Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting


  • This topic is locked This topic is locked
21 replies to this topic

#1 deathmaster436

deathmaster436

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 06 December 2011 - 03:53 PM

Hello I tried use your self help page for System Fix virus. I think i got that but not the rootkit that came with it. I have win 7 64 bit so i did not do a GMER log. part of the self help was to use TDSSkiller i will post that log as well. I also installed chrome because almost all of Firefox was not working right. It would crash when looking for TDSSkiller even with a proxy. one last thing i tried use the unhide program it did not work.
Thanks

PS. chrome freezes at 12% when posting

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by James at 6:10:08 on 2011-12-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.6415 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\James\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{FF95F534-5E2F-4306-9DA9-1ECC3E988C4C} : DhcpNameServer = 68.87.76.182 68.87.78.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\James\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-8 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-06 13:17:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FFF5211-B50F-440C-9422-23AC2B471084}\offreg.dll
2011-12-06 12:52:51 -------- d-----w- C:\Users\James\AppData\Local\Google
2011-12-06 09:16:32 -------- d--h--w- C:\Users\James\AppData\Roaming\Malwarebytes
2011-12-06 09:16:25 -------- d--h--w- C:\ProgramData\Malwarebytes
2011-12-06 09:16:21 -------- d--h--w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-06 09:07:33 445064 ---ha-w- C:\ProgramData\mfMNqEiVOqaPjm.exe
2011-12-04 12:48:20 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FFF5211-B50F-440C-9422-23AC2B471084}\mpengine.dll
2011-12-03 21:54:20 -------- d--h--w- C:\Users\James\AppData\Local\Red 5 Studios
2011-11-18 05:25:19 -------- d--h--w- C:\Program Files (x86)\AMD APP
2011-11-09 07:01:44 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 07:01:44 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 07:01:44 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 07:01:43 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2011-11-18 05:27:45 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 05:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 05:21:48 56832 ---ha-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 05:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 05:21:34 56832 ---ha-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 05:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 05:20:42 13950464 ---ha-w- C:\Windows\SysWow64\amdocl.dll
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ---ha-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ---ha-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ---ha-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ---ha-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ---ha-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ---ha-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ---ha-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ---ha-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ---ha-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ---ha-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ---ha-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ---ha-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ---ha-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ---ha-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ---ha-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ---ha-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ---ha-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ---ha-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ---ha-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-07 05:29:04 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-07 05:29:00 43520 ---ha-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-03 11:32:08 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-03 11:32:08 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 09:16:16 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 07:32:00 75136 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-30 08:27:27 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-30 08:27:27 444952 ---ha-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-30 08:27:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-30 08:27:27 109080 ---ha-w- C:\Windows\SysWow64\OpenAL32.dll
2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 18:47:40 53760 ---ha-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 18:38:28 37376 ---ha-w- C:\Windows\SysWow64\amdoclcl.dll
.
============= FINISH: 6:17:46.40 ===============

04:05:34.0285 1260 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
04:05:34.0581 1260 ============================================================
04:05:34.0581 1260 Current date / time: 2011/12/06 04:05:34.0581
04:05:34.0581 1260 SystemInfo:
04:05:34.0581 1260
04:05:34.0581 1260 OS Version: 6.1.7601 ServicePack: 1.0
04:05:34.0581 1260 Product type: Workstation
04:05:34.0581 1260 ComputerName: DEATHMASTER436
04:05:34.0581 1260 UserName: James
04:05:34.0581 1260 Windows directory: C:\Windows
04:05:34.0581 1260 System windows directory: C:\Windows
04:05:34.0581 1260 Running under WOW64
04:05:34.0581 1260 Processor architecture: Intel x64
04:05:34.0581 1260 Number of processors: 4
04:05:34.0581 1260 Page size: 0x1000
04:05:34.0581 1260 Boot type: Safe boot with network
04:05:34.0581 1260 ============================================================
04:05:34.0659 1260 Initialize success
04:05:50.0681 1592 ============================================================
04:05:50.0681 1592 Scan started
04:05:50.0681 1592 Mode: Manual;
04:05:50.0681 1592 ============================================================
04:05:51.0149 1592 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:05:51.0149 1592 1394ohci - ok
04:05:51.0164 1592 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:05:51.0164 1592 ACPI - ok
04:05:51.0164 1592 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:05:51.0164 1592 AcpiPmi - ok
04:05:51.0195 1592 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:05:51.0195 1592 adp94xx - ok
04:05:51.0211 1592 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:05:51.0211 1592 adpahci - ok
04:05:51.0227 1592 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:05:51.0227 1592 adpu320 - ok
04:05:51.0242 1592 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
04:05:51.0242 1592 AFD - ok
04:05:51.0258 1592 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:05:51.0258 1592 agp440 - ok
04:05:51.0273 1592 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:05:51.0273 1592 aliide - ok
04:05:51.0273 1592 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:05:51.0273 1592 amdide - ok
04:05:51.0289 1592 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:05:51.0289 1592 AmdK8 - ok
04:05:51.0383 1592 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
04:05:51.0461 1592 amdkmdag - ok
04:05:51.0476 1592 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
04:05:51.0476 1592 amdkmdap - ok
04:05:51.0492 1592 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:05:51.0492 1592 AmdPPM - ok
04:05:51.0507 1592 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:05:51.0507 1592 amdsata - ok
04:05:51.0523 1592 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:05:51.0523 1592 amdsbs - ok
04:05:51.0523 1592 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:05:51.0523 1592 amdxata - ok
04:05:51.0539 1592 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:05:51.0539 1592 AppID - ok
04:05:51.0554 1592 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:05:51.0570 1592 arc - ok
04:05:51.0570 1592 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:05:51.0570 1592 arcsas - ok
04:05:51.0585 1592 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:05:51.0585 1592 AsyncMac - ok
04:05:51.0585 1592 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:05:51.0585 1592 atapi - ok
04:05:51.0601 1592 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
04:05:51.0601 1592 AtiHDAudioService - ok
04:05:51.0632 1592 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
04:05:51.0632 1592 AtiHdmiService - ok
04:05:51.0648 1592 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:05:51.0648 1592 b06bdrv - ok
04:05:51.0663 1592 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:05:51.0663 1592 b57nd60a - ok
04:05:51.0726 1592 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:05:51.0726 1592 Beep - ok
04:05:51.0773 1592 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:05:51.0773 1592 blbdrive - ok
04:05:51.0788 1592 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:05:51.0788 1592 bowser - ok
04:05:51.0788 1592 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:05:51.0788 1592 BrFiltLo - ok
04:05:51.0804 1592 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:05:51.0804 1592 BrFiltUp - ok
04:05:51.0819 1592 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:05:51.0819 1592 Brserid - ok
04:05:51.0835 1592 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:05:51.0835 1592 BrSerWdm - ok
04:05:51.0835 1592 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:05:51.0835 1592 BrUsbMdm - ok
04:05:51.0851 1592 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:05:51.0851 1592 BrUsbSer - ok
04:05:51.0866 1592 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:05:51.0882 1592 BTHMODEM - ok
04:05:51.0882 1592 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:05:51.0882 1592 cdfs - ok
04:05:51.0897 1592 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
04:05:51.0897 1592 cdrom - ok
04:05:51.0913 1592 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:05:51.0913 1592 circlass - ok
04:05:51.0913 1592 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:05:51.0913 1592 CLFS - ok
04:05:51.0944 1592 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:05:51.0944 1592 CmBatt - ok
04:05:51.0960 1592 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:05:51.0960 1592 cmdide - ok
04:05:51.0975 1592 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
04:05:51.0975 1592 CNG - ok
04:05:51.0975 1592 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:05:51.0975 1592 Compbatt - ok
04:05:51.0991 1592 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:05:52.0007 1592 CompositeBus - ok
04:05:52.0007 1592 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:05:52.0007 1592 crcdisk - ok
04:05:52.0022 1592 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
04:05:52.0022 1592 CSC - ok
04:05:52.0038 1592 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:05:52.0038 1592 DfsC - ok
04:05:52.0069 1592 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:05:52.0069 1592 discache - ok
04:05:52.0085 1592 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:05:52.0085 1592 Disk - ok
04:05:52.0085 1592 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:05:52.0085 1592 drmkaud - ok
04:05:52.0100 1592 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:05:52.0116 1592 DXGKrnl - ok
04:05:52.0131 1592 EagleX64 - ok
04:05:52.0163 1592 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:05:52.0194 1592 ebdrv - ok
04:05:52.0209 1592 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:05:52.0209 1592 elxstor - ok
04:05:52.0225 1592 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:05:52.0225 1592 ErrDev - ok
04:05:52.0256 1592 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:05:52.0256 1592 exfat - ok
04:05:52.0256 1592 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:05:52.0256 1592 fastfat - ok
04:05:52.0272 1592 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:05:52.0272 1592 fdc - ok
04:05:52.0287 1592 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:05:52.0287 1592 FileInfo - ok
04:05:52.0287 1592 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:05:52.0287 1592 Filetrace - ok
04:05:52.0303 1592 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:05:52.0303 1592 flpydisk - ok
04:05:52.0319 1592 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:05:52.0319 1592 FltMgr - ok
04:05:52.0334 1592 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:05:52.0334 1592 FsDepends - ok
04:05:52.0350 1592 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:05:52.0350 1592 Fs_Rec - ok
04:05:52.0350 1592 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:05:52.0350 1592 fvevol - ok
04:05:52.0365 1592 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:05:52.0381 1592 gagp30kx - ok
04:05:52.0381 1592 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:05:52.0381 1592 hcw85cir - ok
04:05:52.0397 1592 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:05:52.0397 1592 HdAudAddService - ok
04:05:52.0412 1592 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:05:52.0412 1592 HDAudBus - ok
04:05:52.0412 1592 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:05:52.0412 1592 HidBatt - ok
04:05:52.0428 1592 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:05:52.0443 1592 HidBth - ok
04:05:52.0443 1592 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:05:52.0443 1592 HidIr - ok
04:05:52.0459 1592 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:05:52.0459 1592 HidUsb - ok
04:05:52.0475 1592 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:05:52.0475 1592 HpSAMD - ok
04:05:52.0490 1592 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:05:52.0490 1592 HTTP - ok
04:05:52.0506 1592 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:05:52.0506 1592 hwpolicy - ok
04:05:52.0521 1592 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:05:52.0521 1592 i8042prt - ok
04:05:52.0537 1592 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:05:52.0537 1592 iaStorV - ok
04:05:52.0553 1592 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:05:52.0568 1592 iirsp - ok
04:05:52.0568 1592 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:05:52.0568 1592 intelide - ok
04:05:52.0584 1592 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:05:52.0584 1592 intelppm - ok
04:05:52.0584 1592 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:05:52.0599 1592 IpFilterDriver - ok
04:05:52.0599 1592 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:05:52.0599 1592 IPMIDRV - ok
04:05:52.0631 1592 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:05:52.0631 1592 IPNAT - ok
04:05:52.0631 1592 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:05:52.0631 1592 IRENUM - ok
04:05:52.0646 1592 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:05:52.0646 1592 isapnp - ok
04:05:52.0646 1592 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:05:52.0662 1592 iScsiPrt - ok
04:05:52.0662 1592 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:05:52.0662 1592 kbdclass - ok
04:05:52.0677 1592 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:05:52.0693 1592 kbdhid - ok
04:05:52.0693 1592 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
04:05:52.0693 1592 KSecDD - ok
04:05:52.0709 1592 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
04:05:52.0709 1592 KSecPkg - ok
04:05:52.0709 1592 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:05:52.0709 1592 ksthunk - ok
04:05:52.0724 1592 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:05:52.0724 1592 lltdio - ok
04:05:52.0755 1592 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:05:52.0755 1592 LSI_FC - ok
04:05:52.0771 1592 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:05:52.0771 1592 LSI_SAS - ok
04:05:52.0771 1592 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:05:52.0771 1592 LSI_SAS2 - ok
04:05:52.0787 1592 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:05:52.0787 1592 LSI_SCSI - ok
04:05:52.0818 1592 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:05:52.0818 1592 luafv - ok
04:05:52.0818 1592 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:05:52.0818 1592 megasas - ok
04:05:52.0833 1592 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:05:52.0833 1592 MegaSR - ok
04:05:52.0849 1592 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:05:52.0849 1592 Modem - ok
04:05:52.0849 1592 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:05:52.0849 1592 monitor - ok
04:05:52.0865 1592 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:05:52.0880 1592 mouclass - ok
04:05:52.0880 1592 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:05:52.0880 1592 mouhid - ok
04:05:52.0896 1592 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:05:52.0896 1592 mountmgr - ok
04:05:52.0896 1592 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:05:52.0896 1592 mpio - ok
04:05:52.0911 1592 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:05:52.0911 1592 mpsdrv - ok
04:05:52.0943 1592 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:05:52.0943 1592 MRxDAV - ok
04:05:52.0943 1592 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:05:52.0943 1592 mrxsmb - ok
04:05:52.0958 1592 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:05:52.0958 1592 mrxsmb10 - ok
04:05:52.0974 1592 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:05:52.0974 1592 mrxsmb20 - ok
04:05:52.0974 1592 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:05:52.0974 1592 msahci - ok
04:05:53.0005 1592 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:05:53.0005 1592 msdsm - ok
04:05:53.0005 1592 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:05:53.0005 1592 Msfs - ok
04:05:53.0021 1592 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:05:53.0021 1592 mshidkmdf - ok
04:05:53.0036 1592 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:05:53.0036 1592 msisadrv - ok
04:05:53.0036 1592 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:05:53.0036 1592 MSKSSRV - ok
04:05:53.0052 1592 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:05:53.0052 1592 MSPCLOCK - ok
04:05:53.0067 1592 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:05:53.0067 1592 MSPQM - ok
04:05:53.0083 1592 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:05:53.0083 1592 MsRPC - ok
04:05:53.0099 1592 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:05:53.0099 1592 mssmbios - ok
04:05:53.0099 1592 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:05:53.0099 1592 MSTEE - ok
04:05:53.0114 1592 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:05:53.0114 1592 MTConfig - ok
04:05:53.0130 1592 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
04:05:53.0130 1592 MTsensor - ok
04:05:53.0145 1592 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:05:53.0145 1592 Mup - ok
04:05:53.0145 1592 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:05:53.0161 1592 NativeWifiP - ok
04:05:53.0177 1592 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:05:53.0177 1592 NDIS - ok
04:05:53.0192 1592 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:05:53.0192 1592 NdisCap - ok
04:05:53.0208 1592 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:05:53.0208 1592 NdisTapi - ok
04:05:53.0208 1592 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:05:53.0208 1592 Ndisuio - ok
04:05:53.0223 1592 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:05:53.0223 1592 NdisWan - ok
04:05:53.0223 1592 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:05:53.0223 1592 NDProxy - ok
04:05:53.0239 1592 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:05:53.0255 1592 NetBIOS - ok
04:05:53.0255 1592 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:05:53.0255 1592 NetBT - ok
04:05:53.0270 1592 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:05:53.0270 1592 nfrd960 - ok
04:05:53.0286 1592 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:05:53.0286 1592 Npfs - ok
04:05:53.0301 1592 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:05:53.0301 1592 nsiproxy - ok
04:05:53.0333 1592 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:05:53.0348 1592 Ntfs - ok
04:05:53.0348 1592 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:05:53.0348 1592 Null - ok
04:05:53.0379 1592 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:05:53.0379 1592 nvraid - ok
04:05:53.0395 1592 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:05:53.0395 1592 nvstor - ok
04:05:53.0395 1592 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:05:53.0411 1592 nv_agp - ok
04:05:53.0411 1592 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:05:53.0411 1592 ohci1394 - ok
04:05:53.0442 1592 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:05:53.0442 1592 Parport - ok
04:05:53.0457 1592 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:05:53.0457 1592 partmgr - ok
04:05:53.0457 1592 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:05:53.0457 1592 pci - ok
04:05:53.0473 1592 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:05:53.0473 1592 pciide - ok
04:05:53.0504 1592 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:05:53.0504 1592 pcmcia - ok
04:05:53.0504 1592 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:05:53.0504 1592 pcw - ok
04:05:53.0520 1592 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:05:53.0535 1592 PEAUTH - ok
04:05:53.0551 1592 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
04:05:53.0567 1592 Point64 - ok
04:05:53.0567 1592 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:05:53.0567 1592 PptpMiniport - ok
04:05:53.0582 1592 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:05:53.0582 1592 Processor - ok
04:05:53.0598 1592 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:05:53.0598 1592 Psched - ok
04:05:53.0613 1592 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:05:53.0629 1592 ql2300 - ok
04:05:53.0645 1592 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:05:53.0645 1592 ql40xx - ok
04:05:53.0645 1592 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:05:53.0645 1592 QWAVEdrv - ok
04:05:53.0660 1592 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:05:53.0660 1592 RasAcd - ok
04:05:53.0660 1592 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:05:53.0660 1592 RasAgileVpn - ok
04:05:53.0691 1592 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:05:53.0691 1592 Rasl2tp - ok
04:05:53.0691 1592 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:05:53.0691 1592 RasPppoe - ok
04:05:53.0707 1592 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:05:53.0707 1592 RasSstp - ok
04:05:53.0723 1592 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:05:53.0723 1592 rdbss - ok
04:05:53.0723 1592 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:05:53.0723 1592 rdpbus - ok
04:05:53.0738 1592 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:05:53.0738 1592 RDPCDD - ok
04:05:53.0754 1592 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
04:05:53.0754 1592 RDPDR - ok
04:05:53.0769 1592 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:05:53.0769 1592 RDPENCDD - ok
04:05:53.0769 1592 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:05:53.0769 1592 RDPREFMP - ok
04:05:53.0785 1592 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:05:53.0785 1592 RDPWD - ok
04:05:53.0816 1592 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:05:53.0816 1592 rdyboost - ok
04:05:53.0832 1592 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:05:53.0832 1592 rspndr - ok
04:05:53.0847 1592 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:05:53.0847 1592 RTL8167 - ok
04:05:53.0847 1592 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
04:05:53.0847 1592 s3cap - ok
04:05:53.0879 1592 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:05:53.0879 1592 sbp2port - ok
04:05:53.0879 1592 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
04:05:53.0879 1592 SCDEmu - ok
04:05:53.0894 1592 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:05:53.0894 1592 scfilter - ok
04:05:53.0910 1592 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:05:53.0910 1592 secdrv - ok
04:05:53.0925 1592 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:05:53.0925 1592 Serenum - ok
04:05:53.0941 1592 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:05:53.0941 1592 Serial - ok
04:05:53.0957 1592 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:05:53.0957 1592 sermouse - ok
04:05:53.0957 1592 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:05:53.0957 1592 sffdisk - ok
04:05:53.0972 1592 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:05:53.0972 1592 sffp_mmc - ok
04:05:53.0988 1592 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:05:53.0988 1592 sffp_sd - ok
04:05:54.0003 1592 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:05:54.0003 1592 sfloppy - ok
04:05:54.0019 1592 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:05:54.0019 1592 SiSRaid2 - ok
04:05:54.0019 1592 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:05:54.0019 1592 SiSRaid4 - ok
04:05:54.0035 1592 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:05:54.0035 1592 Smb - ok
04:05:54.0050 1592 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:05:54.0050 1592 spldr - ok
04:05:54.0081 1592 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:05:54.0081 1592 srv - ok
04:05:54.0081 1592 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:05:54.0097 1592 srv2 - ok
04:05:54.0097 1592 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:05:54.0097 1592 srvnet - ok
04:05:54.0128 1592 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:05:54.0128 1592 stexstor - ok
04:05:54.0144 1592 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
04:05:54.0144 1592 storflt - ok
04:05:54.0144 1592 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
04:05:54.0144 1592 storvsc - ok
04:05:54.0159 1592 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:05:54.0159 1592 swenum - ok
04:05:54.0191 1592 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:05:54.0206 1592 Tcpip - ok
04:05:54.0237 1592 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:05:54.0237 1592 TCPIP6 - ok
04:05:54.0253 1592 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:05:54.0253 1592 tcpipreg - ok
04:05:54.0269 1592 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:05:54.0269 1592 TDPIPE - ok
04:05:54.0269 1592 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:05:54.0269 1592 TDTCP - ok
04:05:54.0284 1592 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:05:54.0284 1592 tdx - ok
04:05:54.0300 1592 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:05:54.0300 1592 TermDD - ok
04:05:54.0315 1592 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:05:54.0315 1592 tssecsrv - ok
04:05:54.0331 1592 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:05:54.0331 1592 TsUsbFlt - ok
04:05:54.0347 1592 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:05:54.0347 1592 tunnel - ok
04:05:54.0347 1592 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:05:54.0347 1592 uagp35 - ok
04:05:54.0378 1592 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:05:54.0378 1592 udfs - ok
04:05:54.0378 1592 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:05:54.0393 1592 uliagpkx - ok
04:05:54.0393 1592 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:05:54.0393 1592 umbus - ok
04:05:54.0409 1592 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:05:54.0409 1592 UmPass - ok
04:05:54.0409 1592 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
04:05:54.0425 1592 usbaudio - ok
04:05:54.0440 1592 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:05:54.0440 1592 usbccgp - ok
04:05:54.0456 1592 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:05:54.0456 1592 usbcir - ok
04:05:54.0456 1592 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:05:54.0456 1592 usbehci - ok
04:05:54.0471 1592 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:05:54.0471 1592 usbhub - ok
04:05:54.0487 1592 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:05:54.0503 1592 usbohci - ok
04:05:54.0503 1592 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:05:54.0503 1592 usbprint - ok
04:05:54.0518 1592 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:05:54.0518 1592 usbscan - ok
04:05:54.0518 1592 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:05:54.0518 1592 USBSTOR - ok
04:05:54.0534 1592 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:05:54.0534 1592 usbuhci - ok
04:05:54.0549 1592 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:05:54.0565 1592 vdrvroot - ok
04:05:54.0565 1592 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:05:54.0565 1592 vga - ok
04:05:54.0581 1592 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:05:54.0581 1592 VgaSave - ok
04:05:54.0581 1592 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:05:54.0596 1592 vhdmp - ok
04:05:54.0596 1592 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:05:54.0596 1592 viaide - ok
04:05:54.0627 1592 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
04:05:54.0627 1592 vmbus - ok
04:05:54.0627 1592 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
04:05:54.0627 1592 VMBusHID - ok
04:05:54.0643 1592 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:05:54.0643 1592 volmgr - ok
04:05:54.0659 1592 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:05:54.0659 1592 volmgrx - ok
04:05:54.0674 1592 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:05:54.0674 1592 volsnap - ok
04:05:54.0690 1592 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:05:54.0690 1592 vsmraid - ok
04:05:54.0705 1592 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:05:54.0705 1592 vwifibus - ok
04:05:54.0705 1592 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:05:54.0721 1592 WacomPen - ok
04:05:54.0721 1592 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:05:54.0721 1592 WANARP - ok
04:05:54.0721 1592 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:05:54.0721 1592 Wanarpv6 - ok
04:05:54.0752 1592 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:05:54.0752 1592 Wd - ok
04:05:54.0768 1592 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:05:54.0768 1592 Wdf01000 - ok
04:05:54.0783 1592 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:05:54.0783 1592 WfpLwf - ok
04:05:54.0799 1592 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:05:54.0799 1592 WIMMount - ok
04:05:54.0830 1592 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:05:54.0830 1592 WmiAcpi - ok
04:05:54.0846 1592 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:05:54.0846 1592 ws2ifsl - ok
04:05:54.0877 1592 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:05:54.0877 1592 WudfPf - ok
04:05:54.0877 1592 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:05:54.0877 1592 WUDFRd - ok
04:05:54.0893 1592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:05:54.0893 1592 \Device\Harddisk0\DR0 - ok
04:05:54.0893 1592 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
04:05:54.0893 1592 \Device\Harddisk1\DR1 - ok
04:05:54.0908 1592 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3
04:05:54.0908 1592 \Device\Harddisk2\DR3 - ok
04:05:54.0908 1592 Boot (0x1200) (097635f6c2983da48e70fbe298782b9a) \Device\Harddisk0\DR0\Partition0
04:05:54.0908 1592 \Device\Harddisk0\DR0\Partition0 - ok
04:05:54.0908 1592 Boot (0x1200) (d402aa603d0c11a8301f32f206d790ab) \Device\Harddisk0\DR0\Partition1
04:05:54.0908 1592 \Device\Harddisk0\DR0\Partition1 - ok
04:05:54.0908 1592 Boot (0x1200) (a0d05c970599e91e81e8e4a61df9723a) \Device\Harddisk1\DR1\Partition0
04:05:54.0908 1592 \Device\Harddisk1\DR1\Partition0 - ok
04:05:55.0407 1592 Boot (0x1200) (033112f47384690a084c4a9990075931) \Device\Harddisk1\DR1\Partition1
04:05:55.0407 1592 \Device\Harddisk1\DR1\Partition1 - ok
04:05:55.0423 1592 Boot (0x1200) (53073ebb503e7ee411e6c0abdd657e42) \Device\Harddisk2\DR3\Partition0
04:05:55.0423 1592 \Device\Harddisk2\DR3\Partition0 - ok
04:05:55.0423 1592 ============================================================
04:05:55.0423 1592 Scan finished
04:05:55.0423 1592 ============================================================
04:05:55.0423 1896 Detected object count: 0
04:05:55.0423 1896 Actual detected object count: 0
04:06:04.0877 0608 ============================================================
04:06:04.0877 0608 Scan started
04:06:04.0877 0608 Mode: Manual;
04:06:04.0877 0608 ============================================================
04:06:05.0142 0608 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:06:05.0142 0608 1394ohci - ok
04:06:05.0173 0608 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:06:05.0173 0608 ACPI - ok
04:06:05.0173 0608 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:06:05.0173 0608 AcpiPmi - ok
04:06:05.0189 0608 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:06:05.0189 0608 adp94xx - ok
04:06:05.0204 0608 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:06:05.0204 0608 adpahci - ok
04:06:05.0220 0608 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:06:05.0220 0608 adpu320 - ok
04:06:05.0235 0608 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
04:06:05.0251 0608 AFD - ok
04:06:05.0251 0608 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:06:05.0251 0608 agp440 - ok
04:06:05.0267 0608 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:06:05.0267 0608 aliide - ok
04:06:05.0267 0608 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:06:05.0267 0608 amdide - ok
04:06:05.0282 0608 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:06:05.0282 0608 AmdK8 - ok
04:06:05.0376 0608 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
04:06:05.0423 0608 amdkmdag - ok
04:06:05.0438 0608 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
04:06:05.0438 0608 amdkmdap - ok
04:06:05.0454 0608 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:06:05.0454 0608 AmdPPM - ok
04:06:05.0454 0608 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:06:05.0454 0608 amdsata - ok
04:06:05.0485 0608 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:06:05.0485 0608 amdsbs - ok
04:06:05.0485 0608 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:06:05.0485 0608 amdxata - ok
04:06:05.0501 0608 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:06:05.0501 0608 AppID - ok
04:06:05.0501 0608 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:06:05.0501 0608 arc - ok
04:06:05.0516 0608 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:06:05.0516 0608 arcsas - ok
04:06:05.0532 0608 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:06:05.0532 0608 AsyncMac - ok
04:06:05.0547 0608 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:06:05.0547 0608 atapi - ok
04:06:05.0563 0608 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
04:06:05.0563 0608 AtiHDAudioService - ok
04:06:05.0563 0608 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
04:06:05.0563 0608 AtiHdmiService - ok
04:06:05.0579 0608 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:06:05.0594 0608 b06bdrv - ok
04:06:05.0610 0608 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:06:05.0610 0608 b57nd60a - ok
04:06:05.0625 0608 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:06:05.0625 0608 Beep - ok
04:06:05.0625 0608 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:06:05.0641 0608 blbdrive - ok
04:06:05.0641 0608 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:06:05.0641 0608 bowser - ok
04:06:05.0657 0608 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:06:05.0657 0608 BrFiltLo - ok
04:06:05.0672 0608 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:06:05.0672 0608 BrFiltUp - ok
04:06:05.0688 0608 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:06:05.0688 0608 Brserid - ok
04:06:05.0688 0608 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:06:05.0688 0608 BrSerWdm - ok
04:06:05.0703 0608 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:06:05.0703 0608 BrUsbMdm - ok
04:06:05.0703 0608 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:06:05.0703 0608 BrUsbSer - ok
04:06:05.0735 0608 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:06:05.0735 0608 BTHMODEM - ok
04:06:05.0750 0608 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:06:05.0750 0608 cdfs - ok
04:06:05.0750 0608 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
04:06:05.0750 0608 cdrom - ok
04:06:05.0766 0608 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:06:05.0766 0608 circlass - ok
04:06:05.0781 0608 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:06:05.0781 0608 CLFS - ok
04:06:05.0797 0608 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:06:05.0797 0608 CmBatt - ok
04:06:05.0813 0608 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:06:05.0813 0608 cmdide - ok
04:06:05.0828 0608 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
04:06:05.0828 0608 CNG - ok
04:06:05.0828 0608 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:06:05.0828 0608 Compbatt - ok
04:06:05.0844 0608 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:06:05.0844 0608 CompositeBus - ok
04:06:05.0859 0608 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:06:05.0859 0608 crcdisk - ok
04:06:05.0875 0608 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
04:06:05.0875 0608 CSC - ok
04:06:05.0891 0608 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:06:05.0891 0608 DfsC - ok
04:06:05.0906 0608 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:06:05.0906 0608 discache - ok
04:06:05.0922 0608 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:06:05.0922 0608 Disk - ok
04:06:06.0000 0608 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:06:06.0000 0608 drmkaud - ok
04:06:06.0031 0608 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:06:06.0047 0608 DXGKrnl - ok
04:06:06.0062 0608 EagleX64 - ok
04:06:06.0125 0608 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:06:06.0140 0608 ebdrv - ok
04:06:06.0156 0608 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:06:06.0156 0608 elxstor - ok
04:06:06.0171 0608 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:06:06.0171 0608 ErrDev - ok
04:06:06.0187 0608 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:06:06.0187 0608 exfat - ok
04:06:06.0187 0608 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:06:06.0187 0608 fastfat - ok
04:06:06.0203 0608 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:06:06.0203 0608 fdc - ok
04:06:06.0218 0608 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:06:06.0234 0608 FileInfo - ok
04:06:06.0234 0608 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:06:06.0234 0608 Filetrace - ok
04:06:06.0249 0608 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:06:06.0249 0608 flpydisk - ok
04:06:06.0249 0608 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:06:06.0249 0608 FltMgr - ok
04:06:06.0265 0608 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:06:06.0265 0608 FsDepends - ok
04:06:06.0281 0608 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:06:06.0281 0608 Fs_Rec - ok
04:06:06.0296 0608 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:06:06.0296 0608 fvevol - ok
04:06:06.0312 0608 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:06:06.0312 0608 gagp30kx - ok
04:06:06.0312 0608 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:06:06.0312 0608 hcw85cir - ok
04:06:06.0327 0608 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:06:06.0327 0608 HdAudAddService - ok
04:06:06.0359 0608 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:06:06.0359 0608 HDAudBus - ok
04:06:06.0359 0608 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:06:06.0359 0608 HidBatt - ok
04:06:06.0374 0608 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:06:06.0374 0608 HidBth - ok
04:06:06.0374 0608 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:06:06.0374 0608 HidIr - ok
04:06:06.0390 0608 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:06:06.0390 0608 HidUsb - ok
04:06:06.0405 0608 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:06:06.0421 0608 HpSAMD - ok
04:06:06.0421 0608 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:06:06.0437 0608 HTTP - ok
04:06:06.0437 0608 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:06:06.0437 0608 hwpolicy - ok
04:06:06.0452 0608 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:06:06.0452 0608 i8042prt - ok
04:06:06.0452 0608 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:06:06.0468 0608 iaStorV - ok
04:06:06.0483 0608 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:06:06.0483 0608 iirsp - ok
04:06:06.0499 0608 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:06:06.0499 0608 intelide - ok
04:06:06.0499 0608 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:06:06.0499 0608 intelppm - ok
04:06:06.0515 0608 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:06:06.0515 0608 IpFilterDriver - ok
04:06:06.0530 0608 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:06:06.0546 0608 IPMIDRV - ok
04:06:06.0546 0608 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:06:06.0546 0608 IPNAT - ok
04:06:06.0561 0608 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:06:06.0561 0608 IRENUM - ok
04:06:06.0561 0608 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:06:06.0561 0608 isapnp - ok
04:06:06.0577 0608 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:06:06.0577 0608 iScsiPrt - ok
04:06:06.0577 0608 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:06:06.0577 0608 kbdclass - ok
04:06:06.0608 0608 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:06:06.0608 0608 kbdhid - ok
04:06:06.0624 0608 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
04:06:06.0624 0608 KSecDD - ok
04:06:06.0624 0608 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
04:06:06.0624 0608 KSecPkg - ok
04:06:06.0639 0608 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:06:06.0639 0608 ksthunk - ok
04:06:06.0655 0608 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:06:06.0655 0608 lltdio - ok
04:06:06.0671 0608 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:06:06.0671 0608 LSI_FC - ok
04:06:06.0686 0608 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:06:06.0686 0608 LSI_SAS - ok
04:06:06.0686 0608 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:06:06.0686 0608 LSI_SAS2 - ok
04:06:06.0702 0608 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:06:06.0702 0608 LSI_SCSI - ok
04:06:06.0733 0608 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:06:06.0733 0608 luafv - ok
04:06:06.0733 0608 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:06:06.0733 0608 megasas - ok
04:06:06.0749 0608 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:06:06.0749 0608 MegaSR - ok
04:06:06.0764 0608 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:06:06.0764 0608 Modem - ok
04:06:06.0764 0608 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:06:06.0764 0608 monitor - ok
04:06:06.0780 0608 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:06:06.0780 0608 mouclass - ok
04:06:06.0795 0608 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:06:06.0795 0608 mouhid - ok
04:06:06.0811 0608 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:06:06.0811 0608 mountmgr - ok
04:06:06.0811 0608 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:06:06.0811 0608 mpio - ok
04:06:06.0827 0608 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:06:06.0827 0608 mpsdrv - ok
04:06:06.0827 0608 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:06:06.0842 0608 MRxDAV - ok
04:06:06.0858 0608 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:06:06.0858 0608 mrxsmb - ok
04:06:06.0873 0608 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:06:06.0873 0608 mrxsmb10 - ok
04:06:06.0873 0608 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:06:06.0873 0608 mrxsmb20 - ok
04:06:06.0889 0608 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:06:06.0889 0608 msahci - ok
04:06:06.0905 0608 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:06:06.0905 0608 msdsm - ok
04:06:06.0920 0608 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:06:06.0920 0608 Msfs - ok
04:06:06.0936 0608 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:06:06.0936 0608 mshidkmdf - ok
04:06:06.0936 0608 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:06:06.0936 0608 msisadrv - ok
04:06:06.0951 0608 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:06:06.0951 0608 MSKSSRV - ok
04:06:06.0967 0608 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:06:06.0967 0608 MSPCLOCK - ok
04:06:06.0983 0608 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:06:06.0983 0608 MSPQM - ok
04:06:06.0998 0608 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:06:06.0998 0608 MsRPC - ok
04:06:06.0998 0608 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:06:06.0998 0608 mssmbios - ok
04:06:07.0014 0608 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:06:07.0014 0608 MSTEE - ok
04:06:07.0029 0608 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:06:07.0029 0608 MTConfig - ok
04:06:07.0045 0608 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
04:06:07.0045 0608 MTsensor - ok
04:06:07.0061 0608 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:06:07.0061 0608 Mup - ok
04:06:07.0061 0608 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:06:07.0061 0608 NativeWifiP - ok
04:06:07.0076 0608 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:06:07.0092 0608 NDIS - ok
04:06:07.0107 0608 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:06:07.0107 0608 NdisCap - ok
04:06:07.0107 0608 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:06:07.0123 0608 NdisTapi - ok
04:06:07.0123 0608 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:06:07.0123 0608 Ndisuio - ok
04:06:07.0139 0608 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:06:07.0139 0608 NdisWan - ok
04:06:07.0139 0608 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:06:07.0139 0608 NDProxy - ok
04:06:07.0154 0608 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:06:07.0154 0608 NetBIOS - ok
04:06:07.0170 0608 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:06:07.0170 0608 NetBT - ok
04:06:07.0185 0608 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:06:07.0185 0608 nfrd960 - ok
04:06:07.0201 0608 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:06:07.0201 0608 Npfs - ok
04:06:07.0217 0608 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:06:07.0217 0608 nsiproxy - ok
04:06:07.0248 0608 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:06:07.0248 0608 Ntfs - ok
04:06:07.0263 0608 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:06:07.0263 0608 Null - ok
04:06:07.0279 0608 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:06:07.0279 0608 nvraid - ok
04:06:07.0295 0608 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:06:07.0295 0608 nvstor - ok
04:06:07.0310 0608 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:06:07.0310 0608 nv_agp - ok
04:06:07.0310 0608 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:06:07.0310 0608 ohci1394 - ok
04:06:07.0326 0608 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:06:07.0326 0608 Parport - ok
04:06:07.0341 0608 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:06:07.0357 0608 partmgr - ok
04:06:07.0357 0608 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:06:07.0357 0608 pci - ok
04:06:07.0373 0608 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:06:07.0373 0608 pciide - ok
04:06:07.0373 0608 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:06:07.0373 0608 pcmcia - ok
04:06:07.0388 0608 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:06:07.0388 0608 pcw - ok
04:06:07.0419 0608 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:06:07.0419 0608 PEAUTH - ok
04:06:07.0435 0608 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
04:06:07.0435 0608 Point64 - ok
04:06:07.0451 0608 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:06:07.0451 0608 PptpMiniport - ok
04:06:07.0466 0608 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:06:07.0466 0608 Processor - ok
04:06:07.0482 0608 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:06:07.0482 0608 Psched - ok
04:06:07.0513 0608 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:06:07.0513 0608 ql2300 - ok
04:06:07.0529 0608 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:06:07.0529 0608 ql40xx - ok
04:06:07.0544 0608 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:06:07.0544 0608 QWAVEdrv - ok
04:06:07.0560 0608 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:06:07.0560 0608 RasAcd - ok
04:06:07.0560 0608 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:06:07.0560 0608 RasAgileVpn - ok
04:06:07.0575 0608 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:06:07.0575 0608 Rasl2tp - ok
04:06:07.0591 0608 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:06:07.0591 0608 RasPppoe - ok
04:06:07.0607 0608 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:06:07.0607 0608 RasSstp - ok
04:06:07.0622 0608 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:06:07.0622 0608 rdbss - ok
04:06:07.0622 0608 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:06:07.0622 0608 rdpbus - ok
04:06:07.0638 0608 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:06:07.0638 0608 RDPCDD - ok
04:06:07.0653 0608 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
04:06:07.0653 0608 RDPDR - ok
04:06:07.0669 0608 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:06:07.0669 0608 RDPENCDD - ok
04:06:07.0685 0608 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:06:07.0685 0608 RDPREFMP - ok
04:06:07.0685 0608 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:06:07.0685 0608 RDPWD - ok
04:06:07.0700 0608 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:06:07.0700 0608 rdyboost - ok
04:06:07.0716 0608 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:06:07.0731 0608 rspndr - ok
04:06:07.0731 0608 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:06:07.0731 0608 RTL8167 - ok
04:06:07.0747 0608 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
04:06:07.0747 0608 s3cap - ok
04:06:07.0763 0608 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:06:07.0763 0608 sbp2port - ok
04:06:07.0763 0608 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
04:06:07.0763 0608 SCDEmu - ok
04:06:07.0778 0608 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:06:07.0778 0608 scfilter - ok
04:06:07.0794 0608 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:06:07.0794 0608 secdrv - ok
04:06:07.0809 0608 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:06:07.0809 0608 Serenum - ok
04:06:07.0825 0608 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:06:07.0825 0608 Serial - ok
04:06:07.0825 0608 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:06:07.0825 0608 sermouse - ok
04:06:07.0856 0608 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:06:07.0856 0608 sffdisk - ok
04:06:07.0872 0608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:06:07.0872 0608 sffp_mmc - ok
04:06:07.0872 0608 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:06:07.0872 0608 sffp_sd - ok
04:06:07.0887 0608 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:06:07.0887 0608 sfloppy - ok
04:06:07.0887 0608 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:06:07.0887 0608 SiSRaid2 - ok
04:06:07.0903 0608 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:06:07.0919 0608 SiSRaid4 - ok
04:06:07.0919 0608 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:06:07.0919 0608 Smb - ok
04:06:07.0934 0608 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:06:07.0934 0608 spldr - ok
04:06:07.0950 0608 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:06:07.0950 0608 srv - ok
04:06:07.0981 0608 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:06:07.0981 0608 srv2 - ok
04:06:07.0981 0608 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:06:07.0981 0608 srvnet - ok
04:06:07.0997 0608 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:06:07.0997 0608 stexstor - ok
04:06:08.0012 0608 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
04:06:08.0012 0608 storflt - ok
04:06:08.0012 0608 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
04:06:08.0012 0608 storvsc - ok
04:06:08.0043 0608 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:06:08.0043 0608 swenum - ok
04:06:08.0075 0608 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:06:08.0075 0608 Tcpip - ok
04:06:08.0106 0608 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:06:08.0121 0608 TCPIP6 - ok
04:06:08.0137 0608 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:06:08.0137 0608 tcpipreg - ok
04:06:08.0137 0608 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:06:08.0137 0608 TDPIPE - ok
04:06:08.0153 0608 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:06:08.0153 0608 TDTCP - ok
04:06:08.0168 0608 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:06:08.0168 0608 tdx - ok
04:06:08.0184 0608 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:06:08.0184 0608 TermDD - ok
04:06:08.0199 0608 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:06:08.0199 0608 tssecsrv - ok
04:06:08.0199 0608 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:06:08.0199 0608 TsUsbFlt - ok
04:06:08.0231 0608 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:06:08.0231 0608 tunnel - ok
04:06:08.0231 0608 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:06:08.0231 0608 uagp35 - ok
04:06:08.0246 0608 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:06:08.0246 0608 udfs - ok
04:06:08.0262 0608 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:06:08.0262 0608 uliagpkx - ok
04:06:08.0262 0608 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:06:08.0262 0608 umbus - ok
04:06:08.0277 0608 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:06:08.0277 0608 UmPass - ok
04:06:08.0293 0608 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
04:06:08.0293 0608 usbaudio - ok
04:06:08.0309 0608 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:06:08.0309 0608 usbccgp - ok
04:06:08.0309 0608 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:06:08.0309 0608 usbcir - ok
04:06:08.0324 0608 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:06:08.0324 0608 usbehci - ok
04:06:08.0355 0608 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:06:08.0355 0608 usbhub - ok
04:06:08.0355 0608 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:06:08.0355 0608 usbohci - ok
04:06:08.0371 0608 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:06:08.0371 0608 usbprint - ok
04:06:08.0371 0608 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:06:08.0371 0608 usbscan - ok
04:06:08.0387 0608 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:06:08.0387 0608 USBSTOR - ok
04:06:08.0402 0608 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:06:08.0402 0608 usbuhci - ok
04:06:08.0418 0608 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:06:08.0418 0608 vdrvroot - ok
04:06:08.0433 0608 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:06:08.0433 0608 vga - ok
04:06:08.0433 0608 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:06:08.0433 0608 VgaSave - ok
04:06:08.0449 0608 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:06:08.0449 0608 vhdmp - ok
04:06:08.0465 0608 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:06:08.0465 0608 viaide - ok
04:06:08.0480 0608 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
04:06:08.0480 0608 vmbus - ok
04:06:08.0496 0608 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
04:06:08.0496 0608 VMBusHID - ok
04:06:08.0496 0608 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:06:08.0496 0608 volmgr - ok
04:06:08.0511 0608 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:06:08.0511 0608 volmgrx - ok
04:06:08.0543 0608 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:06:08.0543 0608 volsnap - ok
04:06:08.0543 0608 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:06:08.0543 0608 vsmraid - ok
04:06:08.0558 0608 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:06:08.0558 0608 vwifibus - ok
04:06:08.0574 0608 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:06:08.0574 0608 WacomPen - ok
04:06:08.0574 0608 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:08.0574 0608 WANARP - ok
04:06:08.0574 0608 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:08.0574 0608 Wanarpv6 - ok
04:06:08.0605 0608 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:06:08.0605 0608 Wd - ok
04:06:08.0621 0608 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:06:08.0621 0608 Wdf01000 - ok
04:06:08.0636 0608 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:06:08.0636 0608 WfpLwf - ok
04:06:08.0652 0608 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:06:08.0652 0608 WIMMount - ok
04:06:08.0683 0608 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:06:08.0683 0608 WmiAcpi - ok
04:06:08.0699 0608 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:06:08.0699 0608 ws2ifsl - ok
04:06:08.0730 0608 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:06:08.0730 0608 WudfPf - ok
04:06:08.0730 0608 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:06:08.0730 0608 WUDFRd - ok
04:06:08.0745 0608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:06:08.0745 0608 \Device\Harddisk0\DR0 - ok
04:06:08.0745 0608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
04:06:08.0745 0608 \Device\Harddisk1\DR1 - ok
04:06:08.0745 0608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3
04:06:08.0761 0608 \Device\Harddisk2\DR3 - ok
04:06:08.0761 0608 Boot (0x1200) (097635f6c2983da48e70fbe298782b9a) \Device\Harddisk0\DR0\Partition0
04:06:08.0761 0608 \Device\Harddisk0\DR0\Partition0 - ok
04:06:08.0761 0608 Boot (0x1200) (d402aa603d0c11a8301f32f206d790ab) \Device\Harddisk0\DR0\Partition1
04:06:08.0761 0608 \Device\Harddisk0\DR0\Partition1 - ok
04:06:08.0761 0608 Boot (0x1200) (a0d05c970599e91e81e8e4a61df9723a) \Device\Harddisk1\DR1\Partition0
04:06:08.0761 0608 \Device\Harddisk1\DR1\Partition0 - ok
04:06:08.0761 0608 Boot (0x1200) (033112f47384690a084c4a9990075931) \Device\Harddisk1\DR1\Partition1
04:06:08.0761 0608 \Device\Harddisk1\DR1\Partition1 - ok
04:06:08.0792 0608 Boot (0x1200) (53073ebb503e7ee411e6c0abdd657e42) \Device\Harddisk2\DR3\Partition0
04:06:08.0792 0608 \Device\Harddisk2\DR3\Partition0 - ok
04:06:08.0792 0608 ============================================================
04:06:08.0792 0608 Scan finished
04:06:08.0792 0608 ============================================================
04:06:08.0792 2016 Detected object count: 0
04:06:08.0792 2016 Actual detected object count: 0
04:06:19.0166 1548 ============================================================
04:06:19.0166 1548 Scan started
04:06:19.0166 1548 Mode: Manual; SigCheck; TDLFS;
04:06:19.0166 1548 ============================================================
04:06:19.0431 1548 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
04:06:19.0463 1548 1394ohci - ok
04:06:19.0478 1548 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
04:06:19.0478 1548 ACPI - ok
04:06:19.0494 1548 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
04:06:19.0509 1548 AcpiPmi - ok
04:06:19.0525 1548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
04:06:19.0541 1548 adp94xx - ok
04:06:19.0556 1548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
04:06:19.0556 1548 adpahci - ok
04:06:19.0587 1548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
04:06:19.0587 1548 adpu320 - ok
04:06:19.0603 1548 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
04:06:19.0619 1548 AFD - ok
04:06:19.0619 1548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
04:06:19.0634 1548 agp440 - ok
04:06:19.0650 1548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
04:06:19.0650 1548 aliide - ok
04:06:19.0665 1548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
04:06:19.0665 1548 amdide - ok
04:06:19.0681 1548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
04:06:19.0697 1548 AmdK8 - ok
04:06:19.0790 1548 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
04:06:19.0899 1548 amdkmdag - ok
04:06:19.0915 1548 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
04:06:19.0915 1548 amdkmdap - ok
04:06:19.0931 1548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
04:06:19.0946 1548 AmdPPM - ok
04:06:19.0962 1548 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
04:06:19.0962 1548 amdsata - ok
04:06:19.0977 1548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
04:06:19.0993 1548 amdsbs - ok
04:06:19.0993 1548 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
04:06:19.0993 1548 amdxata - ok
04:06:20.0009 1548 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
04:06:20.0071 1548 AppID - ok
04:06:20.0087 1548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
04:06:20.0102 1548 arc - ok
04:06:20.0102 1548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
04:06:20.0118 1548 arcsas - ok
04:06:20.0118 1548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
04:06:20.0165 1548 AsyncMac - ok
04:06:20.0180 1548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
04:06:20.0180 1548 atapi - ok
04:06:20.0211 1548 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
04:06:20.0227 1548 AtiHDAudioService - ok
04:06:20.0227 1548 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
04:06:20.0227 1548 AtiHdmiService - ok
04:06:20.0243 1548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
04:06:20.0258 1548 b06bdrv - ok
04:06:20.0274 1548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
04:06:20.0289 1548 b57nd60a - ok
04:06:20.0289 1548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
04:06:20.0321 1548 Beep - ok
04:06:20.0336 1548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
04:06:20.0352 1548 blbdrive - ok
04:06:20.0352 1548 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
04:06:20.0367 1548 bowser - ok
04:06:20.0367 1548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:06:20.0383 1548 BrFiltLo - ok
04:06:20.0399 1548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:06:20.0414 1548 BrFiltUp - ok
04:06:20.0414 1548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
04:06:20.0430 1548 Brserid - ok
04:06:20.0430 1548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
04:06:20.0445 1548 BrSerWdm - ok
04:06:20.0461 1548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:06:20.0477 1548 BrUsbMdm - ok
04:06:20.0477 1548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
04:06:20.0492 1548 BrUsbSer - ok
04:06:20.0492 1548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
04:06:20.0508 1548 BTHMODEM - ok
04:06:20.0523 1548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
04:06:20.0555 1548 cdfs - ok
04:06:20.0555 1548 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
04:06:20.0570 1548 cdrom - ok
04:06:20.0586 1548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
04:06:20.0601 1548 circlass - ok
04:06:20.0601 1548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
04:06:20.0617 1548 CLFS - ok
04:06:20.0633 1548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
04:06:20.0648 1548 CmBatt - ok
04:06:20.0648 1548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
04:06:20.0664 1548 cmdide - ok
04:06:20.0679 1548 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
04:06:20.0695 1548 CNG - ok
04:06:20.0711 1548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
04:06:20.0711 1548 Compbatt - ok
04:06:20.0726 1548 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
04:06:20.0726 1548 CompositeBus - ok
04:06:20.0742 1548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
04:06:20.0742 1548 crcdisk - ok
04:06:20.0773 1548 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
04:06:20.0789 1548 CSC - ok
04:06:20.0804 1548 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
04:06:20.0820 1548 DfsC - ok
04:06:20.0835 1548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
04:06:20.0867 1548 discache - ok
04:06:20.0867 1548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
04:06:20.0882 1548 Disk - ok
04:06:20.0898 1548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
04:06:20.0913 1548 drmkaud - ok
04:06:20.0929 1548 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
04:06:20.0945 1548 DXGKrnl - ok
04:06:20.0960 1548 EagleX64 - ok
04:06:20.0991 1548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
04:06:21.0023 1548 ebdrv - ok
04:06:21.0038 1548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
04:06:21.0054 1548 elxstor - ok
04:06:21.0069 1548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
04:06:21.0085 1548 ErrDev - ok
04:06:21.0101 1548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
04:06:21.0116 1548 exfat - ok
04:06:21.0147 1548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
04:06:21.0163 1548 fastfat - ok
04:06:21.0179 1548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
04:06:21.0179 1548 fdc - ok
04:06:21.0210 1548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
04:06:21.0210 1548 FileInfo - ok
04:06:21.0225 1548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
04:06:21.0257 1548 Filetrace - ok
04:06:21.0272 1548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
04:06:21.0272 1548 flpydisk - ok
04:06:21.0288 1548 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
04:06:21.0303 1548 FltMgr - ok
04:06:21.0303 1548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
04:06:21.0319 1548 FsDepends - ok
04:06:21.0335 1548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
04:06:21.0335 1548 Fs_Rec - ok
04:06:21.0350 1548 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
04:06:21.0366 1548 fvevol - ok
04:06:21.0366 1548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:06:21.0381 1548 gagp30kx - ok
04:06:21.0397 1548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
04:06:21.0413 1548 hcw85cir - ok
04:06:21.0413 1548 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
04:06:21.0428 1548 HdAudAddService - ok
04:06:21.0459 1548 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
04:06:21.0459 1548 HDAudBus - ok
04:06:21.0475 1548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
04:06:21.0475 1548 HidBatt - ok
04:06:21.0491 1548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
04:06:21.0491 1548 HidBth - ok
04:06:21.0506 1548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
04:06:21.0522 1548 HidIr - ok
04:06:21.0537 1548 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
04:06:21.0537 1548 HidUsb - ok
04:06:21.0553 1548 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
04:06:21.0553 1548 HpSAMD - ok
04:06:21.0584 1548 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
04:06:21.0615 1548 HTTP - ok
04:06:21.0615 1548 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
04:06:21.0631 1548 hwpolicy - ok
04:06:21.0647 1548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
04:06:21.0647 1548 i8042prt - ok
04:06:21.0662 1548 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
04:06:21.0678 1548 iaStorV - ok
04:06:21.0693 1548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
04:06:21.0709 1548 iirsp - ok
04:06:21.0725 1548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
04:06:21.0725 1548 intelide - ok
04:06:21.0725 1548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
04:06:21.0740 1548 intelppm - ok
04:06:21.0756 1548 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:06:21.0787 1548 IpFilterDriver - ok
04:06:21.0803 1548 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
04:06:21.0803 1548 IPMIDRV - ok
04:06:21.0834 1548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
04:06:21.0849 1548 IPNAT - ok
04:06:21.0865 1548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
04:06:21.0881 1548 IRENUM - ok
04:06:21.0896 1548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
04:06:21.0896 1548 isapnp - ok
04:06:21.0912 1548 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
04:06:21.0927 1548 iScsiPrt - ok
04:06:21.0927 1548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
04:06:21.0927 1548 kbdclass - ok
04:06:21.0943 1548 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
04:06:21.0959 1548 kbdhid - ok
04:06:21.0974 1548 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
04:06:21.0974 1548 KSecDD - ok
04:06:21.0990 1548 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
04:06:21.0990 1548 KSecPkg - ok
04:06:22.0005 1548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
04:06:22.0037 1548 ksthunk - ok
04:06:22.0052 1548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
04:06:22.0068 1548 lltdio - ok
04:06:22.0083 1548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:06:22.0099 1548 LSI_FC - ok
04:06:22.0099 1548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:06:22.0115 1548 LSI_SAS - ok
04:06:22.0115 1548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:06:22.0130 1548 LSI_SAS2 - ok
04:06:22.0146 1548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:06:22.0146 1548 LSI_SCSI - ok
04:06:22.0161 1548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
04:06:22.0193 1548 luafv - ok
04:06:22.0208 1548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
04:06:22.0208 1548 megasas - ok
04:06:22.0224 1548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
04:06:22.0239 1548 MegaSR - ok
04:06:22.0239 1548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
04:06:22.0271 1548 Modem - ok
04:06:22.0271 1548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
04:06:22.0286 1548 monitor - ok
04:06:22.0302 1548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
04:06:22.0302 1548 mouclass - ok
04:06:22.0317 1548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
04:06:22.0333 1548 mouhid - ok
04:06:22.0349 1548 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
04:06:22.0349 1548 mountmgr - ok
04:06:22.0364 1548 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
04:06:22.0364 1548 mpio - ok
04:06:22.0380 1548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
04:06:22.0395 1548 mpsdrv - ok
04:06:22.0411 1548 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
04:06:22.0427 1548 MRxDAV - ok
04:06:22.0458 1548 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:06:22.0458 1548 mrxsmb - ok
04:06:22.0473 1548 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:06:22.0473 1548 mrxsmb10 - ok
04:06:22.0489 1548 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:06:22.0489 1548 mrxsmb20 - ok
04:06:22.0520 1548 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
04:06:22.0520 1548 msahci - ok
04:06:22.0536 1548 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
04:06:22.0536 1548 msdsm - ok
04:06:22.0551 1548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
04:06:22.0583 1548 Msfs - ok
04:06:22.0583 1548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
04:06:22.0614 1548 mshidkmdf - ok
04:06:22.0614 1548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
04:06:22.0629 1548 msisadrv - ok
04:06:22.0645 1548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
04:06:22.0676 1548 MSKSSRV - ok
04:06:22.0676 1548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
04:06:22.0707 1548 MSPCLOCK - ok
04:06:22.0707 1548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
04:06:22.0739 1548 MSPQM - ok
04:06:22.0754 1548 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
04:06:22.0754 1548 MsRPC - ok
04:06:22.0770 1548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
04:06:22.0770 1548 mssmbios - ok
04:06:22.0785 1548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
04:06:22.0817 1548 MSTEE - ok
04:06:22.0832 1548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
04:06:22.0832 1548 MTConfig - ok
04:06:22.0848 1548 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
04:06:22.0848 1548 MTsensor - ok
04:06:22.0863 1548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
04:06:22.0863 1548 Mup - ok
04:06:22.0895 1548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
04:06:22.0895 1548 NativeWifiP - ok
04:06:22.0910 1548 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
04:06:22.0941 1548 NDIS - ok
04:06:22.0957 1548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
04:06:22.0988 1548 NdisCap - ok
04:06:22.0988 1548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
04:06:23.0019 1548 NdisTapi - ok
04:06:23.0019 1548 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
04:06:23.0051 1548 Ndisuio - ok
04:06:23.0051 1548 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
04:06:23.0082 1548 NdisWan - ok
04:06:23.0097 1548 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
04:06:23.0113 1548 NDProxy - ok
04:06:23.0129 1548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
04:06:23.0160 1548 NetBIOS - ok
04:06:23.0175 1548 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
04:06:23.0191 1548 NetBT - ok
04:06:23.0207 1548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
04:06:23.0222 1548 nfrd960 - ok
04:06:23.0238 1548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
04:06:23.0253 1548 Npfs - ok
04:06:23.0269 1548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
04:06:23.0300 1548 nsiproxy - ok
04:06:23.0316 1548 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
04:06:23.0347 1548 Ntfs - ok
04:06:23.0347 1548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
04:06:23.0378 1548 Null - ok
04:06:23.0394 1548 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
04:06:23.0394 1548 nvraid - ok
04:06:23.0409 1548 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
04:06:23.0425 1548 nvstor - ok
04:06:23.0425 1548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
04:06:23.0441 1548 nv_agp - ok
04:06:23.0456 1548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
04:06:23.0472 1548 ohci1394 - ok
04:06:23.0472 1548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
04:06:23.0487 1548 Parport - ok
04:06:23.0487 1548 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
04:06:23.0503 1548 partmgr - ok
04:06:23.0519 1548 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
04:06:23.0534 1548 pci - ok
04:06:23.0534 1548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
04:06:23.0550 1548 pciide - ok
04:06:23.0550 1548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
04:06:23.0565 1548 pcmcia - ok
04:06:23.0581 1548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
04:06:23.0581 1548 pcw - ok
04:06:23.0597 1548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
04:06:23.0628 1548 PEAUTH - ok
04:06:23.0659 1548 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
04:06:23.0659 1548 Point64 - ok
04:06:23.0675 1548 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
04:06:23.0690 1548 PptpMiniport - ok
04:06:23.0706 1548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
04:06:23.0721 1548 Processor - ok
04:06:23.0721 1548 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
04:06:23.0753 1548 Psched - ok
04:06:23.0784 1548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
04:06:23.0799 1548 ql2300 - ok
04:06:23.0831 1548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
04:06:23.0831 1548 ql40xx - ok
04:06:23.0846 1548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
04:06:23.0846 1548 QWAVEdrv - ok
04:06:23.0862 1548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
04:06:23.0877 1548 RasAcd - ok
04:06:23.0893 1548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:06:23.0924 1548 RasAgileVpn - ok
04:06:23.0924 1548 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:06:23.0955 1548 Rasl2tp - ok
04:06:23.0955 1548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
04:06:23.0987 1548 RasPppoe - ok
04:06:24.0002 1548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
04:06:24.0033 1548 RasSstp - ok
04:06:24.0049 1548 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
04:06:24.0065 1548 rdbss - ok
04:06:24.0080 1548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
04:06:24.0096 1548 rdpbus - ok
04:06:24.0096 1548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:06:24.0127 1548 RDPCDD - ok
04:06:24.0143 1548 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
04:06:24.0158 1548 RDPDR - ok
04:06:24.0158 1548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
04:06:24.0189 1548 RDPENCDD - ok
04:06:24.0205 1548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
04:06:24.0236 1548 RDPREFMP - ok
04:06:24.0236 1548 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
04:06:24.0267 1548 RDPWD - ok
04:06:24.0267 1548 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
04:06:24.0283 1548 rdyboost - ok
04:06:24.0299 1548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
04:06:24.0330 1548 rspndr - ok
04:06:24.0330 1548 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
04:06:24.0345 1548 RTL8167 - ok
04:06:24.0345 1548 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
04:06:24.0361 1548 s3cap - ok
04:06:24.0377 1548 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
04:06:24.0377 1548 sbp2port - ok
04:06:24.0392 1548 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
04:06:24.0408 1548 SCDEmu - ok
04:06:24.0408 1548 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
04:06:24.0439 1548 scfilter - ok
04:06:24.0455 1548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:06:24.0486 1548 secdrv - ok
04:06:24.0501 1548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
04:06:24.0517 1548 Serenum - ok
04:06:24.0533 1548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
04:06:24.0533 1548 Serial - ok
04:06:24.0548 1548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
04:06:24.0548 1548 sermouse - ok
04:06:24.0564 1548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
04:06:24.0579 1548 sffdisk - ok
04:06:24.0579 1548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
04:06:24.0595 1548 sffp_mmc - ok
04:06:24.0595 1548 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
04:06:24.0611 1548 sffp_sd - ok
04:06:24.0626 1548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
04:06:24.0642 1548 sfloppy - ok
04:06:24.0657 1548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:06:24.0657 1548 SiSRaid2 - ok
04:06:24.0673 1548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
04:06:24.0673 1548 SiSRaid4 - ok
04:06:24.0689 1548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
04:06:24.0720 1548 Smb - ok
04:06:24.0735 1548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
04:06:24.0735 1548 spldr - ok
04:06:24.0767 1548 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
04:06:24.0767 1548 srv - ok
04:06:24.0782 1548 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
04:06:24.0798 1548 srv2 - ok
04:06:24.0813 1548 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
04:06:24.0813 1548 srvnet - ok
04:06:24.0829 1548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
04:06:24.0845 1548 stexstor - ok
04:06:24.0845 1548 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
04:06:24.0860 1548 storflt - ok
04:06:24.0860 1548 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
04:06:24.0876 1548 storvsc - ok
04:06:24.0891 1548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
04:06:24.0891 1548 swenum - ok
04:06:24.0923 1548 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
04:06:24.0954 1548 Tcpip - ok
04:06:24.0969 1548 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
04:06:25.0001 1548 TCPIP6 - ok
04:06:25.0016 1548 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
04:06:25.0047 1548 tcpipreg - ok
04:06:25.0047 1548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
04:06:25.0079 1548 TDPIPE - ok
04:06:25.0079 1548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
04:06:25.0110 1548 TDTCP - ok
04:06:25.0110 1548 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
04:06:25.0141 1548 tdx - ok
04:06:25.0157 1548 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
04:06:25.0157 1548 TermDD - ok
04:06:25.0172 1548 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:06:25.0203 1548 tssecsrv - ok
04:06:25.0203 1548 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
04:06:25.0219 1548 TsUsbFlt - ok
04:06:25.0219 1548 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
04:06:25.0250 1548 tunnel - ok
04:06:25.0266 1548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
04:06:25.0266 1548 uagp35 - ok
04:06:25.0281 1548 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
04:06:25.0313 1548 udfs - ok
04:06:25.0328 1548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
04:06:25.0344 1548 uliagpkx - ok
04:06:25.0344 1548 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
04:06:25.0359 1548 umbus - ok
04:06:25.0359 1548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
04:06:25.0375 1548 UmPass - ok
04:06:25.0391 1548 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
04:06:25.0406 1548 usbaudio - ok
04:06:25.0406 1548 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
04:06:25.0422 1548 usbccgp - ok
04:06:25.0422 1548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
04:06:25.0437 1548 usbcir - ok
04:06:25.0453 1548 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
04:06:25.0453 1548 usbehci - ok
04:06:25.0469 1548 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
04:06:25.0484 1548 usbhub - ok
04:06:25.0484 1548 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
04:06:25.0500 1548 usbohci - ok
04:06:25.0515 1548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
04:06:25.0531 1548 usbprint - ok
04:06:25.0531 1548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
04:06:25.0547 1548 usbscan - ok
04:06:25.0547 1548 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:06:25.0562 1548 USBSTOR - ok
04:06:25.0578 1548 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
04:06:25.0578 1548 usbuhci - ok
04:06:25.0593 1548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
04:06:25.0609 1548 vdrvroot - ok
04:06:25.0609 1548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
04:06:25.0625 1548 vga - ok
04:06:25.0640 1548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
04:06:25.0671 1548 VgaSave - ok
04:06:25.0671 1548 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
04:06:25.0687 1548 vhdmp - ok
04:06:25.0703 1548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
04:06:25.0703 1548 viaide - ok
04:06:25.0718 1548 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
04:06:25.0718 1548 vmbus - ok
04:06:25.0734 1548 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
04:06:25.0734 1548 VMBusHID - ok
04:06:25.0765 1548 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
04:06:25.0765 1548 volmgr - ok
04:06:25.0781 1548 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
04:06:25.0781 1548 volmgrx - ok
04:06:25.0796 1548 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
04:06:25.0812 1548 volsnap - ok
04:06:25.0827 1548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
04:06:25.0843 1548 vsmraid - ok
04:06:25.0843 1548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
04:06:25.0859 1548 vwifibus - ok
04:06:25.0859 1548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
04:06:25.0874 1548 WacomPen - ok
04:06:25.0890 1548 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:25.0921 1548 WANARP - ok
04:06:25.0921 1548 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
04:06:25.0937 1548 Wanarpv6 - ok
04:06:25.0952 1548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
04:06:25.0968 1548 Wd - ok
04:06:25.0983 1548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:06:25.0983 1548 Wdf01000 - ok
04:06:26.0015 1548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
04:06:26.0046 1548 WfpLwf - ok
04:06:26.0046 1548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
04:06:26.0061 1548 WIMMount - ok
04:06:26.0093 1548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
04:06:26.0093 1548 WmiAcpi - ok
04:06:26.0108 1548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
04:06:26.0139 1548 ws2ifsl - ok
04:06:26.0155 1548 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
04:06:26.0171 1548 WudfPf - ok
04:06:26.0202 1548 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:06:26.0217 1548 WUDFRd - ok
04:06:26.0233 1548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:06:26.0249 1548 \Device\Harddisk0\DR0 - ok
04:06:26.0264 1548 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
04:06:26.0358 1548 \Device\Harddisk1\DR1 - ok
04:06:26.0358 1548 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR3
04:06:26.0514 1548 \Device\Harddisk2\DR3 - ok
04:06:26.0514 1548 Boot (0x1200) (097635f6c2983da48e70fbe298782b9a) \Device\Harddisk0\DR0\Partition0
04:06:26.0514 1548 \Device\Harddisk0\DR0\Partition0 - ok
04:06:26.0514 1548 Boot (0x1200) (d402aa603d0c11a8301f32f206d790ab) \Device\Harddisk0\DR0\Partition1
04:06:26.0514 1548 \Device\Harddisk0\DR0\Partition1 - ok
04:06:26.0529 1548 Boot (0x1200) (a0d05c970599e91e81e8e4a61df9723a) \Device\Harddisk1\DR1\Partition0
04:06:26.0529 1548 \Device\Harddisk1\DR1\Partition0 - ok
04:06:26.0529 1548 Boot (0x1200) (033112f47384690a084c4a9990075931) \Device\Harddisk1\DR1\Partition1
04:06:26.0529 1548 \Device\Harddisk1\DR1\Partition1 - ok
04:06:26.0529 1548 Boot (0x1200) (53073ebb503e7ee411e6c0abdd657e42) \Device\Harddisk2\DR3\Partition0
04:06:26.0529 1548 \Device\Harddisk2\DR3\Partition0 - ok
04:06:26.0529 1548 ============================================================
04:06:26.0529 1548 Scan finished
04:06:26.0529 1548 ============================================================
04:06:26.0529 1200 Detected object count: 0
04:06:26.0529 1200 Actual detected object count: 0
04:06:51.0224 1224 Deinitialize success

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 PM

Posted 11 December 2011 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431059 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 12 December 2011 - 03:28 AM

I got the system tools virus about a week ago. I flowed bleepingcomputer.com self help page on how to get rid of it that worked. The rootkit it installed did not get rid of when i tried the rootkilling program the bleepingcomputer.com said to use it did not find it. I then tired unhide to get back my desktop my PC restarts every time I tried to use that program. since i posted my first post i get random popups (Internet explorer - error popups mostly) i cant use google with out it sending me to random webpages. I have 3 or 4 new virus since my first post. malwarebytes has killed all of them, BUT I cant update it or any program on my PC. :(

I am using Win 7 64 bit.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by James at 0:06:07 on 2011-12-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.6487 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\sppsvc.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{FF95F534-5E2F-4306-9DA9-1ECC3E988C4C} : DhcpNameServer = 68.87.76.182 68.87.78.134
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\James\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\James\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-8 1153368]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-08 07:00:13 819712 ----a-w- C:\ProgramData\E34B.tmp
2011-12-06 19:57:44 -------- d-----we C:\Windows\system64
2011-12-06 12:52:51 -------- d-----w- C:\Users\James\AppData\Local\Google
2011-12-06 09:16:32 -------- d--h--w- C:\Users\James\AppData\Roaming\Malwarebytes
2011-12-06 09:16:25 -------- d--h--w- C:\ProgramData\Malwarebytes
2011-12-06 09:16:21 -------- d--h--w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-06 09:07:33 445064 ---ha-w- C:\ProgramData\mfMNqEiVOqaPjm.exe
2011-12-04 12:48:20 8822856 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1FFF5211-B50F-440C-9422-23AC2B471084}\mpengine.dll
2011-12-03 21:54:20 -------- d--h--w- C:\Users\James\AppData\Local\Red 5 Studios
2011-11-18 05:25:19 -------- d--h--w- C:\Program Files (x86)\AMD APP
.
==================== Find3M ====================
.
2011-11-18 05:27:45 414368 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 05:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-10-26 05:21:48 56832 ---ha-w- C:\Windows\SysWow64\OpenVideo.dll
2011-10-26 05:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
2011-10-26 05:21:34 56832 ---ha-w- C:\Windows\SysWow64\OVDecoder.dll
2011-10-26 05:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
2011-10-26 05:20:42 13950464 ---ha-w- C:\Windows\SysWow64\amdocl.dll
2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-26 02:05:58 748544 ---ha-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-26 01:59:48 18757120 ---ha-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-26 01:59:16 356352 ---ha-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-26 01:59:04 278528 ---ha-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-26 01:58:48 43520 ---ha-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-26 01:55:48 4292096 ---ha-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-26 01:43:24 1828864 ---ha-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-26 01:38:30 46080 ---ha-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-26 01:38:18 44032 ---ha-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-26 01:35:38 4353536 ---ha-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-26 01:34:56 8449024 ---ha-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-26 01:32:30 4189184 ---ha-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-26 01:22:30 339968 ---ha-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-26 01:22:16 14336 ---ha-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-26 01:22:06 32768 ---ha-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-26 01:21:06 31744 ---ha-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-26 01:20:52 29184 ---ha-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-26 01:15:58 53760 ---ha-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-26 01:15:58 53760 ---ha-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-07 05:29:04 51200 ----a-w- C:\Windows\System32\OpenCL.dll
2011-10-07 05:29:00 43520 ---ha-w- C:\Windows\SysWow64\OpenCL.dll
2011-10-03 11:32:08 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-03 11:32:08 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 09:16:16 280904 ---ha-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-10-01 07:32:00 75136 ---ha-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-30 08:27:27 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-30 08:27:27 444952 ---ha-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-30 08:27:27 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-30 08:27:27 109080 ---ha-w- C:\Windows\SysWow64\OpenAL32.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 18:47:40 53760 ---ha-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 18:38:28 37376 ---ha-w- C:\Windows\SysWow64\amdoclcl.dll
.
============= FINISH: 0:13:51.10 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 13 December 2011 - 02:10 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 December 2011 - 04:08 AM

So I ran combofix took 1.5 hours. It still has problem I was able to Google antivirus and get the right page but when i clinked the link mabye 3 diifent links i did not click on then it took me to a fake Norton antivirus page. (I clicked McAfee)combofix log below


ComboFix 11-12-12.02 - James 12/12/2011 23:49:36.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.5846 [GMT -8:00]
Running from: c:\users\James\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E34B.tmp
c:\programdata\mfMNqEiVOqaPjm.exe
c:\users\James\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\windows\system32\consrv.dll
c:\windows\System64
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-13 to 2011-12-13 )))))))))))))))))))))))))))))))
.
.
2011-12-13 08:25 . 2011-12-13 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 12:52 . 2011-12-06 12:53 -------- d-----w- c:\users\James\AppData\Local\Google
2011-12-06 09:16 . 2011-12-06 09:16 -------- d--h--w- c:\users\James\AppData\Roaming\Malwarebytes
2011-12-06 09:16 . 2011-12-06 09:16 -------- d--h--w- c:\programdata\Malwarebytes
2011-12-06 09:16 . 2011-12-06 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 12:48 . 2011-11-21 11:40 8822856 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FFF5211-B50F-440C-9422-23AC2B471084}\mpengine.dll
2011-12-03 21:54 . 2011-12-03 22:56 -------- d--h--w- c:\users\James\AppData\Local\Red 5 Studios
2011-11-18 05:27 . 2011-11-18 05:27 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 05:26 . 2011-11-18 05:26 -------- d--h--w- c:\programdata\ATI
2011-11-18 05:25 . 2011-11-18 05:25 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 05:27 . 2011-05-18 07:26 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ---ha-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ---ha-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 05:21 . 2011-10-26 05:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 05:20 . 2011-10-26 05:20 13950464 ---ha-w- c:\windows\SysWow64\amdocl.dll
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-10-26 02:05 748544 ---ha-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2010-05-27 17:02 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ---ha-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ---ha-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ---ha-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ---ha-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2011-10-26 01:55 4292096 ---ha-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2010-05-27 16:46 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ---ha-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-10-26 01:43 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ---ha-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ---ha-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2011-10-26 01:35 4353536 ---ha-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ---ha-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2011-10-26 01:32 4189184 ---ha-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-10-26 01:29 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2010-05-27 16:35 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ---ha-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ---ha-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ---ha-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-05-27 16:25 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2011-10-26 01:21 31744 ---ha-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-10-26 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2010-07-07 01:14 29184 ---ha-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ---ha-w- c:\windows\SysWow64\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ---ha-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-07 05:29 . 2011-10-07 05:29 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-07 05:29 . 2011-10-07 05:29 43520 ---ha-w- c:\windows\SysWow64\OpenCL.dll
2011-10-03 11:32 . 2010-10-05 09:07 280904 ---ha-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 11:32 . 2010-07-03 06:37 280904 ---ha-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 09:16 . 2010-07-03 06:37 280904 ---ha-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-01 07:32 . 2010-07-03 06:37 75136 ---ha-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-01 03:25 . 2011-10-12 07:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 07:11 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-30 08:27 . 2010-08-01 08:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-30 08:27 . 2010-08-01 08:44 444952 ---ha-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-30 08:27 . 2010-08-01 08:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-30 08:27 . 2010-08-01 08:44 109080 ---ha-w- c:\windows\SysWow64\OpenAL32.dll
2011-09-29 16:29 . 2011-11-09 07:01 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 07:01 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-09-14 18:47 . 2011-09-14 18:47 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-09-14 18:47 . 2011-09-14 18:47 53760 ---ha-w- c:\windows\SysWow64\OVDecode.dll
2011-09-14 18:38 . 2011-09-14 18:38 44032 ----a-w- c:\windows\system32\amdoclcl64.dll
2011-09-14 18:38 . 2011-09-14 18:38 37376 ---ha-w- c:\windows\SysWow64\amdoclcl.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="e:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514665016-3915237240-1536860632-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 12:52]
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514665016-3915237240-1536860632-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 12:52]
.
2010-10-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-10-09 22:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"combofix"="c:\combofix\CF29600.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ESN Sonar-0.70.0 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Steam App 20570 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 8980 - c:\program files (x86)\Steam\steam.exe
AddRemove-Z - F:\ZUninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2514665016-3915237240-1536860632-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,6e,8c,26,04,60,b6,05,49,dd,15,1f,37,ff,24,3f,a8,f7,d1,b2,71,64,b7,
e9,1d,cb,6f,3b,2d,7a,4d,26,9c,30,9c,ce,3f,6f,d4,98,96,ee,a1,b6,9f,32,75,23,\
"??"=hex:ff,e0,63,55,3f,ae,8b,66,b0,b2,b6,82,cc,51,47,ca
.
[HKEY_USERS\S-1-5-21-2514665016-3915237240-1536860632-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,2b,77,8e,ca,95,b7,bd,f8,64,e7,fd,f9,d8,18,48,55,0f,55,0f,b7,
03,c4,f5,e8,44,6c,03,74,d3,c6,f6,d3,b5,30,2f,81,7e,ee,52,49,f2,c2,49,12,04,\
"rkeysecu"=hex:75,a1,f4,67,fb,e4,ee,70,3e,49,77,ec,c2,12,5a,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2011-12-13 01:01:13 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-13 09:01
.
Pre-Run: 2,883,596,288 bytes free
Post-Run: 3,185,311,744 bytes free
.
- - End Of File - - 59C82352C8BF6A40C42B9C223B91509A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 13 December 2011 - 07:14 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 13 December 2011 - 08:17 AM

when I clicked on that download link it took me to a random web page, so I had to download it form a different computer and move it with a usb drive. log below

05:12:32.0143 3616 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
05:12:32.0642 3616 ============================================================
05:12:32.0642 3616 Current date / time: 2011/12/13 05:12:32.0642
05:12:32.0642 3616 SystemInfo:
05:12:32.0642 3616
05:12:32.0642 3616 OS Version: 6.1.7601 ServicePack: 1.0
05:12:32.0642 3616 Product type: Workstation
05:12:32.0642 3616 ComputerName: DEATHMASTER436
05:12:32.0642 3616 UserName: James
05:12:32.0642 3616 Windows directory: C:\Windows
05:12:32.0642 3616 System windows directory: C:\Windows
05:12:32.0642 3616 Running under WOW64
05:12:32.0642 3616 Processor architecture: Intel x64
05:12:32.0642 3616 Number of processors: 4
05:12:32.0642 3616 Page size: 0x1000
05:12:32.0642 3616 Boot type: Normal boot
05:12:32.0642 3616 ============================================================
05:12:32.0767 3616 Initialize success
05:12:34.0499 3928 ============================================================
05:12:34.0499 3928 Scan started
05:12:34.0499 3928 Mode: Manual;
05:12:34.0499 3928 ============================================================
05:12:34.0795 3928 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
05:12:34.0795 3928 1394ohci - ok
05:12:34.0826 3928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
05:12:34.0826 3928 ACPI - ok
05:12:34.0826 3928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
05:12:34.0826 3928 AcpiPmi - ok
05:12:34.0858 3928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
05:12:34.0858 3928 adp94xx - ok
05:12:34.0873 3928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
05:12:34.0873 3928 adpahci - ok
05:12:34.0889 3928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
05:12:34.0889 3928 adpu320 - ok
05:12:34.0904 3928 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
05:12:34.0920 3928 AFD - ok
05:12:34.0920 3928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
05:12:34.0920 3928 agp440 - ok
05:12:34.0936 3928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
05:12:34.0936 3928 aliide - ok
05:12:34.0951 3928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
05:12:34.0951 3928 amdide - ok
05:12:34.0967 3928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
05:12:34.0967 3928 AmdK8 - ok
05:12:35.0092 3928 amdkmdag (0415ffe1b6a6ea141feafca57567f57f) C:\Windows\system32\DRIVERS\atikmdag.sys
05:12:35.0154 3928 amdkmdag - ok
05:12:35.0170 3928 amdkmdap (dc24d6f38f17c0d643d9aa8a6852f8d0) C:\Windows\system32\DRIVERS\atikmpag.sys
05:12:35.0170 3928 amdkmdap - ok
05:12:35.0185 3928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
05:12:35.0185 3928 AmdPPM - ok
05:12:35.0201 3928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
05:12:35.0201 3928 amdsata - ok
05:12:35.0216 3928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
05:12:35.0216 3928 amdsbs - ok
05:12:35.0216 3928 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
05:12:35.0216 3928 amdxata - ok
05:12:35.0232 3928 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
05:12:35.0232 3928 AppID - ok
05:12:35.0263 3928 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
05:12:35.0263 3928 arc - ok
05:12:35.0279 3928 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
05:12:35.0294 3928 arcsas - ok
05:12:35.0310 3928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
05:12:35.0310 3928 AsyncMac - ok
05:12:35.0326 3928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
05:12:35.0326 3928 atapi - ok
05:12:35.0341 3928 AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
05:12:35.0341 3928 AtiHDAudioService - ok
05:12:35.0357 3928 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
05:12:35.0357 3928 AtiHdmiService - ok
05:12:35.0372 3928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
05:12:35.0388 3928 b06bdrv - ok
05:12:35.0404 3928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
05:12:35.0404 3928 b57nd60a - ok
05:12:35.0419 3928 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
05:12:35.0419 3928 Beep - ok
05:12:35.0435 3928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
05:12:35.0435 3928 blbdrive - ok
05:12:35.0450 3928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
05:12:35.0450 3928 bowser - ok
05:12:35.0466 3928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
05:12:35.0466 3928 BrFiltLo - ok
05:12:35.0466 3928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
05:12:35.0466 3928 BrFiltUp - ok
05:12:35.0482 3928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
05:12:35.0497 3928 Brserid - ok
05:12:35.0497 3928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
05:12:35.0497 3928 BrSerWdm - ok
05:12:35.0513 3928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
05:12:35.0513 3928 BrUsbMdm - ok
05:12:35.0528 3928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
05:12:35.0528 3928 BrUsbSer - ok
05:12:35.0544 3928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
05:12:35.0544 3928 BTHMODEM - ok
05:12:35.0560 3928 catchme - ok
05:12:35.0560 3928 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
05:12:35.0560 3928 cdfs - ok
05:12:35.0575 3928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
05:12:35.0575 3928 cdrom - ok
05:12:35.0591 3928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
05:12:35.0591 3928 circlass - ok
05:12:35.0606 3928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
05:12:35.0622 3928 CLFS - ok
05:12:35.0638 3928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
05:12:35.0638 3928 CmBatt - ok
05:12:35.0638 3928 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
05:12:35.0638 3928 cmdide - ok
05:12:35.0669 3928 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
05:12:35.0669 3928 CNG - ok
05:12:35.0684 3928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
05:12:35.0684 3928 Compbatt - ok
05:12:35.0684 3928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
05:12:35.0700 3928 CompositeBus - ok
05:12:35.0700 3928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
05:12:35.0700 3928 crcdisk - ok
05:12:35.0731 3928 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
05:12:35.0731 3928 CSC - ok
05:12:35.0762 3928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
05:12:35.0762 3928 DfsC - ok
05:12:35.0762 3928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
05:12:35.0778 3928 discache - ok
05:12:35.0778 3928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
05:12:35.0778 3928 Disk - ok
05:12:35.0794 3928 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
05:12:35.0794 3928 drmkaud - ok
05:12:35.0825 3928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
05:12:35.0840 3928 DXGKrnl - ok
05:12:35.0840 3928 EagleX64 - ok
05:12:35.0903 3928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
05:12:35.0934 3928 ebdrv - ok
05:12:35.0950 3928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
05:12:35.0950 3928 elxstor - ok
05:12:35.0965 3928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
05:12:35.0965 3928 ErrDev - ok
05:12:35.0981 3928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
05:12:35.0981 3928 exfat - ok
05:12:35.0996 3928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
05:12:35.0996 3928 fastfat - ok
05:12:36.0012 3928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
05:12:36.0012 3928 fdc - ok
05:12:36.0028 3928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
05:12:36.0028 3928 FileInfo - ok
05:12:36.0043 3928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
05:12:36.0043 3928 Filetrace - ok
05:12:36.0059 3928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
05:12:36.0059 3928 flpydisk - ok
05:12:36.0059 3928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
05:12:36.0074 3928 FltMgr - ok
05:12:36.0074 3928 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
05:12:36.0090 3928 FsDepends - ok
05:12:36.0090 3928 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
05:12:36.0090 3928 Fs_Rec - ok
05:12:36.0106 3928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
05:12:36.0106 3928 fvevol - ok
05:12:36.0121 3928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
05:12:36.0121 3928 gagp30kx - ok
05:12:36.0137 3928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
05:12:36.0137 3928 hcw85cir - ok
05:12:36.0152 3928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
05:12:36.0152 3928 HdAudAddService - ok
05:12:36.0168 3928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
05:12:36.0168 3928 HDAudBus - ok
05:12:36.0168 3928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
05:12:36.0168 3928 HidBatt - ok
05:12:36.0184 3928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
05:12:36.0184 3928 HidBth - ok
05:12:36.0199 3928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
05:12:36.0199 3928 HidIr - ok
05:12:36.0215 3928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
05:12:36.0215 3928 HidUsb - ok
05:12:36.0230 3928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
05:12:36.0230 3928 HpSAMD - ok
05:12:36.0262 3928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
05:12:36.0262 3928 HTTP - ok
05:12:36.0277 3928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
05:12:36.0277 3928 hwpolicy - ok
05:12:36.0293 3928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
05:12:36.0293 3928 i8042prt - ok
05:12:36.0308 3928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
05:12:36.0308 3928 iaStorV - ok
05:12:36.0340 3928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
05:12:36.0340 3928 iirsp - ok
05:12:36.0355 3928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
05:12:36.0355 3928 intelide - ok
05:12:36.0371 3928 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
05:12:36.0371 3928 intelppm - ok
05:12:36.0386 3928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
05:12:36.0386 3928 IpFilterDriver - ok
05:12:36.0402 3928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
05:12:36.0402 3928 IPMIDRV - ok
05:12:36.0418 3928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
05:12:36.0418 3928 IPNAT - ok
05:12:36.0433 3928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
05:12:36.0433 3928 IRENUM - ok
05:12:36.0449 3928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
05:12:36.0449 3928 isapnp - ok
05:12:36.0449 3928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
05:12:36.0464 3928 iScsiPrt - ok
05:12:36.0464 3928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
05:12:36.0464 3928 kbdclass - ok
05:12:36.0480 3928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
05:12:36.0480 3928 kbdhid - ok
05:12:36.0496 3928 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
05:12:36.0496 3928 KSecDD - ok
05:12:36.0511 3928 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
05:12:36.0511 3928 KSecPkg - ok
05:12:36.0527 3928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
05:12:36.0527 3928 ksthunk - ok
05:12:36.0542 3928 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
05:12:36.0542 3928 lltdio - ok
05:12:36.0558 3928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
05:12:36.0558 3928 LSI_FC - ok
05:12:36.0574 3928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
05:12:36.0574 3928 LSI_SAS - ok
05:12:36.0574 3928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
05:12:36.0574 3928 LSI_SAS2 - ok
05:12:36.0589 3928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
05:12:36.0589 3928 LSI_SCSI - ok
05:12:36.0605 3928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
05:12:36.0605 3928 luafv - ok
05:12:36.0620 3928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
05:12:36.0620 3928 megasas - ok
05:12:36.0636 3928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
05:12:36.0636 3928 MegaSR - ok
05:12:36.0652 3928 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
05:12:36.0652 3928 Modem - ok
05:12:36.0667 3928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
05:12:36.0667 3928 monitor - ok
05:12:36.0667 3928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
05:12:36.0667 3928 mouclass - ok
05:12:36.0683 3928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
05:12:36.0683 3928 mouhid - ok
05:12:36.0698 3928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
05:12:36.0698 3928 mountmgr - ok
05:12:36.0714 3928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
05:12:36.0714 3928 mpio - ok
05:12:36.0730 3928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
05:12:36.0730 3928 mpsdrv - ok
05:12:36.0730 3928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
05:12:36.0745 3928 MRxDAV - ok
05:12:36.0745 3928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
05:12:36.0761 3928 mrxsmb - ok
05:12:36.0761 3928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
05:12:36.0776 3928 mrxsmb10 - ok
05:12:36.0776 3928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
05:12:36.0792 3928 mrxsmb20 - ok
05:12:36.0792 3928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
05:12:36.0792 3928 msahci - ok
05:12:36.0808 3928 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
05:12:36.0808 3928 msdsm - ok
05:12:36.0823 3928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
05:12:36.0823 3928 Msfs - ok
05:12:36.0839 3928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
05:12:36.0839 3928 mshidkmdf - ok
05:12:36.0854 3928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
05:12:36.0854 3928 msisadrv - ok
05:12:36.0870 3928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
05:12:36.0870 3928 MSKSSRV - ok
05:12:36.0870 3928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
05:12:36.0870 3928 MSPCLOCK - ok
05:12:36.0886 3928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
05:12:36.0886 3928 MSPQM - ok
05:12:36.0901 3928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
05:12:36.0901 3928 MsRPC - ok
05:12:36.0917 3928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
05:12:36.0917 3928 mssmbios - ok
05:12:36.0932 3928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
05:12:36.0932 3928 MSTEE - ok
05:12:36.0948 3928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
05:12:36.0948 3928 MTConfig - ok
05:12:36.0948 3928 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
05:12:36.0948 3928 MTsensor - ok
05:12:36.0964 3928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
05:12:36.0964 3928 Mup - ok
05:12:36.0979 3928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
05:12:36.0979 3928 NativeWifiP - ok
05:12:37.0010 3928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
05:12:37.0010 3928 NDIS - ok
05:12:37.0026 3928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
05:12:37.0026 3928 NdisCap - ok
05:12:37.0026 3928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
05:12:37.0026 3928 NdisTapi - ok
05:12:37.0042 3928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
05:12:37.0042 3928 Ndisuio - ok
05:12:37.0057 3928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
05:12:37.0057 3928 NdisWan - ok
05:12:37.0073 3928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
05:12:37.0073 3928 NDProxy - ok
05:12:37.0088 3928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
05:12:37.0088 3928 NetBIOS - ok
05:12:37.0104 3928 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
05:12:37.0104 3928 NetBT - ok
05:12:37.0120 3928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
05:12:37.0120 3928 nfrd960 - ok
05:12:37.0135 3928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
05:12:37.0135 3928 Npfs - ok
05:12:37.0151 3928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
05:12:37.0151 3928 nsiproxy - ok
05:12:37.0182 3928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
05:12:37.0198 3928 Ntfs - ok
05:12:37.0198 3928 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
05:12:37.0198 3928 Null - ok
05:12:37.0213 3928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
05:12:37.0213 3928 nvraid - ok
05:12:37.0229 3928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
05:12:37.0229 3928 nvstor - ok
05:12:37.0244 3928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
05:12:37.0244 3928 nv_agp - ok
05:12:37.0260 3928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
05:12:37.0260 3928 ohci1394 - ok
05:12:37.0276 3928 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
05:12:37.0276 3928 Parport - ok
05:12:37.0291 3928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
05:12:37.0291 3928 partmgr - ok
05:12:37.0307 3928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
05:12:37.0307 3928 pci - ok
05:12:37.0307 3928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
05:12:37.0322 3928 pciide - ok
05:12:37.0322 3928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
05:12:37.0322 3928 pcmcia - ok
05:12:37.0338 3928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
05:12:37.0338 3928 pcw - ok
05:12:37.0354 3928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
05:12:37.0369 3928 PEAUTH - ok
05:12:37.0385 3928 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
05:12:37.0400 3928 Point64 - ok
05:12:37.0416 3928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
05:12:37.0416 3928 PptpMiniport - ok
05:12:37.0416 3928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
05:12:37.0416 3928 Processor - ok
05:12:37.0432 3928 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
05:12:37.0432 3928 Psched - ok
05:12:37.0463 3928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
05:12:37.0478 3928 ql2300 - ok
05:12:37.0494 3928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
05:12:37.0494 3928 ql40xx - ok
05:12:37.0510 3928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
05:12:37.0510 3928 QWAVEdrv - ok
05:12:37.0510 3928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
05:12:37.0510 3928 RasAcd - ok
05:12:37.0525 3928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
05:12:37.0525 3928 RasAgileVpn - ok
05:12:37.0541 3928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
05:12:37.0541 3928 Rasl2tp - ok
05:12:37.0556 3928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
05:12:37.0556 3928 RasPppoe - ok
05:12:37.0572 3928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
05:12:37.0572 3928 RasSstp - ok
05:12:37.0588 3928 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
05:12:37.0588 3928 rdbss - ok
05:12:37.0588 3928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
05:12:37.0603 3928 rdpbus - ok
05:12:37.0603 3928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
05:12:37.0603 3928 RDPCDD - ok
05:12:37.0619 3928 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
05:12:37.0619 3928 RDPDR - ok
05:12:37.0634 3928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
05:12:37.0634 3928 RDPENCDD - ok
05:12:37.0650 3928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
05:12:37.0650 3928 RDPREFMP - ok
05:12:37.0666 3928 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
05:12:37.0666 3928 RDPWD - ok
05:12:37.0697 3928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
05:12:37.0697 3928 rdyboost - ok
05:12:37.0712 3928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
05:12:37.0712 3928 rspndr - ok
05:12:37.0728 3928 RTL8167 (4fe1cef69d36e913738234303986fbb3) C:\Windows\system32\DRIVERS\Rt64win7.sys
05:12:37.0744 3928 RTL8167 - ok
05:12:37.0744 3928 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
05:12:37.0744 3928 s3cap - ok
05:12:37.0759 3928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
05:12:37.0759 3928 sbp2port - ok
05:12:37.0775 3928 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
05:12:37.0790 3928 SCDEmu - ok
05:12:37.0790 3928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
05:12:37.0790 3928 scfilter - ok
05:12:37.0806 3928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
05:12:37.0806 3928 secdrv - ok
05:12:37.0822 3928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
05:12:37.0822 3928 Serenum - ok
05:12:37.0837 3928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
05:12:37.0837 3928 Serial - ok
05:12:37.0853 3928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
05:12:37.0853 3928 sermouse - ok
05:12:37.0868 3928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
05:12:37.0868 3928 sffdisk - ok
05:12:37.0884 3928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
05:12:37.0884 3928 sffp_mmc - ok
05:12:37.0884 3928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
05:12:37.0884 3928 sffp_sd - ok
05:12:37.0900 3928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
05:12:37.0900 3928 sfloppy - ok
05:12:37.0915 3928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
05:12:37.0915 3928 SiSRaid2 - ok
05:12:37.0931 3928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
05:12:37.0931 3928 SiSRaid4 - ok
05:12:37.0946 3928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
05:12:37.0946 3928 Smb - ok
05:12:37.0962 3928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
05:12:37.0962 3928 spldr - ok
05:12:37.0978 3928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
05:12:37.0978 3928 srv - ok
05:12:38.0009 3928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
05:12:38.0009 3928 srv2 - ok
05:12:38.0024 3928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
05:12:38.0024 3928 srvnet - ok
05:12:38.0040 3928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
05:12:38.0040 3928 stexstor - ok
05:12:38.0056 3928 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
05:12:38.0056 3928 storflt - ok
05:12:38.0056 3928 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
05:12:38.0071 3928 storvsc - ok
05:12:38.0071 3928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
05:12:38.0071 3928 swenum - ok
05:12:38.0118 3928 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
05:12:38.0118 3928 Tcpip - ok
05:12:38.0149 3928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
05:12:38.0149 3928 TCPIP6 - ok
05:12:38.0165 3928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
05:12:38.0165 3928 tcpipreg - ok
05:12:38.0180 3928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
05:12:38.0180 3928 TDPIPE - ok
05:12:38.0196 3928 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
05:12:38.0196 3928 TDTCP - ok
05:12:38.0196 3928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
05:12:38.0212 3928 tdx - ok
05:12:38.0212 3928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
05:12:38.0212 3928 TermDD - ok
05:12:38.0227 3928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
05:12:38.0227 3928 tssecsrv - ok
05:12:38.0243 3928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
05:12:38.0243 3928 TsUsbFlt - ok
05:12:38.0258 3928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
05:12:38.0258 3928 tunnel - ok
05:12:38.0274 3928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
05:12:38.0274 3928 uagp35 - ok
05:12:38.0290 3928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
05:12:38.0290 3928 udfs - ok
05:12:38.0305 3928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
05:12:38.0305 3928 uliagpkx - ok
05:12:38.0305 3928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
05:12:38.0305 3928 umbus - ok
05:12:38.0321 3928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
05:12:38.0321 3928 UmPass - ok
05:12:38.0336 3928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
05:12:38.0336 3928 usbaudio - ok
05:12:38.0352 3928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
05:12:38.0352 3928 usbccgp - ok
05:12:38.0368 3928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
05:12:38.0368 3928 usbcir - ok
05:12:38.0368 3928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
05:12:38.0368 3928 usbehci - ok
05:12:38.0383 3928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
05:12:38.0383 3928 usbhub - ok
05:12:38.0399 3928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
05:12:38.0399 3928 usbohci - ok
05:12:38.0414 3928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
05:12:38.0414 3928 usbprint - ok
05:12:38.0414 3928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
05:12:38.0430 3928 usbscan - ok
05:12:38.0430 3928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
05:12:38.0430 3928 USBSTOR - ok
05:12:38.0446 3928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
05:12:38.0446 3928 usbuhci - ok
05:12:38.0461 3928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
05:12:38.0461 3928 vdrvroot - ok
05:12:38.0477 3928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
05:12:38.0477 3928 vga - ok
05:12:38.0477 3928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
05:12:38.0477 3928 VgaSave - ok
05:12:38.0492 3928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
05:12:38.0492 3928 vhdmp - ok
05:12:38.0508 3928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
05:12:38.0508 3928 viaide - ok
05:12:38.0524 3928 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
05:12:38.0524 3928 vmbus - ok
05:12:38.0524 3928 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
05:12:38.0524 3928 VMBusHID - ok
05:12:38.0539 3928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
05:12:38.0539 3928 volmgr - ok
05:12:38.0555 3928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
05:12:38.0555 3928 volmgrx - ok
05:12:38.0570 3928 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
05:12:38.0570 3928 volsnap - ok
05:12:38.0586 3928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
05:12:38.0586 3928 vsmraid - ok
05:12:38.0602 3928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
05:12:38.0602 3928 vwifibus - ok
05:12:38.0617 3928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
05:12:38.0617 3928 WacomPen - ok
05:12:38.0617 3928 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:12:38.0617 3928 WANARP - ok
05:12:38.0633 3928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
05:12:38.0633 3928 Wanarpv6 - ok
05:12:38.0648 3928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
05:12:38.0648 3928 Wd - ok
05:12:38.0664 3928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
05:12:38.0664 3928 Wdf01000 - ok
05:12:38.0680 3928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
05:12:38.0680 3928 WfpLwf - ok
05:12:38.0695 3928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
05:12:38.0695 3928 WIMMount - ok
05:12:38.0711 3928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
05:12:38.0711 3928 WmiAcpi - ok
05:12:38.0726 3928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
05:12:38.0726 3928 ws2ifsl - ok
05:12:38.0742 3928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
05:12:38.0742 3928 WudfPf - ok
05:12:38.0758 3928 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
05:12:38.0758 3928 WUDFRd - ok
05:12:38.0773 3928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
05:12:38.0773 3928 \Device\Harddisk0\DR0 - ok
05:12:38.0773 3928 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
05:12:38.0773 3928 \Device\Harddisk1\DR1 - ok
05:12:38.0773 3928 Boot (0x1200) (097635f6c2983da48e70fbe298782b9a) \Device\Harddisk0\DR0\Partition0
05:12:38.0773 3928 \Device\Harddisk0\DR0\Partition0 - ok
05:12:38.0789 3928 Boot (0x1200) (d402aa603d0c11a8301f32f206d790ab) \Device\Harddisk0\DR0\Partition1
05:12:38.0789 3928 \Device\Harddisk0\DR0\Partition1 - ok
05:12:38.0789 3928 Boot (0x1200) (a0d05c970599e91e81e8e4a61df9723a) \Device\Harddisk1\DR1\Partition0
05:12:38.0789 3928 \Device\Harddisk1\DR1\Partition0 - ok
05:12:38.0804 3928 Boot (0x1200) (033112f47384690a084c4a9990075931) \Device\Harddisk1\DR1\Partition1
05:12:38.0804 3928 \Device\Harddisk1\DR1\Partition1 - ok
05:12:38.0804 3928 ============================================================
05:12:38.0804 3928 Scan finished
05:12:38.0804 3928 ============================================================
05:12:38.0804 2252 Detected object count: 0
05:12:38.0804 2252 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 13 December 2011 - 08:48 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 14 December 2011 - 03:44 AM

whatever I have was not leting the progamr run so i had to reame it some random name to get around it. log below

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 00:32:31
-----------------------------
00:32:31.469 OS Version: Windows x64 6.1.7601 Service Pack 1
00:32:31.469 Number of processors: 4 586 0x1E05
00:32:31.469 ComputerName: DEATHMASTER436 UserName: James
00:32:32.015 Initialize success
00:33:26.959 AVAST engine defs: 11121400
00:34:51.957 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:34:51.957 Disk 0 Vendor: INTEL_SSDSA2M080G2GN 2CV102HD Size: 76319MB BusType: 11
00:34:52.440 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
00:34:52.440 Disk 1 Vendor: WDC_WD10EARS-22Y5B1 80.00A80 Size: 76319MB BusType: 11
00:34:52.456 Disk 0 MBR read successfully
00:34:52.456 Disk 0 MBR scan
00:34:52.472 Disk 0 Windows 7 default MBR code
00:34:52.472 Disk 0 MBR hidden
00:34:52.472 Service scanning
00:34:53.376 Modules scanning
00:34:53.376 Disk 0 trace - called modules:
00:34:53.392 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006f5e334]<<
00:34:53.392 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f4b060]
00:34:53.408 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80068de1e0]
00:34:53.408 5 ACPI.sys[fffff88000f0c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800692b060]
00:34:53.408 \Driver\atapi[0xfffffa80068d1e40] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006f5e334
00:34:53.548 AVAST engine scan C:\Windows
00:34:54.110 AVAST engine scan C:\Windows\system32
00:35:25.575 AVAST engine scan C:\Windows\system32\drivers
00:35:27.806 AVAST engine scan C:\Users\James
00:35:51.830 File: C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4469ab8f-155bc25b **INFECTED** Win32:Downloader-LRQ [Trj]
00:35:51.876 File: C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2ca00d5-7b2fc39d **INFECTED** Win32:Kryptik-FYL [Trj]
00:36:21.392 AVAST engine scan C:\ProgramData
00:36:41.563 Scan finished successfully
00:39:21.993 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
00:39:21.993 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 14 December 2011 - 03:50 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 14 December 2011 - 04:58 AM

it said MBR was infected i fixed restarted the PC then ran aswMBR.exe again log below:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-14 01:32:19
-----------------------------
01:32:19.555 OS Version: Windows x64 6.1.7601 Service Pack 1
01:32:19.555 Number of processors: 4 586 0x1E05
01:32:19.555 ComputerName: DEATHMASTER436 UserName: James
01:32:19.633 Initialize success
01:32:22.222 AVAST engine defs: 11121400
01:32:26.325 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:32:26.325 Disk 0 Vendor: INTEL_SSDSA2M080G2GN 2CV102HD Size: 76319MB BusType: 11
01:32:26.341 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
01:32:26.341 Disk 1 Vendor: WDC_WD10EARS-22Y5B1 80.00A80 Size: 953869MB BusType: 11
01:32:26.341 Disk 0 MBR read successfully
01:32:26.341 Disk 0 MBR scan
01:32:26.341 Disk 0 Windows 7 default MBR code
01:32:26.341 Service scanning
01:32:27.324 Modules scanning
01:32:27.324 Disk 0 trace - called modules:
01:32:27.324 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:32:27.324 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f68060]
01:32:27.339 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8006d45520]
01:32:27.339 5 ACPI.sys[fffff88000f0f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80069881f0]
01:32:27.823 AVAST engine scan C:\Windows
01:32:28.416 AVAST engine scan C:\Windows\system32
01:32:59.222 AVAST engine scan C:\Windows\system32\drivers
01:33:01.468 AVAST engine scan C:\Users\James
01:33:25.680 File: C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4469ab8f-155bc25b **INFECTED** Win32:Downloader-LRQ [Trj]
01:33:25.726 File: C:\Users\James\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\2ca00d5-7b2fc39d **INFECTED** Win32:Kryptik-FYL [Trj]
01:34:03.588 AVAST engine scan C:\ProgramData
01:34:22.791 Scan finished successfully
01:34:39.202 Disk 0 MBR has been saved successfully to "C:\Users\James\Desktop\MBR.dat"
01:34:39.218 The log file has been saved successfully to "C:\Users\James\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 14 December 2011 - 07:26 AM

Greetings

How is the computer running now :thumbup2:

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 15 December 2011 - 02:14 AM

it has stopped going to random webpages :thumbup2: I can now update my all programs again :thumbsup: i was able to run unhide.exe. Im almost sure im clean here is the log:

ComboFix 11-12-13.03 - James 12/14/2011 4:34.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8183.6516 [GMT -8:00]
Running from: c:\users\James\Desktop\ComboFix.exe
Command switches used :: c:\users\James\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))
.
.
2011-12-14 12:36 . 2011-12-14 12:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-06 12:52 . 2011-12-06 12:53 -------- d-----w- c:\users\James\AppData\Local\Google
2011-12-06 09:16 . 2011-12-06 09:16 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes
2011-12-06 09:16 . 2011-12-06 09:16 -------- d-----w- c:\programdata\Malwarebytes
2011-12-06 09:16 . 2011-12-06 09:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-04 12:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FFF5211-B50F-440C-9422-23AC2B471084}\mpengine.dll
2011-12-03 21:54 . 2011-12-03 22:56 -------- d-----w- c:\users\James\AppData\Local\Red 5 Studios
2011-11-18 05:27 . 2011-11-18 05:27 -------- d-----w- c:\windows\system32\Macromed
2011-11-18 05:26 . 2011-11-18 05:26 -------- d-----w- c:\programdata\ATI
2011-11-18 05:25 . 2011-11-18 05:25 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 05:27 . 2011-05-18 07:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-10-26 05:21 . 2011-10-26 05:21 66560 ----a-w- c:\windows\system32\OVDecoder64.dll
2011-10-26 05:21 . 2011-10-26 05:21 56832 ----a-w- c:\windows\SysWow64\OVDecoder.dll
2011-10-26 05:21 . 2011-10-26 05:21 16991744 ----a-w- c:\windows\system32\amdocl64.dll
2011-10-26 05:20 . 2011-10-26 05:20 13950464 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-10-26 03:05 . 2011-10-26 03:05 10496512 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-10-26 02:16 . 2011-10-26 02:16 24866816 ----a-w- c:\windows\system32\atio6axx.dll
2011-10-26 02:06 . 2011-10-26 02:06 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-10-26 02:05 . 2011-10-26 02:05 748544 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-10-26 02:04 . 2010-05-27 17:02 892416 ----a-w- c:\windows\system32\aticfx64.dll
2011-10-26 02:01 . 2011-10-26 02:01 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-10-26 02:01 . 2011-10-26 02:01 517120 ----a-w- c:\windows\system32\atieclxx.exe
2011-10-26 02:00 . 2011-10-26 02:00 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-10-26 01:59 . 2011-10-26 01:59 18757120 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-10-26 01:59 . 2011-10-26 01:59 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-10-26 01:59 . 2011-10-26 01:59 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-10-26 01:59 . 2011-10-26 01:59 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-10-26 01:58 . 2011-10-26 01:58 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-10-26 01:58 . 2011-10-26 01:58 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-10-26 01:58 . 2011-10-26 01:58 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-10-26 01:55 . 2011-10-26 01:55 4292096 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-10-26 01:46 . 2010-05-27 16:46 5041664 ----a-w- c:\windows\system32\atidxx64.dll
2011-10-26 01:43 . 2011-10-26 01:43 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-10-26 01:43 . 2011-10-26 01:43 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-10-26 01:43 . 2011-10-26 01:43 4044288 ----a-w- c:\windows\system32\atiumd6a.dll
2011-10-26 01:38 . 2011-10-26 01:38 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-10-26 01:38 . 2011-10-26 01:38 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-10-26 01:38 . 2011-10-26 01:38 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-10-26 01:38 . 2011-10-26 01:38 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-10-26 01:38 . 2011-10-26 01:38 9978880 ----a-w- c:\windows\system32\aticaldd64.dll
2011-10-26 01:35 . 2011-10-26 01:35 4353536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-10-26 01:34 . 2011-10-26 01:34 8449024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-10-26 01:32 . 2011-10-26 01:32 4189184 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-10-26 01:29 . 2011-10-26 01:29 5510144 ----a-w- c:\windows\system32\atiumd64.dll
2011-10-26 01:29 . 2010-05-27 16:35 58880 ----a-w- c:\windows\system32\coinst.dll
2011-10-26 01:22 . 2011-10-26 01:22 486912 ----a-w- c:\windows\system32\atiadlxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 339968 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-10-26 01:22 . 2011-10-26 01:22 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-10-26 01:22 . 2011-10-26 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-10-26 01:22 . 2011-10-26 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-10-26 01:21 . 2011-10-26 01:21 326656 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-10-26 01:21 . 2010-05-27 16:25 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-10-26 01:21 . 2011-10-26 01:21 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-10-26 01:21 . 2011-10-26 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-10-26 01:20 . 2010-07-07 01:14 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-10-26 01:20 . 2011-10-26 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-10-26 01:16 . 2011-10-26 01:16 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-10-26 01:15 . 2011-10-26 01:15 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-10-07 05:29 . 2011-10-07 05:29 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-07 05:29 . 2011-10-07 05:29 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-03 11:32 . 2010-10-05 09:07 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-10-03 11:32 . 2010-07-03 06:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-01 09:16 . 2010-07-03 06:37 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-01 07:32 . 2010-07-03 06:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-10-01 03:25 . 2011-10-12 07:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 07:11 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-30 08:27 . 2010-08-01 08:44 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-30 08:27 . 2010-08-01 08:44 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-09-30 08:27 . 2010-08-01 08:44 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-30 08:27 . 2010-08-01 08:44 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-09-29 16:29 . 2011-11-09 07:01 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 07:01 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-13_08.29.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-16 18:21 . 2011-12-14 09:33 32314 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-14 09:33 33260 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-16 18:21 . 2011-12-14 09:33 11126 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2514665016-3915237240-1536860632-1000_UserData.bin
- 2010-06-16 17:30 . 2011-12-13 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-16 17:30 . 2011-12-13 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 17:30 . 2011-12-13 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-16 17:30 . 2011-12-13 14:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-13 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-13 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 18:11 . 2011-12-13 14:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 18:11 . 2011-12-13 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 18:11 . 2011-12-13 08:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-16 18:11 . 2011-12-13 14:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-16 18:11 . 2011-12-13 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 18:11 . 2011-12-13 14:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-16 18:02 . 2011-12-13 08:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-16 18:02 . 2011-12-14 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-16 18:02 . 2011-12-13 08:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-16 18:02 . 2011-12-14 12:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-14 09:32 . 2011-12-14 09:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-13 08:28 . 2011-12-13 08:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-14 09:32 . 2011-12-14 09:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-13 08:28 . 2011-12-13 08:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-12-14 09:38 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-12 08:05 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-14 09:38 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-12-12 08:05 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2011-12-12 07:59 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-12-13 14:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:46 . 2011-12-13 09:03 109960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-09-08 12:00 . 2011-12-14 09:31 489192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-14 09:31 393552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-06 09:10 393552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-07-05 07:39 . 2011-12-14 09:31 57517976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2514665016-3915237240-1536860632-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="e:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514665016-3915237240-1536860632-1000Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 12:52]
.
2011-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2514665016-3915237240-1536860632-1000UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-06 12:52]
.
2010-10-09 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-10-09 22:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\gml9qn4s.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2514665016-3915237240-1536860632-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,6e,8c,26,04,60,b6,05,49,dd,15,1f,37,ff,24,3f,a8,f7,d1,b2,71,64,b7,
e9,1d,cb,6f,3b,2d,7a,4d,26,9c,30,9c,ce,3f,6f,d4,98,96,ee,a1,b6,9f,32,75,23,\
"??"=hex:ff,e0,63,55,3f,ae,8b,66,b0,b2,b6,82,cc,51,47,ca
.
[HKEY_USERS\S-1-5-21-2514665016-3915237240-1536860632-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,2b,77,8e,ca,95,b7,bd,f8,64,e7,fd,f9,d8,18,48,55,0f,55,0f,b7,
03,c4,f5,e8,44,6c,03,74,d3,c6,f6,d3,b5,30,2f,81,7e,ee,52,49,f2,c2,49,12,04,\
"rkeysecu"=hex:75,a1,f4,67,fb,e4,ee,70,3e,49,77,ec,c2,12,5a,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-14 04:38:10
ComboFix-quarantined-files.txt 2011-12-14 12:38
ComboFix2.txt 2011-12-13 09:01
.
Pre-Run: 2,533,167,104 bytes free
Post-Run: 2,524,504,064 bytes free
.
- - End Of File - - C8CB4472FBBF3105CE354AA2C74D86FA

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:38 PM

Posted 15 December 2011 - 07:50 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Java™ 6 Update 20

and click on remove




Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 deathmaster436

deathmaster436
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 15 December 2011 - 08:55 AM

the only problem I had was i could not uninstall java. logs below

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8375

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/15/2011 5:49:07 AM
mbam-log-2011-12-15 (05-49-07).txt

Scan type: Quick scan
Objects scanned: 178746
Time elapsed: 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:52:19 AM, on 12/15/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "E:\Program Files (x86)\Steam\steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7208 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users