240 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:06.0107 5240 IpFilterDriver - ok
18:39:06.0173 5240 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:39:06.0221 5240 IPMIDRV - ok
18:39:06.0250 5240 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:39:06.0325 5240 IPNAT - ok
18:39:06.0350 5240 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:39:06.0458 5240 IRENUM - ok
18:39:06.0462 5240 is3srv - ok
18:39:06.0497 5240 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:39:06.0524 5240 isapnp - ok
18:39:06.0557 5240 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:39:06.0593 5240 iScsiPrt - ok
18:39:06.0615 5240 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:39:06.0643 5240 kbdclass - ok
18:39:06.0663 5240 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:39:06.0715 5240 kbdhid - ok
18:39:06.0754 5240 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:39:06.0795 5240 KSecDD - ok
18:39:06.0843 5240 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:06.0875 5240 KSecPkg - ok
18:39:06.0891 5240 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:39:06.0945 5240 ksthunk - ok
18:39:06.0990 5240 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:07.0101 5240 lltdio - ok
18:39:07.0156 5240 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:07.0192 5240 LSI_FC - ok
18:39:07.0220 5240 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:07.0248 5240 LSI_SAS - ok
18:39:07.0262 5240 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:07.0289 5240 LSI_SAS2 - ok
18:39:07.0304 5240 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:07.0321 5240 LSI_SCSI - ok
18:39:07.0342 5240 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:39:07.0400 5240 luafv - ok
18:39:07.0444 5240 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:39:07.0481 5240 megasas - ok
18:39:07.0501 5240 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:07.0536 5240 MegaSR - ok
18:39:07.0558 5240 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:39:07.0655 5240 Modem - ok
18:39:07.0692 5240 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:39:07.0757 5240 monitor - ok
18:39:07.0813 5240 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:39:07.0858 5240 mouclass - ok
18:39:07.0897 5240 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:07.0935 5240 mouhid - ok
18:39:07.0982 5240 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:39:08.0021 5240 mountmgr - ok
18:39:08.0064 5240 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
18:39:08.0091 5240 MpFilter - ok
18:39:08.0124 5240 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:39:08.0148 5240 mpio - ok
18:39:08.0164 5240 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:39:08.0186 5240 MpNWMon - ok
18:39:08.0203 5240 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:39:08.0295 5240 mpsdrv - ok
18:39:08.0338 5240 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:39:08.0383 5240 MRxDAV - ok
18:39:08.0420 5240 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:08.0496 5240 mrxsmb - ok
18:39:08.0627 5240 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:08.0713 5240 mrxsmb10 - ok
18:39:08.0764 5240 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:08.0811 5240 mrxsmb20 - ok
18:39:08.0861 5240 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:39:08.0886 5240 msahci - ok
18:39:08.0915 5240 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:39:08.0933 5240 msdsm - ok
18:39:08.0951 5240 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:39:08.0989 5240 Msfs - ok
18:39:09.0002 5240 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:09.0056 5240 mshidkmdf - ok
18:39:09.0096 5240 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:39:09.0112 5240 msisadrv - ok
18:39:09.0131 5240 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:09.0188 5240 MSKSSRV - ok
18:39:09.0198 5240 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:09.0240 5240 MSPCLOCK - ok
18:39:09.0248 5240 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:39:09.0290 5240 MSPQM - ok
18:39:09.0352 5240 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:39:09.0403 5240 MsRPC - ok
18:39:09.0424 5240 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:39:09.0446 5240 mssmbios - ok
18:39:09.0464 5240 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:39:09.0519 5240 MSTEE - ok
18:39:09.0565 5240 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:09.0612 5240 MTConfig - ok
18:39:09.0635 5240 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:39:09.0676 5240 Mup - ok
18:39:09.0704 5240 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:09.0762 5240 NativeWifiP - ok
18:39:09.0815 5240 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:39:09.0851 5240 NDIS - ok
18:39:09.0865 5240 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:09.0922 5240 NdisCap - ok
18:39:09.0929 5240 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:09.0973 5240 NdisTapi - ok
18:39:10.0011 5240 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:10.0107 5240 Ndisuio - ok
18:39:10.0144 5240 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:10.0243 5240 NdisWan - ok
18:39:10.0281 5240 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:39:10.0400 5240 NDProxy - ok
18:39:10.0437 5240 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:39:10.0493 5240 NetBIOS - ok
18:39:10.0535 5240 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:39:10.0633 5240 NetBT - ok
18:39:10.0683 5240 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:10.0724 5240 nfrd960 - ok
18:39:10.0775 5240 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:39:10.0812 5240 NisDrv - ok
18:39:10.0830 5240 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:39:10.0902 5240 Npfs - ok
18:39:10.0942 5240 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:39:10.0981 5240 nsiproxy - ok
18:39:11.0053 5240 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:39:11.0122 5240 Ntfs - ok
18:39:11.0136 5240 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:39:11.0205 5240 Null - ok
18:39:11.0447 5240 nvlddmkm (1d135cc25b5ac1b9d2b6004d9de28df3) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:39:11.0621 5240 nvlddmkm - ok
18:39:11.0670 5240 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
18:39:11.0695 5240 NVNET - ok
18:39:11.0723 5240 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:39:11.0742 5240 nvraid - ok
18:39:11.0790 5240 nvrd64 (78b96ec0352c6bb4788ebc200a2cadbf) C:\Windows\system32\DRIVERS\nvrd64.sys
18:39:11.0809 5240 nvrd64 - ok
18:39:11.0822 5240 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
18:39:11.0837 5240 nvsmu - ok
18:39:11.0853 5240 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:39:11.0871 5240 nvstor - ok
18:39:11.0886 5240 nvstor64 (4d9aba962d7ece81866f96d5f69fb2b8) C:\Windows\system32\DRIVERS\nvstor64.sys
18:39:11.0903 5240 nvstor64 - ok
18:39:11.0941 5240 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:39:11.0981 5240 nv_agp - ok
18:39:12.0004 5240 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:39:12.0077 5240 ohci1394 - ok
18:39:12.0134 5240 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:39:12.0168 5240 Parport - ok
18:39:12.0207 5240 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:39:12.0225 5240 partmgr - ok
18:39:12.0300 5240 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
18:39:12.0348 5240 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
18:39:12.0386 5240 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:39:12.0419 5240 pci - ok
18:39:12.0441 5240 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:39:12.0457 5240 pciide - ok
18:39:12.0479 5240 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:39:12.0501 5240 pcmcia - ok
18:39:12.0530 5240 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:39:12.0548 5240 pcw - ok
18:39:12.0570 5240 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:39:12.0635 5240 PEAUTH - ok
18:39:12.0706 5240 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:39:12.0761 5240 PptpMiniport - ok
18:39:12.0796 5240 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:39:12.0833 5240 Processor - ok
18:39:12.0881 5240 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:39:12.0943 5240 Psched - ok
18:39:13.0019 5240 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:39:13.0057 5240 ql2300 - ok
18:39:13.0085 5240 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:39:13.0104 5240 ql40xx - ok
18:39:13.0124 5240 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:39:13.0167 5240 QWAVEdrv - ok
18:39:13.0192 5240 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:39:13.0232 5240 RasAcd - ok
18:39:13.0251 5240 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:13.0329 5240 RasAgileVpn - ok
18:39:13.0373 5240 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:13.0429 5240 Rasl2tp - ok
18:39:13.0456 5240 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:13.0545 5240 RasPppoe - ok
18:39:13.0569 5240 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:39:13.0610 5240 RasSstp - ok
18:39:13.0662 5240 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:39:13.0780 5240 rdbss - ok
18:39:13.0863 5240 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:39:13.0910 5240 rdpbus - ok
18:39:13.0945 5240 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:13.0983 5240 RDPCDD - ok
18:39:13.0996 5240 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:39:14.0055 5240 RDPENCDD - ok
18:39:14.0093 5240 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:39:14.0132 5240 RDPREFMP - ok
18:39:14.0176 5240 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:39:14.0217 5240 RDPWD - ok
18:39:14.0261 5240 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:39:14.0282 5240 rdyboost - ok
18:39:14.0329 5240 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:39:14.0369 5240 RFCOMM - ok
18:39:14.0407 5240 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:39:14.0462 5240 RimUsb - ok
18:39:14.0486 5240 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:39:14.0575 5240 ROOTMODEM - ok
18:39:14.0613 5240 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:39:14.0713 5240 rspndr - ok
18:39:14.0760 5240 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:39:14.0777 5240 sbp2port - ok
18:39:14.0818 5240 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:39:14.0873 5240 scfilter - ok
18:39:14.0918 5240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:39:15.0007 5240 secdrv - ok
18:39:15.0050 5240 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:39:15.0087 5240 Serenum - ok
18:39:15.0130 5240 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:39:15.0180 5240 Serial - ok
18:39:15.0214 5240 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:39:15.0258 5240 sermouse - ok
18:39:15.0309 5240 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:39:15.0382 5240 sffdisk - ok
18:39:15.0423 5240 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:39:15.0492 5240 sffp_mmc - ok
18:39:15.0516 5240 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:39:15.0558 5240 sffp_sd - ok
18:39:15.0605 5240 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:39:15.0673 5240 sfloppy - ok
18:39:15.0721 5240 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:39:15.0758 5240 SiSRaid2 - ok
18:39:15.0783 5240 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:39:15.0821 5240 SiSRaid4 - ok
18:39:15.0852 5240 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:39:15.0903 5240 Smb - ok
18:39:15.0928 5240 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:39:15.0944 5240 spldr - ok
18:39:16.0007 5240 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:39:16.0086 5240 srv - ok
18:39:16.0129 5240 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:39:16.0213 5240 srv2 - ok
18:39:16.0246 5240 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:39:16.0292 5240 srvnet - ok
18:39:16.0331 5240 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:39:16.0351 5240 stexstor - ok
18:39:16.0383 5240 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:39:16.0405 5240 swenum - ok
18:39:16.0418 5240 szkg5 - ok
18:39:16.0504 5240 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:39:16.0557 5240 Tcpip - ok
18:39:16.0605 5240 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:39:16.0650 5240 TCPIP6 - ok
18:39:16.0693 5240 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:39:16.0790 5240 tcpipreg - ok
18:39:16.0833 5240 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:39:16.0872 5240 TDPIPE - ok
18:39:16.0887 5240 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:39:16.0944 5240 TDTCP - ok
18:39:16.0969 5240 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:39:17.0009 5240 tdx - ok
18:39:17.0030 5240 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:39:17.0049 5240 TermDD - ok
18:39:17.0104 5240 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:17.0186 5240 tssecsrv - ok
18:39:17.0220 5240 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:39:17.0250 5240 TsUsbFlt - ok
18:39:17.0290 5240 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:39:17.0381 5240 tunnel - ok
18:39:17.0424 5240 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:39:17.0466 5240 uagp35 - ok
18:39:17.0508 5240 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:39:17.0583 5240 udfs - ok
18:39:17.0625 5240 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:39:17.0642 5240 uliagpkx - ok
18:39:17.0669 5240 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:39:17.0706 5240 umbus - ok
18:39:17.0748 5240 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:39:17.0808 5240 UmPass - ok
18:39:17.0850 5240 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
18:39:17.0929 5240 USBAAPL64 - ok
18:39:17.0964 5240 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:39:18.0047 5240 usbaudio - ok
18:39:18.0078 5240 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:18.0139 5240 usbccgp - ok
18:39:18.0171 5240 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:39:18.0249 5240 usbcir - ok
18:39:18.0275 5240 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:39:18.0312 5240 usbehci - ok
18:39:18.0357 5240 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:39:18.0407 5240 usbhub - ok
18:39:18.0441 5240 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:39:18.0463 5240 usbohci - ok
18:39:18.0495 5240 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:39:18.0522 5240 usbprint - ok
18:39:18.0550 5240 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:39:18.0614 5240 usbscan - ok
18:39:18.0651 5240 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:18.0737 5240 USBSTOR - ok
18:39:18.0767 5240 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:39:18.0832 5240 usbuhci - ok
18:39:18.0902 5240 VComm (b9b0a0b9232a51bbde9f28ca41716d61) C:\Windows\system32\DRIVERS\VComm.sys
18:39:18.0960 5240 VComm - ok
18:39:18.0987 5240 VcommMgr (f1b2d9ac422f8b72bf417c8d77c85a3b) C:\Windows\system32\Drivers\VcommMgr.sys
18:39:19.0031 5240 VcommMgr - ok
18:39:19.0056 5240 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:39:19.0083 5240 vdrvroot - ok
18:39:19.0117 5240 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:19.0150 5240 vga - ok
18:39:19.0171 5240 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:39:19.0247 5240 VgaSave - ok
18:39:19.0281 5240 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:39:19.0302 5240 vhdmp - ok
18:39:19.0327 5240 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:39:19.0343 5240 viaide - ok
18:39:19.0378 5240 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:39:19.0395 5240 volmgr - ok
18:39:19.0444 5240 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:39:19.0502 5240 volmgrx - ok
18:39:19.0543 5240 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:39:19.0579 5240 volsnap - ok
18:39:19.0618 5240 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:39:19.0647 5240 vsmraid - ok
18:39:19.0670 5240 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:39:19.0720 5240 vwifibus - ok
18:39:19.0780 5240 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:39:19.0829 5240 WacomPen - ok
18:39:19.0851 5240 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:19.0912 5240 WANARP - ok
18:39:19.0917 5240 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:39:19.0956 5240 Wanarpv6 - ok
18:39:19.0992 5240 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:39:20.0008 5240 Wd - ok
18:39:20.0035 5240 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:39:20.0064 5240 Wdf01000 - ok
18:39:20.0093 5240 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:20.0134 5240 WfpLwf - ok
18:39:20.0154 5240 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:39:20.0171 5240 WIMMount - ok
18:39:20.0224 5240 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:39:20.0242 5240 WmiAcpi - ok
18:39:20.0272 5240 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:39:20.0311 5240 ws2ifsl - ok
18:39:20.0363 5240 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:39:20.0403 5240 WudfPf - ok
18:39:20.0422 5240 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:20.0477 5240 WUDFRd - ok
18:39:20.0522 5240 MBR (0x1B8) (cc4433051291e08ed14b9e83b3b430c2) \Device\Harddisk0\DR0
18:39:20.0743 5240 \Device\Harddisk0\DR0 - ok
18:39:20.0758 5240 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
18:39:20.0992 5240 \Device\Harddisk5\DR5 - ok
18:39:21.0032 5240 Boot (0x1200) (728541c7e8b6969a287660d9632a839b) \Device\Harddisk0\DR0\Partition0
18:39:21.0032 5240 \Device\Harddisk0\DR0\Partition0 - ok
18:39:21.0044 5240 Boot (0x1200) (a7730ebdfeaedea0af043cec4f281d1d) \Device\Harddisk0\DR0\Partition1
18:39:21.0045 5240 \Device\Harddisk0\DR0\Partition1 - ok
18:39:21.0078 5240 Boot (0x1200) (66ed3df855ecb2e3552a3bc04331c70c) \Device\Harddisk0\DR0\Partition2
18:39:21.0079 5240 \Device\Harddisk0\DR0\Partition2 - ok
18:39:21.0086 5240 Boot (0x1200) (b5528dc82f54dd3b84b939545c788617) \Device\Harddisk5\DR5\Partition0
18:39:21.0087 5240 \Device\Harddisk5\DR5\Partition0 - ok
18:39:21.0088 5240 ============================================================
18:39:21.0088 5240 Scan finished
18:39:21.0088 5240 ============================================================
18:39:21.0103 5688 Detected object count: 0
18:39:21.0104 5688 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 30 November 2011 - 08:54 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 December 2011 - 01:44 AM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 01:34:35
-----------------------------
01:34:35.628 OS Version: Windows x64 6.1.7601 Service Pack 1
01:34:35.628 Number of processors: 4 586 0x502
01:34:35.629 ComputerName: OWNER-PC UserName: Owner
01:34:37.490 Initialize success
01:35:23.411 AVAST engine defs: 11113001
01:35:43.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
01:35:43.708 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
01:35:45.729 Disk 0 MBR read successfully
01:35:45.734 Disk 0 MBR scan
01:35:45.831 Disk 0 unknown MBR code
01:35:45.834 Service scanning
01:35:46.412 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:35:47.023 Modules scanning
01:35:47.031 Disk 0 trace - called modules:
01:35:47.040 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80060ec254]<<
01:35:47.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc0060]
01:35:47.057 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa8004ea4e40]
01:35:47.066 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8005d42480]
01:35:47.077 \Driver\nvstor64[0xfffffa8005d348b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80060ec254
01:35:48.613 AVAST engine scan C:\Windows
01:35:54.188 AVAST engine scan C:\Windows\system32
01:38:48.327 AVAST engine scan C:\Windows\system32\drivers
01:39:11.151 AVAST engine scan C:\Users\Owner
01:39:43.906 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\From_Bleeping\MBR.dat"
01:39:43.926 The log file has been saved successfully to "C:\Users\Owner\Desktop\From_Bleeping\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 01 December 2011 - 01:59 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 December 2011 - 02:01 AM

I ran it again with one of the Iexplorer.exe processes running to see if it would pick up anything else

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-01 01:42:20
-----------------------------
01:42:20.878 OS Version: Windows x64 6.1.7601 Service Pack 1
01:42:20.878 Number of processors: 4 586 0x502
01:42:20.879 ComputerName: OWNER-PC UserName: Owner
01:42:23.645 Initialize success
01:42:28.400 AVAST engine defs: 11113001
01:55:13.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
01:55:13.142 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
01:55:15.165 Disk 0 MBR read successfully
01:55:15.171 Disk 0 MBR scan
01:55:15.183 Disk 0 unknown MBR code
01:55:15.192 Service scanning
01:55:15.720 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
01:55:16.345 Modules scanning
01:55:16.354 Disk 0 trace - called modules:
01:55:16.369 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80060ec254]<<
01:55:16.379 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc0060]
01:55:16.389 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> [0xfffffa8004ea4e40]
01:55:16.394 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa8005d42480]
01:55:16.402 \Driver\nvstor64[0xfffffa8005d348b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80060ec254
01:55:17.757 AVAST engine scan C:\Windows
01:55:33.625 AVAST engine scan C:\Windows\system32
01:59:29.465 AVAST engine scan C:\Windows\system32\drivers
02:00:24.482 AVAST engine scan C:\Users\Owner
02:00:51.187 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\From_Bleeping\MBR.dat"
02:00:51.195 The log file has been saved successfully to "C:\Users\Owner\Desktop\From_Bleeping\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 01 December 2011 - 02:05 AM

hello

run post 9 for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 December 2011 - 02:11 AM

if it helps - I went into IE and pulled up the history... since we're only using safari the computer is showing the following sites as being visited today

http://adme.mevio.com/?utm_source=a31f63&utm_campaign=a31f63_217-23411-1&utm_medium=cpc
http://www.baruvexowne.com/ac5.php?q=fujiko+kano&aid=569&sid=direc32&nf=11.0.1
http://betv.mevio.com/
http://www.dewytogabsu.com/ac5.php?q=gmc&aid=569&sid=direc32&nf=11.0.1
http://edwardslibrary.mevio.com/
http://fraud-filter.com/mtest.php?r=bjo4OntmOjE6InAiO2Y6ODc6InVnZ2M6Ly9ucXpyLnpyaXZiLnBiei8_aGd6X2ZiaGVwcj00Mm4xcnEmaGd6X3BuemNudnRhPTQybjFycV8yMTctMjM0MTEtMSZoZ3pfenJxdmh6PXBjcCI7ZjoxOiJnIjtmOjQ6IjFfcTEiO2Y6MjoidnEiO3Y6ODQxMTM2O2Y6MToibyI7djo0MDtmOjEwOiJjbmVnYXJlX3ZxIjtmOjM6IjIxNyI7ZjozOiJuc3MiO2Y6NToiMjM0MTEiO2Y6NjoiZmhvbnNzIjtmOjE6IjEiO2Y6NzoieHJsamJlcSI7ZjoxNDoiZnl2Y3hhYmcgem5meGYiO30
http://hotoff.mevio.com/?selectedTab=show-episodes
http://www.mevio.com/episode/304221/kourtney-kardashian-is-pregant-part-ii
http://meviomusicvideos.mevio.com/?utm_source=781682&utm_campaign=781682_217-23411-1&utm_medium=cpc
http://shellypalmerdaily.mevio.com/

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 01 December 2011 - 02:13 AM

hello

run post 9 for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rampy

rampy
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 01 December 2011 - 02:42 PM

Hi Gringo:

Sorry for last night... I didn't notice your posts. I've attached the screen shot

Attached File  screenshot.jpg   135.78KB   2 downloads

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:25 AM

Posted 01 December 2011 - 09:01 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users