Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to remove pup.bitminer


  • This topic is locked This topic is locked
17 replies to this topic

#1 Doczx

Doczx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 13 December 2011 - 03:25 PM

Hello BleepingComputer.com Forum leader,

A colleague from my work mentioned that you guys are the best at this stuff! So, my computer started off with the "WIN 7 Internet Security 2012" virus and I followed the self-help guide on the bleepingcomputer.com website (rkill & mbam) to remove the malware. All that remains is the pup.bitminer file that MALWAREBYTES seems to find and get rid of, but that keeps coming back every time I reboot after using MALWAREBYTES. My main problem is that my google browser keeps redirecting me to junk sites. Could you please help me get rid of this pup.bitminer? I am including the DDS.txt file below and the attach.txt. I've tried to attach the ark.txt file but it maintains that there is nothing in there.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Doc at 14:15:06 on 2011-12-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2479 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Shell=explorer.exe,
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Doc\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2EDDE11E-586B-4F61-A8E1-E43E3ECB306E} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 216.240.133.193 www.google-analytics.com.
Hosts: 216.240.133.193 ad-emea.doubleclick.net.
Hosts: 216.240.133.193 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\m1v5h9ls.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/09 21:35:23];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-10-22 146928]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-12 366152]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/09 21:35:20;C:\Program Files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-4-9 240360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-13 14:37:02 -------- d-----w- C:\Users\Doc\AppData\Roaming\PCToolsFirewallPlus
2011-12-13 14:36:55 -------- d-----w- C:\Users\Doc\AppData\Roaming\Spam Monitor
2011-12-13 14:25:10 73856 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys
2011-12-13 14:25:06 -------- d-----w- C:\ProgramData\PC Tools
2011-12-13 14:25:06 -------- d-----w- C:\Program Files (x86)\PC Tools Internet Security
2011-12-13 14:22:05 -------- d-----w- C:\Users\Doc\AppData\Roaming\GetRightToGo
2011-12-12 19:37:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-12 11:16:21 -------- d-----w- C:\ProgramData\mL28300NkIlC28300
2011-12-10 17:27:34 -------- d-----w- C:\Users\Doc\AppData\Roaming\Malwarebytes
2011-12-10 17:27:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-10 17:27:19 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-10 16:33:02 -------- d-----we C:\Windows\system64
2011-12-09 07:20:30 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EACF076A-8A7E-4027-8405-6B4746CD96BE}\mpengine.dll
2011-11-15 22:15:39 -------- d-----w- C:\Users\Doc\AppData\Local\{0E73A7E4-19A6-4AD9-9673-F6C41DE4E247}
2011-11-15 22:15:18 -------- d-----w- C:\Users\Doc\AppData\Local\{7626702C-3040-4EF6-96BB-42A623FBEDCF}
.
==================== Find3M ====================
.
2011-11-10 15:14:29 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-10 15:14:29 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-01 17:56:42 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:15:54.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 19 December 2011 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 19 December 2011 - 11:54 AM

Hi nasdaq,

Thank you very much for your assistance! I truly appreciate it!

I followed your instructions below. The only issue that I had was after the COMBOFIX log popped up, I couldn't run any programs (keylog error or something). I restarted the computer and now everything seems to be fine. COMBOFIX and CHECKUP logs are provided below.

COMBOFIX.TXT

ComboFix 11-12-19.01 - Doc 12/19/2011 10:57:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2801 [GMT -5:00]
Running from: c:\users\Doc\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Doc\videos\Adobe Acrobat X (v10.0.3) Pro.exe
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))))
.
.
2011-12-19 16:03 . 2011-12-19 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-13 14:37 . 2011-12-13 14:37 -------- d-----w- c:\users\Doc\AppData\Roaming\PCToolsFirewallPlus
2011-12-13 14:36 . 2011-12-13 14:36 -------- d-----w- c:\users\Doc\AppData\Roaming\Spam Monitor
2011-12-13 14:25 . 2009-08-13 15:50 73856 ----a-w- c:\windows\system32\drivers\pctNdis64.sys
2011-12-13 14:25 . 2011-12-13 14:47 -------- d-----w- c:\program files (x86)\PC Tools Internet Security
2011-12-13 14:25 . 2011-12-13 14:46 -------- d-----w- c:\programdata\PC Tools
2011-12-13 14:22 . 2011-12-13 14:24 -------- d-----w- c:\users\Doc\AppData\Roaming\GetRightToGo
2011-12-12 19:37 . 2011-12-12 19:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-12 19:19 . 2011-12-12 19:19 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-12 11:16 . 2011-12-12 18:57 -------- d-----w- c:\programdata\mL28300NkIlC28300
2011-12-10 17:27 . 2011-12-10 17:27 -------- d-----w- c:\users\Doc\AppData\Roaming\Malwarebytes
2011-12-10 17:27 . 2011-12-10 17:27 -------- d-----w- c:\programdata\Malwarebytes
2011-12-10 17:27 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-09 07:20 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EACF076A-8A7E-4027-8405-6B4746CD96BE}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 15:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-10 15:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-01 17:56 . 2011-09-01 00:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 10:06 . 2010-10-23 02:27 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-14 03:04 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-14 03:04 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29 . 2011-11-09 16:34 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:03 . 2011-11-09 16:34 3144704 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-17 98304]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2011-03-01 144616]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Doc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 CLKMSVC10_1628BCEA;CyberLink Product - 2011/04/09 21:35;c:\program files (x86)\CyberLink\PowerDVD DX\Kernel\BD\NavFilter\kmsvc.exe [2011-03-01 240360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/04/09 21:35];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-12-29 21:35 146928]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_1628BCEA
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"combofix"="c:\combofix\CF17316.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Doc\AppData\Roaming\Mozilla\Firefox\Profiles\m1v5h9ls.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
.
**************************************************************************
.
Completion time: 2011-12-19 11:14:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-19 16:14
.
Pre-Run: 809,181,757,440 bytes free
Post-Run: 808,822,550,528 bytes free
.
- - End Of File - - 77C87BB9A09C383682CE890FEDB714BB


CHECKUP.TXT

Results of screen317's Security Check version 0.99.29
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (8.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 19 December 2011 - 02:36 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29



p.s. Update 30 just came out.
===

Just want to make sure you are all clean.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#5 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 20 December 2011 - 01:19 PM

Hi Nasdaq,

I'm still having a google redirection issue, but here is the ESET scan log.

C:\Users\Doc\Downloads\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Doc\Downloads\winamp5601_full_emusic-7plus_en-us(2).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Doc\Downloads\winamp5601_full_emusic-7plus_en-us(3).exe Win32/OpenCandy application deleted - quarantined
C:\Users\Doc\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 20 December 2011 - 01:53 PM

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.


#7 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 21 December 2011 - 11:52 AM

I followed your directions. Included are the mbr.txt & tdss.txt below and the mbr.zip as an attachment.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 10:06:52
-----------------------------
10:06:52.316 OS Version: Windows x64 6.1.7601 Service Pack 1
10:06:52.316 Number of processors: 4 586 0x402
10:06:52.317 ComputerName: DOC-PC UserName: Doc
10:06:56.836 Initialize success
10:07:32.026 AVAST engine defs: 11122101
10:07:40.550 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005c
10:07:40.560 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
10:07:42.705 Disk 0 MBR read successfully
10:07:42.710 Disk 0 MBR scan
10:07:42.718 Disk 0 Windows 7 default MBR code
10:07:42.724 Service scanning
10:07:43.913 Modules scanning
10:07:43.920 Disk 0 trace - called modules:
10:07:43.929 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
10:07:43.936 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041c8060]
10:07:43.940 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8003ab4a00]
10:07:43.942 5 amdxata.sys[fffff8800114b7a8] -> nt!IofCallDriver -> \Device\0000005c[0xfffffa8003aae2f0]
10:07:49.307 AVAST engine scan C:\Windows
10:07:55.507 AVAST engine scan C:\Windows\system32
10:09:32.087 AVAST engine scan C:\Windows\system32\drivers
10:09:45.262 AVAST engine scan C:\Users\Doc
10:15:17.265 AVAST engine scan C:\ProgramData
10:16:16.053 Scan finished successfully
11:43:36.430 Disk 0 MBR has been saved successfully to "C:\Users\Doc\Desktop\MBR.dat"
11:43:36.433 The log file has been saved successfully to "C:\Users\Doc\Desktop\aswMBR.txt"




11:45:50.0498 4988 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
11:45:50.0709 4988 ============================================================
11:45:50.0709 4988 Current date / time: 2011/12/21 11:45:50.0709
11:45:50.0710 4988 SystemInfo:
11:45:50.0710 4988
11:45:50.0710 4988 OS Version: 6.1.7601 ServicePack: 1.0
11:45:50.0710 4988 Product type: Workstation
11:45:50.0710 4988 ComputerName: DOC-PC
11:45:50.0710 4988 UserName: Doc
11:45:50.0710 4988 Windows directory: C:\Windows
11:45:50.0710 4988 System windows directory: C:\Windows
11:45:50.0710 4988 Running under WOW64
11:45:50.0710 4988 Processor architecture: Intel x64
11:45:50.0710 4988 Number of processors: 4
11:45:50.0710 4988 Page size: 0x1000
11:45:50.0710 4988 Boot type: Normal boot
11:45:50.0711 4988 ============================================================
11:45:58.0300 4988 Initialize success
11:46:07.0036 1184 ============================================================
11:46:07.0036 1184 Scan started
11:46:07.0036 1184 Mode: Manual;
11:46:07.0036 1184 ============================================================
11:46:07.0519 1184 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:46:07.0523 1184 1394ohci - ok
11:46:07.0581 1184 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:46:07.0587 1184 ACPI - ok
11:46:07.0625 1184 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:46:07.0626 1184 AcpiPmi - ok
11:46:07.0702 1184 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:07.0711 1184 adp94xx - ok
11:46:07.0728 1184 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:07.0731 1184 adpahci - ok
11:46:07.0741 1184 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:07.0742 1184 adpu320 - ok
11:46:07.0815 1184 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:46:07.0826 1184 AFD - ok
11:46:07.0849 1184 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:46:07.0849 1184 agp440 - ok
11:46:07.0893 1184 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
11:46:07.0898 1184 ahcix64s - ok
11:46:07.0932 1184 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:46:07.0933 1184 aliide - ok
11:46:07.0994 1184 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:46:07.0995 1184 amdide - ok
11:46:08.0030 1184 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:08.0032 1184 AmdK8 - ok
11:46:08.0167 1184 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
11:46:08.0284 1184 amdkmdag - ok
11:46:08.0304 1184 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
11:46:08.0307 1184 amdkmdap - ok
11:46:08.0329 1184 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
11:46:08.0331 1184 AmdLLD64 - ok
11:46:08.0354 1184 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:08.0355 1184 AmdPPM - ok
11:46:08.0370 1184 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
11:46:08.0370 1184 amdsata - ok
11:46:08.0384 1184 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:08.0386 1184 amdsbs - ok
11:46:08.0405 1184 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
11:46:08.0406 1184 amdxata - ok
11:46:08.0436 1184 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:46:08.0438 1184 AppID - ok
11:46:08.0471 1184 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:46:08.0471 1184 arc - ok
11:46:08.0495 1184 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:08.0495 1184 arcsas - ok
11:46:08.0543 1184 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:08.0544 1184 AsyncMac - ok
11:46:08.0566 1184 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:46:08.0567 1184 atapi - ok
11:46:08.0614 1184 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
11:46:08.0618 1184 AtiHdmiService - ok
11:46:08.0660 1184 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:08.0664 1184 b06bdrv - ok
11:46:08.0681 1184 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:08.0683 1184 b57nd60a - ok
11:46:08.0696 1184 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:46:08.0697 1184 Beep - ok
11:46:08.0723 1184 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:08.0724 1184 blbdrive - ok
11:46:08.0783 1184 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:46:08.0785 1184 bowser - ok
11:46:08.0807 1184 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:08.0808 1184 BrFiltLo - ok
11:46:08.0822 1184 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:08.0822 1184 BrFiltUp - ok
11:46:08.0834 1184 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:46:08.0837 1184 Brserid - ok
11:46:08.0855 1184 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:08.0855 1184 BrSerWdm - ok
11:46:08.0872 1184 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:08.0873 1184 BrUsbMdm - ok
11:46:08.0891 1184 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:08.0892 1184 BrUsbSer - ok
11:46:08.0915 1184 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:08.0916 1184 BTHMODEM - ok
11:46:08.0933 1184 catchme - ok
11:46:08.0967 1184 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:46:08.0968 1184 cdfs - ok
11:46:09.0002 1184 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:46:09.0005 1184 cdrom - ok
11:46:09.0057 1184 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:46:09.0058 1184 circlass - ok
11:46:09.0093 1184 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:46:09.0101 1184 CLFS - ok
11:46:09.0149 1184 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:09.0150 1184 CmBatt - ok
11:46:09.0176 1184 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:46:09.0177 1184 cmdide - ok
11:46:09.0224 1184 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:46:09.0233 1184 CNG - ok
11:46:09.0253 1184 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:46:09.0254 1184 Compbatt - ok
11:46:09.0283 1184 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:46:09.0284 1184 CompositeBus - ok
11:46:09.0308 1184 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:09.0309 1184 crcdisk - ok
11:46:09.0363 1184 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:46:09.0364 1184 DfsC - ok
11:46:09.0389 1184 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:46:09.0389 1184 discache - ok
11:46:09.0406 1184 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:46:09.0407 1184 Disk - ok
11:46:09.0475 1184 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:46:09.0476 1184 drmkaud - ok
11:46:09.0526 1184 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:46:09.0552 1184 DXGKrnl - ok
11:46:09.0651 1184 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:46:09.0715 1184 ebdrv - ok
11:46:09.0742 1184 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:46:09.0747 1184 elxstor - ok
11:46:09.0771 1184 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:46:09.0773 1184 ErrDev - ok
11:46:09.0800 1184 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:46:09.0802 1184 exfat - ok
11:46:09.0820 1184 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:46:09.0822 1184 fastfat - ok
11:46:09.0842 1184 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:46:09.0842 1184 fdc - ok
11:46:09.0855 1184 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:46:09.0856 1184 FileInfo - ok
11:46:09.0877 1184 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:46:09.0877 1184 Filetrace - ok
11:46:09.0900 1184 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:09.0901 1184 flpydisk - ok
11:46:09.0946 1184 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:46:09.0952 1184 FltMgr - ok
11:46:09.0980 1184 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:46:09.0980 1184 FsDepends - ok
11:46:09.0995 1184 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:46:09.0996 1184 Fs_Rec - ok
11:46:10.0027 1184 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:46:10.0032 1184 fvevol - ok
11:46:10.0057 1184 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:10.0059 1184 gagp30kx - ok
11:46:10.0136 1184 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:10.0137 1184 GEARAspiWDM - ok
11:46:10.0159 1184 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:46:10.0160 1184 hcw85cir - ok
11:46:10.0184 1184 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:46:10.0185 1184 HDAudBus - ok
11:46:10.0211 1184 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:10.0211 1184 HidBatt - ok
11:46:10.0222 1184 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:46:10.0224 1184 HidBth - ok
11:46:10.0250 1184 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:46:10.0250 1184 HidIr - ok
11:46:10.0279 1184 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:46:10.0279 1184 HidUsb - ok
11:46:10.0307 1184 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:46:10.0307 1184 HpSAMD - ok
11:46:10.0356 1184 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:46:10.0369 1184 HTTP - ok
11:46:10.0409 1184 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:46:10.0410 1184 hwpolicy - ok
11:46:10.0430 1184 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:46:10.0432 1184 i8042prt - ok
11:46:10.0471 1184 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:46:10.0480 1184 iaStorV - ok
11:46:10.0511 1184 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:46:10.0513 1184 iirsp - ok
11:46:10.0609 1184 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
11:46:10.0638 1184 IntcAzAudAddService - ok
11:46:10.0668 1184 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:46:10.0669 1184 intelide - ok
11:46:10.0699 1184 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:46:10.0701 1184 intelppm - ok
11:46:10.0777 1184 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:10.0779 1184 IpFilterDriver - ok
11:46:10.0818 1184 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:46:10.0820 1184 IPMIDRV - ok
11:46:10.0835 1184 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:46:10.0838 1184 IPNAT - ok
11:46:10.0984 1184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:46:10.0985 1184 IRENUM - ok
11:46:11.0011 1184 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:46:11.0012 1184 isapnp - ok
11:46:11.0041 1184 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:46:11.0044 1184 iScsiPrt - ok
11:46:11.0079 1184 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:46:11.0086 1184 k57nd60a - ok
11:46:11.0107 1184 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:46:11.0110 1184 kbdclass - ok
11:46:11.0130 1184 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:46:11.0131 1184 kbdhid - ok
11:46:11.0158 1184 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:46:11.0161 1184 KSecDD - ok
11:46:11.0196 1184 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:46:11.0200 1184 KSecPkg - ok
11:46:11.0226 1184 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:46:11.0227 1184 ksthunk - ok
11:46:11.0286 1184 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:46:11.0286 1184 lltdio - ok
11:46:11.0311 1184 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:46:11.0313 1184 LSI_FC - ok
11:46:11.0330 1184 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:46:11.0331 1184 LSI_SAS - ok
11:46:11.0341 1184 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:46:11.0342 1184 LSI_SAS2 - ok
11:46:11.0352 1184 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:46:11.0354 1184 LSI_SCSI - ok
11:46:11.0378 1184 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:46:11.0379 1184 luafv - ok
11:46:11.0445 1184 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
11:46:11.0450 1184 lvpopf64 - ok
11:46:11.0472 1184 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:46:11.0474 1184 LVPr2M64 - ok
11:46:11.0483 1184 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:46:11.0484 1184 LVPr2Mon - ok
11:46:11.0528 1184 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
11:46:11.0531 1184 LVRS64 - ok
11:46:11.0638 1184 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:46:11.0698 1184 LVUVC64 - ok
11:46:11.0755 1184 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:46:11.0756 1184 MBAMProtector - ok
11:46:11.0791 1184 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:46:11.0792 1184 megasas - ok
11:46:11.0817 1184 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:46:11.0823 1184 MegaSR - ok
11:46:11.0853 1184 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:46:11.0853 1184 Modem - ok
11:46:11.0873 1184 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:46:11.0874 1184 monitor - ok
11:46:11.0886 1184 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:46:11.0888 1184 mouclass - ok
11:46:11.0910 1184 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:46:11.0910 1184 mouhid - ok
11:46:11.0938 1184 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:46:11.0941 1184 mountmgr - ok
11:46:11.0977 1184 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:46:11.0981 1184 mpio - ok
11:46:12.0005 1184 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:46:12.0007 1184 mpsdrv - ok
11:46:12.0032 1184 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:46:12.0035 1184 MRxDAV - ok
11:46:12.0079 1184 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:12.0082 1184 mrxsmb - ok
11:46:12.0132 1184 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:12.0139 1184 mrxsmb10 - ok
11:46:12.0173 1184 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:12.0175 1184 mrxsmb20 - ok
11:46:12.0209 1184 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:46:12.0210 1184 msahci - ok
11:46:12.0240 1184 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:46:12.0243 1184 msdsm - ok
11:46:12.0279 1184 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:46:12.0279 1184 Msfs - ok
11:46:12.0294 1184 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:46:12.0294 1184 mshidkmdf - ok
11:46:12.0318 1184 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:46:12.0319 1184 msisadrv - ok
11:46:12.0368 1184 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:12.0369 1184 MSKSSRV - ok
11:46:12.0397 1184 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:12.0397 1184 MSPCLOCK - ok
11:46:12.0411 1184 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:46:12.0412 1184 MSPQM - ok
11:46:12.0455 1184 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:46:12.0463 1184 MsRPC - ok
11:46:12.0502 1184 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:46:12.0503 1184 mssmbios - ok
11:46:12.0532 1184 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:46:12.0533 1184 MSTEE - ok
11:46:12.0554 1184 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:12.0555 1184 MTConfig - ok
11:46:12.0574 1184 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:46:12.0576 1184 Mup - ok
11:46:12.0614 1184 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:12.0621 1184 NativeWifiP - ok
11:46:12.0711 1184 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:46:12.0730 1184 NDIS - ok
11:46:12.0762 1184 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:12.0763 1184 NdisCap - ok
11:46:12.0782 1184 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:12.0783 1184 NdisTapi - ok
11:46:12.0817 1184 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:12.0819 1184 Ndisuio - ok
11:46:12.0852 1184 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:12.0856 1184 NdisWan - ok
11:46:12.0903 1184 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:46:12.0905 1184 NDProxy - ok
11:46:12.0937 1184 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:46:12.0938 1184 NetBIOS - ok
11:46:12.0981 1184 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:46:12.0986 1184 NetBT - ok
11:46:13.0060 1184 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:13.0060 1184 nfrd960 - ok
11:46:13.0088 1184 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:46:13.0089 1184 Npfs - ok
11:46:13.0120 1184 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:46:13.0120 1184 nsiproxy - ok
11:46:13.0193 1184 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:46:13.0238 1184 Ntfs - ok
11:46:13.0264 1184 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:46:13.0264 1184 Null - ok
11:46:13.0315 1184 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:46:13.0318 1184 nvraid - ok
11:46:13.0345 1184 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:46:13.0349 1184 nvstor - ok
11:46:13.0385 1184 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:46:13.0388 1184 nv_agp - ok
11:46:13.0422 1184 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:46:13.0424 1184 ohci1394 - ok
11:46:13.0478 1184 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:46:13.0480 1184 Parport - ok
11:46:13.0491 1184 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:46:13.0493 1184 partmgr - ok
11:46:13.0514 1184 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:46:13.0516 1184 pci - ok
11:46:13.0538 1184 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:46:13.0538 1184 pciide - ok
11:46:13.0561 1184 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:13.0565 1184 pcmcia - ok
11:46:13.0592 1184 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:46:13.0595 1184 pcw - ok
11:46:13.0630 1184 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:46:13.0642 1184 PEAUTH - ok
11:46:13.0722 1184 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:46:13.0725 1184 Point64 - ok
11:46:13.0772 1184 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:13.0773 1184 PptpMiniport - ok
11:46:13.0792 1184 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:46:13.0794 1184 Processor - ok
11:46:13.0847 1184 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:46:13.0850 1184 Psched - ok
11:46:13.0890 1184 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:46:13.0892 1184 PxHlpa64 - ok
11:46:13.0944 1184 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:13.0987 1184 ql2300 - ok
11:46:14.0002 1184 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:14.0004 1184 ql40xx - ok
11:46:14.0030 1184 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:46:14.0031 1184 QWAVEdrv - ok
11:46:14.0046 1184 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:14.0047 1184 RasAcd - ok
11:46:14.0067 1184 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:14.0067 1184 RasAgileVpn - ok
11:46:14.0103 1184 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:14.0107 1184 Rasl2tp - ok
11:46:14.0132 1184 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:14.0132 1184 RasPppoe - ok
11:46:14.0150 1184 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:14.0152 1184 RasSstp - ok
11:46:14.0185 1184 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:14.0192 1184 rdbss - ok
11:46:14.0213 1184 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:14.0215 1184 rdpbus - ok
11:46:14.0262 1184 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:14.0263 1184 RDPCDD - ok
11:46:14.0281 1184 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:46:14.0282 1184 RDPENCDD - ok
11:46:14.0323 1184 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:46:14.0323 1184 RDPREFMP - ok
11:46:14.0360 1184 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:46:14.0365 1184 RDPWD - ok
11:46:14.0403 1184 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:46:14.0408 1184 rdyboost - ok
11:46:14.0489 1184 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:14.0490 1184 rspndr - ok
11:46:14.0497 1184 RxFilter - ok
11:46:14.0526 1184 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:46:14.0528 1184 sbp2port - ok
11:46:14.0598 1184 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
11:46:14.0600 1184 SCDEmu - ok
11:46:14.0627 1184 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:14.0628 1184 scfilter - ok
11:46:14.0662 1184 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:46:14.0662 1184 secdrv - ok
11:46:14.0689 1184 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:46:14.0689 1184 Serenum - ok
11:46:14.0706 1184 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:46:14.0707 1184 Serial - ok
11:46:14.0727 1184 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:14.0728 1184 sermouse - ok
11:46:14.0770 1184 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:46:14.0771 1184 sffdisk - ok
11:46:14.0797 1184 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:46:14.0798 1184 sffp_mmc - ok
11:46:14.0820 1184 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:46:14.0821 1184 sffp_sd - ok
11:46:14.0847 1184 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:14.0848 1184 sfloppy - ok
11:46:14.0870 1184 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:14.0872 1184 SiSRaid2 - ok
11:46:14.0886 1184 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:14.0888 1184 SiSRaid4 - ok
11:46:14.0911 1184 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:46:14.0913 1184 Smb - ok
11:46:14.0954 1184 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:46:14.0955 1184 spldr - ok
11:46:15.0007 1184 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:46:15.0012 1184 srv - ok
11:46:15.0038 1184 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:46:15.0047 1184 srv2 - ok
11:46:15.0075 1184 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:15.0080 1184 srvnet - ok
11:46:15.0128 1184 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:15.0128 1184 stexstor - ok
11:46:15.0172 1184 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:46:15.0173 1184 swenum - ok
11:46:15.0264 1184 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:46:15.0320 1184 Tcpip - ok
11:46:15.0363 1184 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:46:15.0382 1184 TCPIP6 - ok
11:46:15.0422 1184 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:46:15.0424 1184 tcpipreg - ok
11:46:15.0451 1184 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:46:15.0452 1184 TDPIPE - ok
11:46:15.0467 1184 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:46:15.0467 1184 TDTCP - ok
11:46:15.0506 1184 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:46:15.0509 1184 tdx - ok
11:46:15.0541 1184 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:46:15.0542 1184 TermDD - ok
11:46:15.0575 1184 TfFsMon - ok
11:46:15.0590 1184 TfNetMon - ok
11:46:15.0642 1184 TfSysMon - ok
11:46:15.0716 1184 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:46:15.0717 1184 tssecsrv - ok
11:46:15.0770 1184 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:46:15.0772 1184 TsUsbFlt - ok
11:46:15.0818 1184 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:46:15.0821 1184 tunnel - ok
11:46:15.0847 1184 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:46:15.0849 1184 uagp35 - ok
11:46:15.0894 1184 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:46:15.0901 1184 udfs - ok
11:46:15.0942 1184 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:46:15.0943 1184 uliagpkx - ok
11:46:15.0976 1184 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:46:15.0978 1184 umbus - ok
11:46:16.0012 1184 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:46:16.0013 1184 UmPass - ok
11:46:16.0255 1184 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:46:16.0257 1184 USBAAPL64 - ok
11:46:16.0292 1184 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:46:16.0295 1184 usbaudio - ok
11:46:16.0316 1184 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:46:16.0317 1184 usbccgp - ok
11:46:16.0356 1184 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:46:16.0359 1184 usbcir - ok
11:46:16.0380 1184 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:46:16.0381 1184 usbehci - ok
11:46:16.0415 1184 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:46:16.0419 1184 usbhub - ok
11:46:16.0434 1184 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:46:16.0435 1184 usbohci - ok
11:46:16.0454 1184 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:46:16.0456 1184 usbprint - ok
11:46:16.0480 1184 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:46:16.0480 1184 USBSTOR - ok
11:46:16.0506 1184 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:46:16.0508 1184 usbuhci - ok
11:46:16.0546 1184 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:46:16.0547 1184 vdrvroot - ok
11:46:16.0584 1184 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:46:16.0585 1184 vga - ok
11:46:16.0609 1184 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:46:16.0610 1184 VgaSave - ok
11:46:16.0635 1184 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:46:16.0638 1184 vhdmp - ok
11:46:16.0669 1184 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:46:16.0670 1184 viaide - ok
11:46:16.0704 1184 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:46:16.0706 1184 volmgr - ok
11:46:16.0746 1184 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:46:16.0753 1184 volmgrx - ok
11:46:16.0789 1184 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:46:16.0795 1184 volsnap - ok
11:46:16.0829 1184 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:46:16.0831 1184 vsmraid - ok
11:46:16.0855 1184 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:46:16.0857 1184 vwifibus - ok
11:46:16.0888 1184 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:46:16.0889 1184 WacomPen - ok
11:46:16.0915 1184 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:16.0917 1184 WANARP - ok
11:46:16.0924 1184 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:46:16.0926 1184 Wanarpv6 - ok
11:46:16.0979 1184 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:46:16.0979 1184 Wd - ok
11:46:17.0016 1184 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:46:17.0028 1184 Wdf01000 - ok
11:46:17.0054 1184 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:46:17.0054 1184 WfpLwf - ok
11:46:17.0070 1184 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:46:17.0070 1184 WIMMount - ok
11:46:17.0132 1184 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:46:17.0134 1184 WinUsb - ok
11:46:17.0190 1184 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:46:17.0191 1184 WmiAcpi - ok
11:46:17.0208 1184 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:46:17.0208 1184 ws2ifsl - ok
11:46:17.0250 1184 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:46:17.0252 1184 WudfPf - ok
11:46:17.0262 1184 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:46:17.0264 1184 WUDFRd - ok
11:46:17.0337 1184 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
11:46:17.0341 1184 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
11:46:17.0383 1184 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:46:17.0403 1184 \Device\Harddisk0\DR0 - ok
11:46:17.0426 1184 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:46:17.0443 1184 \Device\Harddisk1\DR1 - ok
11:46:17.0912 1184 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk5\DR5
11:46:17.0929 1184 \Device\Harddisk5\DR5 - ok
11:46:17.0935 1184 Boot (0x1200) (59688f910b4418d5e6ce89495506d1e9) \Device\Harddisk0\DR0\Partition0
11:46:17.0937 1184 \Device\Harddisk0\DR0\Partition0 - ok
11:46:17.0957 1184 Boot (0x1200) (1166ddf894ccc2da404da8ab82b33d26) \Device\Harddisk0\DR0\Partition1
11:46:17.0959 1184 \Device\Harddisk0\DR0\Partition1 - ok
11:46:17.0964 1184 Boot (0x1200) (2f5c95b1b51b56b28cf86649bfbcc0c4) \Device\Harddisk1\DR1\Partition0
11:46:17.0967 1184 \Device\Harddisk1\DR1\Partition0 - ok
11:46:17.0971 1184 Boot (0x1200) (353d284b1c5e8c66836d376ed5178c07) \Device\Harddisk5\DR5\Partition0
11:46:17.0972 1184 \Device\Harddisk5\DR5\Partition0 - ok
11:46:17.0972 1184 ============================================================
11:46:17.0972 1184 Scan finished
11:46:17.0972 1184 ============================================================
11:46:17.0980 1288 Detected object count: 0
11:46:17.0980 1288 Actual detected object count: 0
11:46:47.0301 3308 ============================================================
11:46:47.0301 3308 Scan started
11:46:47.0301 3308 Mode: Manual; SigCheck; TDLFS;
11:46:47.0301 3308 ============================================================
11:46:47.0590 3308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:46:47.0758 3308 1394ohci - ok
11:46:47.0793 3308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:46:47.0803 3308 ACPI - ok
11:46:47.0840 3308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:46:47.0957 3308 AcpiPmi - ok
11:46:47.0980 3308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:47.0991 3308 adp94xx - ok
11:46:48.0003 3308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:48.0013 3308 adpahci - ok
11:46:48.0022 3308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:48.0030 3308 adpu320 - ok
11:46:48.0068 3308 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:46:48.0134 3308 AFD - ok
11:46:48.0164 3308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:46:48.0177 3308 agp440 - ok
11:46:48.0217 3308 ahcix64s (af53917d9741a84627fa689ea622558a) C:\Windows\system32\DRIVERS\ahcix64s.sys
11:46:48.0243 3308 ahcix64s - ok
11:46:48.0280 3308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:46:48.0286 3308 aliide - ok
11:46:48.0309 3308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:46:48.0315 3308 amdide - ok
11:46:48.0345 3308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:48.0420 3308 AmdK8 - ok
11:46:48.0545 3308 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
11:46:48.0679 3308 amdkmdag - ok
11:46:48.0695 3308 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
11:46:48.0715 3308 amdkmdap - ok
11:46:48.0736 3308 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
11:46:48.0797 3308 AmdLLD64 - ok
11:46:48.0819 3308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:48.0870 3308 AmdPPM - ok
11:46:48.0901 3308 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
11:46:48.0906 3308 amdsata - ok
11:46:48.0926 3308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:48.0949 3308 amdsbs - ok
11:46:48.0962 3308 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
11:46:48.0967 3308 amdxata - ok
11:46:48.0994 3308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:46:49.0143 3308 AppID - ok
11:46:49.0169 3308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:46:49.0176 3308 arc - ok
11:46:49.0194 3308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:49.0216 3308 arcsas - ok
11:46:49.0233 3308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:49.0381 3308 AsyncMac - ok
11:46:49.0414 3308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:46:49.0420 3308 atapi - ok
11:46:49.0446 3308 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
11:46:49.0466 3308 AtiHdmiService - ok
11:46:49.0509 3308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:49.0548 3308 b06bdrv - ok
11:46:49.0571 3308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:49.0622 3308 b57nd60a - ok
11:46:49.0641 3308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:46:49.0673 3308 Beep - ok
11:46:49.0705 3308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:49.0746 3308 blbdrive - ok
11:46:49.0790 3308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:46:49.0863 3308 bowser - ok
11:46:49.0880 3308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:49.0968 3308 BrFiltLo - ok
11:46:49.0987 3308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:49.0996 3308 BrFiltUp - ok
11:46:50.0009 3308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:46:50.0058 3308 Brserid - ok
11:46:50.0079 3308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:50.0113 3308 BrSerWdm - ok
11:46:50.0129 3308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:50.0172 3308 BrUsbMdm - ok
11:46:50.0198 3308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:50.0231 3308 BrUsbSer - ok
11:46:50.0256 3308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:50.0298 3308 BTHMODEM - ok
11:46:50.0304 3308 catchme - ok
11:46:50.0341 3308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:46:50.0404 3308 cdfs - ok
11:46:50.0451 3308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:46:50.0517 3308 cdrom - ok
11:46:50.0555 3308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:46:50.0614 3308 circlass - ok
11:46:50.0655 3308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:46:50.0681 3308 CLFS - ok
11:46:50.0715 3308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:50.0743 3308 CmBatt - ok
11:46:50.0792 3308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:46:50.0809 3308 cmdide - ok
11:46:50.0856 3308 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:46:50.0884 3308 CNG - ok
11:46:50.0902 3308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:46:50.0908 3308 Compbatt - ok
11:46:50.0932 3308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:46:50.0983 3308 CompositeBus - ok
11:46:51.0015 3308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:51.0028 3308 crcdisk - ok
11:46:51.0078 3308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:46:51.0123 3308 DfsC - ok
11:46:51.0154 3308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:46:51.0180 3308 discache - ok
11:46:51.0196 3308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:46:51.0202 3308 Disk - ok
11:46:51.0232 3308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:46:51.0252 3308 drmkaud - ok
11:46:51.0298 3308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:46:51.0328 3308 DXGKrnl - ok
11:46:51.0409 3308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:46:51.0444 3308 ebdrv - ok
11:46:51.0474 3308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:46:51.0486 3308 elxstor - ok
11:46:51.0503 3308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:46:51.0548 3308 ErrDev - ok
11:46:51.0570 3308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:46:51.0597 3308 exfat - ok
11:46:51.0627 3308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:46:51.0654 3308 fastfat - ok
11:46:51.0674 3308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:46:51.0694 3308 fdc - ok
11:46:51.0707 3308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:46:51.0728 3308 FileInfo - ok
11:46:51.0750 3308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:46:51.0810 3308 Filetrace - ok
11:46:51.0831 3308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:51.0839 3308 flpydisk - ok
11:46:51.0875 3308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:46:51.0884 3308 FltMgr - ok
11:46:51.0912 3308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:46:51.0919 3308 FsDepends - ok
11:46:51.0943 3308 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:46:51.0963 3308 Fs_Rec - ok
11:46:51.0998 3308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:46:52.0008 3308 fvevol - ok
11:46:52.0017 3308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:46:52.0024 3308 gagp30kx - ok
11:46:52.0051 3308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:52.0056 3308 GEARAspiWDM - ok
11:46:52.0068 3308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:46:52.0122 3308 hcw85cir - ok
11:46:52.0149 3308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:46:52.0166 3308 HDAudBus - ok
11:46:52.0193 3308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:46:52.0218 3308 HidBatt - ok
11:46:52.0227 3308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:46:52.0273 3308 HidBth - ok
11:46:52.0290 3308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:46:52.0301 3308 HidIr - ok
11:46:52.0328 3308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:46:52.0368 3308 HidUsb - ok
11:46:52.0389 3308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:46:52.0395 3308 HpSAMD - ok
11:46:52.0438 3308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:46:52.0482 3308 HTTP - ok
11:46:52.0524 3308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:46:52.0543 3308 hwpolicy - ok
11:46:52.0561 3308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:46:52.0569 3308 i8042prt - ok
11:46:52.0600 3308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:46:52.0610 3308 iaStorV - ok
11:46:52.0634 3308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:46:52.0648 3308 iirsp - ok
11:46:52.0727 3308 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
11:46:52.0756 3308 IntcAzAudAddService - ok
11:46:52.0792 3308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:46:52.0811 3308 intelide - ok
11:46:52.0839 3308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:46:52.0847 3308 intelppm - ok
11:46:52.0892 3308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:52.0952 3308 IpFilterDriver - ok
11:46:52.0974 3308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:46:52.0983 3308 IPMIDRV - ok
11:46:52.0992 3308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:46:53.0019 3308 IPNAT - ok
11:46:53.0050 3308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:46:53.0120 3308 IRENUM - ok
11:46:53.0135 3308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:46:53.0141 3308 isapnp - ok
11:46:53.0164 3308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:46:53.0172 3308 iScsiPrt - ok
11:46:53.0207 3308 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
11:46:53.0233 3308 k57nd60a - ok
11:46:53.0255 3308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:46:53.0261 3308 kbdclass - ok
11:46:53.0286 3308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:46:53.0332 3308 kbdhid - ok
11:46:53.0372 3308 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:46:53.0390 3308 KSecDD - ok
11:46:53.0418 3308 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:46:53.0442 3308 KSecPkg - ok
11:46:53.0465 3308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:46:53.0491 3308 ksthunk - ok
11:46:53.0508 3308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:46:53.0542 3308 lltdio - ok
11:46:53.0558 3308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:46:53.0565 3308 LSI_FC - ok
11:46:53.0586 3308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:46:53.0593 3308 LSI_SAS - ok
11:46:53.0602 3308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:46:53.0608 3308 LSI_SAS2 - ok
11:46:53.0618 3308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:46:53.0625 3308 LSI_SCSI - ok
11:46:53.0650 3308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:46:53.0703 3308 luafv - ok
11:46:53.0740 3308 lvpopf64 (a014e25d95f7091000b60ff8a1c2e988) C:\Windows\system32\DRIVERS\lvpopf64.sys
11:46:53.0747 3308 lvpopf64 - ok
11:46:53.0769 3308 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:46:53.0774 3308 LVPr2M64 - ok
11:46:53.0776 3308 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:46:53.0789 3308 LVPr2Mon - ok
11:46:53.0829 3308 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
11:46:53.0859 3308 LVRS64 - ok
11:46:53.0968 3308 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:46:54.0029 3308 LVUVC64 - ok
11:46:54.0069 3308 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
11:46:54.0075 3308 MBAMProtector - ok
11:46:54.0106 3308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:46:54.0113 3308 megasas - ok
11:46:54.0137 3308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:46:54.0146 3308 MegaSR - ok
11:46:54.0167 3308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:46:54.0193 3308 Modem - ok
11:46:54.0212 3308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:46:54.0253 3308 monitor - ok
11:46:54.0264 3308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:46:54.0270 3308 mouclass - ok
11:46:54.0282 3308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:46:54.0312 3308 mouhid - ok
11:46:54.0352 3308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:46:54.0375 3308 mountmgr - ok
11:46:54.0407 3308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:46:54.0430 3308 mpio - ok
11:46:54.0452 3308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:46:54.0513 3308 mpsdrv - ok
11:46:54.0553 3308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:46:54.0620 3308 MRxDAV - ok
11:46:54.0660 3308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:54.0708 3308 mrxsmb - ok
11:46:54.0755 3308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:54.0782 3308 mrxsmb10 - ok
11:46:54.0812 3308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:54.0837 3308 mrxsmb20 - ok
11:46:54.0873 3308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:46:54.0893 3308 msahci - ok
11:46:54.0929 3308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:46:54.0949 3308 msdsm - ok
11:46:54.0977 3308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:46:55.0023 3308 Msfs - ok
11:46:55.0041 3308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:46:55.0067 3308 mshidkmdf - ok
11:46:55.0090 3308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:46:55.0096 3308 msisadrv - ok
11:46:55.0115 3308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:46:55.0149 3308 MSKSSRV - ok
11:46:55.0178 3308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:55.0234 3308 MSPCLOCK - ok
11:46:55.0259 3308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:46:55.0289 3308 MSPQM - ok
11:46:55.0325 3308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:46:55.0335 3308 MsRPC - ok
11:46:55.0366 3308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:46:55.0386 3308 mssmbios - ok
11:46:55.0413 3308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:46:55.0466 3308 MSTEE - ok
11:46:55.0484 3308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:46:55.0492 3308 MTConfig - ok
11:46:55.0512 3308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:46:55.0519 3308 Mup - ok
11:46:55.0685 3308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:46:55.0734 3308 NativeWifiP - ok
11:46:55.0800 3308 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:46:55.0828 3308 NDIS - ok
11:46:55.0860 3308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:46:55.0886 3308 NdisCap - ok
11:46:55.0904 3308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:55.0952 3308 NdisTapi - ok
11:46:55.0997 3308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:56.0068 3308 Ndisuio - ok
11:46:56.0098 3308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:56.0131 3308 NdisWan - ok
11:46:56.0175 3308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:46:56.0222 3308 NDProxy - ok
11:46:56.0251 3308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:46:56.0312 3308 NetBIOS - ok
11:46:56.0351 3308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:46:56.0398 3308 NetBT - ok
11:46:56.0424 3308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:46:56.0431 3308 nfrd960 - ok
11:46:56.0441 3308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:46:56.0468 3308 Npfs - ok
11:46:56.0492 3308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:46:56.0524 3308 nsiproxy - ok
11:46:56.0598 3308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:46:56.0623 3308 Ntfs - ok
11:46:56.0653 3308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:46:56.0728 3308 Null - ok
11:46:56.0753 3308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:46:56.0760 3308 nvraid - ok
11:46:56.0783 3308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:46:56.0791 3308 nvstor - ok
11:46:56.0823 3308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:46:56.0830 3308 nv_agp - ok
11:46:56.0870 3308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:46:56.0899 3308 ohci1394 - ok
11:46:56.0915 3308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:46:56.0923 3308 Parport - ok
11:46:56.0933 3308 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:46:56.0939 3308 partmgr - ok
11:46:56.0961 3308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:46:56.0969 3308 pci - ok
11:46:57.0002 3308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:46:57.0008 3308 pciide - ok
11:46:57.0020 3308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:57.0047 3308 pcmcia - ok
11:46:57.0073 3308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:46:57.0082 3308 pcw - ok
11:46:57.0119 3308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:46:57.0163 3308 PEAUTH - ok
11:46:57.0203 3308 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
11:46:57.0209 3308 Point64 - ok
11:46:57.0245 3308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:46:57.0279 3308 PptpMiniport - ok
11:46:57.0297 3308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:46:57.0313 3308 Processor - ok
11:46:57.0354 3308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:46:57.0396 3308 Psched - ok
11:46:57.0428 3308 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:46:57.0434 3308 PxHlpa64 - ok
11:46:57.0498 3308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:46:57.0522 3308 ql2300 - ok
11:46:57.0533 3308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:46:57.0541 3308 ql40xx - ok
11:46:57.0561 3308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:46:57.0587 3308 QWAVEdrv - ok
11:46:57.0610 3308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:46:57.0664 3308 RasAcd - ok
11:46:57.0681 3308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:46:57.0707 3308 RasAgileVpn - ok
11:46:57.0733 3308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:46:57.0785 3308 Rasl2tp - ok
11:46:57.0804 3308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:46:57.0831 3308 RasPppoe - ok
11:46:57.0846 3308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:46:57.0902 3308 RasSstp - ok
11:46:57.0938 3308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:46:57.0994 3308 rdbss - ok
11:46:58.0011 3308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:46:58.0021 3308 rdpbus - ok
11:46:58.0042 3308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:46:58.0068 3308 RDPCDD - ok
11:46:58.0087 3308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:46:58.0146 3308 RDPENCDD - ok
11:46:58.0179 3308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:46:58.0226 3308 RDPREFMP - ok
11:46:58.0256 3308 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:46:58.0282 3308 RDPWD - ok
11:46:58.0317 3308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:46:58.0340 3308 rdyboost - ok
11:46:58.0370 3308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:46:58.0397 3308 rspndr - ok
11:46:58.0404 3308 RxFilter - ok
11:46:58.0439 3308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:46:58.0446 3308 sbp2port - ok
11:46:58.0486 3308 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
11:46:58.0503 3308 SCDEmu - ok
11:46:58.0532 3308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:46:58.0590 3308 scfilter - ok
11:46:58.0609 3308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:46:58.0682 3308 secdrv - ok
11:46:58.0711 3308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:46:58.0728 3308 Serenum - ok
11:46:58.0754 3308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:46:58.0780 3308 Serial - ok
11:46:58.0799 3308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:46:58.0807 3308 sermouse - ok
11:46:58.0843 3308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:46:58.0880 3308 sffdisk - ok
11:46:58.0903 3308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:46:58.0926 3308 sffp_mmc - ok
11:46:58.0942 3308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:46:58.0952 3308 sffp_sd - ok
11:46:58.0970 3308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:46:58.0977 3308 sfloppy - ok
11:46:59.0001 3308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:46:59.0007 3308 SiSRaid2 - ok
11:46:59.0016 3308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:46:59.0023 3308 SiSRaid4 - ok
11:46:59.0041 3308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:46:59.0099 3308 Smb - ok
11:46:59.0117 3308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:46:59.0123 3308 spldr - ok
11:46:59.0162 3308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:46:59.0195 3308 srv - ok
11:46:59.0216 3308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:46:59.0252 3308 srv2 - ok
11:46:59.0288 3308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:46:59.0297 3308 srvnet - ok
11:46:59.0317 3308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:46:59.0323 3308 stexstor - ok
11:46:59.0353 3308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:46:59.0363 3308 swenum - ok
11:46:59.0470 3308 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:46:59.0503 3308 Tcpip - ok
11:46:59.0561 3308 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:46:59.0593 3308 TCPIP6 - ok
11:46:59.0628 3308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:46:59.0673 3308 tcpipreg - ok
11:46:59.0690 3308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:46:59.0757 3308 TDPIPE - ok
11:46:59.0773 3308 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:46:59.0798 3308 TDTCP - ok
11:46:59.0836 3308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:46:59.0882 3308 tdx - ok
11:46:59.0905 3308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:46:59.0912 3308 TermDD - ok
11:46:59.0921 3308 TfFsMon - ok
11:46:59.0929 3308 TfNetMon - ok
11:46:59.0938 3308 TfSysMon - ok
11:46:59.0988 3308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:00.0060 3308 tssecsrv - ok
11:47:00.0100 3308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:47:00.0141 3308 TsUsbFlt - ok
11:47:00.0174 3308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:47:00.0237 3308 tunnel - ok
11:47:00.0261 3308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:47:00.0267 3308 uagp35 - ok
11:47:00.0306 3308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:47:00.0362 3308 udfs - ok
11:47:00.0398 3308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:47:00.0404 3308 uliagpkx - ok
11:47:00.0432 3308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:47:00.0469 3308 umbus - ok
11:47:00.0485 3308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:47:00.0522 3308 UmPass - ok
11:47:00.0561 3308 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:47:00.0604 3308 USBAAPL64 - ok
11:47:00.0639 3308 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:47:00.0654 3308 usbaudio - ok
11:47:00.0681 3308 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:00.0724 3308 usbccgp - ok
11:47:00.0770 3308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:47:00.0799 3308 usbcir - ok
11:47:00.0818 3308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:47:00.0852 3308 usbehci - ok
11:47:00.0886 3308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:47:00.0936 3308 usbhub - ok
11:47:00.0964 3308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:47:00.0972 3308 usbohci - ok
11:47:00.0994 3308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:47:01.0025 3308 usbprint - ok
11:47:01.0052 3308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:01.0077 3308 USBSTOR - ok
11:47:01.0103 3308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:47:01.0136 3308 usbuhci - ok
11:47:01.0177 3308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:47:01.0183 3308 vdrvroot - ok
11:47:01.0215 3308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:01.0246 3308 vga - ok
11:47:01.0264 3308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:47:01.0320 3308 VgaSave - ok
11:47:01.0339 3308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:47:01.0347 3308 vhdmp - ok
11:47:01.0374 3308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:47:01.0380 3308 viaide - ok
11:47:01.0411 3308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:47:01.0430 3308 volmgr - ok
11:47:01.0468 3308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:47:01.0492 3308 volmgrx - ok
11:47:01.0528 3308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:47:01.0551 3308 volsnap - ok
11:47:01.0577 3308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:47:01.0599 3308 vsmraid - ok
11:47:01.0627 3308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:47:01.0660 3308 vwifibus - ok
11:47:01.0686 3308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:47:01.0721 3308 WacomPen - ok
11:47:01.0753 3308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:01.0799 3308 WANARP - ok
11:47:01.0802 3308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:47:01.0827 3308 Wanarpv6 - ok
11:47:01.0851 3308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:47:01.0857 3308 Wd - ok
11:47:01.0888 3308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:47:01.0915 3308 Wdf01000 - ok
11:47:01.0942 3308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:47:01.0968 3308 WfpLwf - ok
11:47:01.0984 3308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:47:01.0990 3308 WIMMount - ok
11:47:02.0021 3308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:47:02.0057 3308 WinUsb - ok
11:47:02.0088 3308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:47:02.0113 3308 WmiAcpi - ok
11:47:02.0133 3308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:47:02.0159 3308 ws2ifsl - ok
11:47:02.0198 3308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:47:02.0254 3308 WudfPf - ok
11:47:02.0264 3308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:02.0302 3308 WUDFRd - ok
11:47:02.0358 3308 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
11:47:02.0378 3308 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
11:47:02.0397 3308 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:47:02.0554 3308 \Device\Harddisk0\DR0 - ok
11:47:02.0574 3308 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
11:47:03.0573 3308 \Device\Harddisk1\DR1 - ok
11:47:04.0045 3308 MBR (0x1B8) (988d3c46cbd13ec7f482b833c55264c8) \Device\Harddisk5\DR5
11:47:04.0569 3308 \Device\Harddisk5\DR5 - ok
11:47:04.0575 3308 Boot (0x1200) (59688f910b4418d5e6ce89495506d1e9) \Device\Harddisk0\DR0\Partition0
11:47:04.0577 3308 \Device\Harddisk0\DR0\Partition0 - ok
11:47:04.0597 3308 Boot (0x1200) (1166ddf894ccc2da404da8ab82b33d26) \Device\Harddisk0\DR0\Partition1
11:47:04.0599 3308 \Device\Harddisk0\DR0\Partition1 - ok
11:47:04.0609 3308 Boot (0x1200) (2f5c95b1b51b56b28cf86649bfbcc0c4) \Device\Harddisk1\DR1\Partition0
11:47:04.0613 3308 \Device\Harddisk1\DR1\Partition0 - ok
11:47:04.0616 3308 Boot (0x1200) (353d284b1c5e8c66836d376ed5178c07) \Device\Harddisk5\DR5\Partition0
11:47:04.0617 3308 \Device\Harddisk5\DR5\Partition0 - ok
11:47:04.0618 3308 ============================================================
11:47:04.0618 3308 Scan finished
11:47:04.0618 3308 ============================================================
11:47:04.0624 4636 Detected object count: 0
11:47:04.0624 4636 Actual detected object count: 0

Attached Files

  • Attached File  MBR.zip   569bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 21 December 2011 - 01:48 PM

I missed resetting your HOSTS file.

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Picture of HostsXpert
http://www.mvps.org/winhelp2002/hoster.gif

How is it now?

#9 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 22 December 2011 - 10:45 AM

I tried to "Restore MS Hosts file" but it doesn't seem to be working. I've attached screenshots in the word document attached that show the issue.

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 23 December 2011 - 09:05 AM

The file has been reset to the Windows 7 default.

Is the problem persisting?

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 29 December 2011 - 10:59 AM

Are you still with me?

#12 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 29 December 2011 - 11:03 PM

Hi Nasdaq,

I must apologize. I haven't been at my infected computer (at home) for the past week. I'll be back on Sunday night and can check it over.

Todd

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 30 December 2011 - 11:11 AM

Will be here for an other 5 days.

#14 Doczx

Doczx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:40 AM

Posted 04 January 2012 - 01:54 PM

Hi nasdaq,

The redirects are very rare now, but they have been happening about once every day. Should I be worried?

Todd

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:40 PM

Posted 04 January 2012 - 03:34 PM

Click the Posted Image button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

OR if this fails.

You may need to run CMD - Command Prompt on Vista - Windows 7 with Elevated Privilege
http://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/
===

If still getting some redirection issues continue with this.

Launch Notepad, and copy/paste all the blue instructions below to it.
Save in: Desktop
File Name: fixme.reg
Save as Type: All files
Click: Save

REGEDIT4
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]


Then, disconnect from the Internet!
Next,
Back on the Desktop, double-click on the fixme.reg file you just saved and click on Yes when asked to merge the information.

On a Vista or Windows 7 operating system right click on the fixme.reg file and run as Administrator.

Optional if the following programs are in your computer.
Note that since the Domains are deleted SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, also you have to re-install IE-SpyAd if installed.

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users